Privacy Policy

• Account dataWhen you sign in with Google we store your Google account email and user identifier, and a Google OAuth refresh token scoped to the Google Docs API (https://www.googleapis.com/auth/documents).
• Session dataFor each writing session we store: the Google Doc ID you target, the text you paste, the compiled operation sequence, session status, and timestamps. This is retained only for the lifetime of the session, after which you may delete it.
• Billing dataIf you upgrade to Pro we store a Paystack customer code, plan code, and subscription status. Payment card details are handled entirely by Paystack and never reach our servers.
• Operational logsStandard request logs, error traces, and rate-limit counters used to diagnose failures and prevent abuse.

EvidenceWriter’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• We useThe Google Docs scope strictly to read the document structure you select (to verify access) and to write text into that document via documents.batchUpdate, only while an active session is running.
• We do notuse Google user data to serve advertising; sell or transfer Google user data to third parties; allow humans to read Google user data except where you have granted explicit consent, where required for security, to comply with applicable law, or to operate and debug the service under strict access controls.
• We do notuse Google user data to train generalised or third-party machine learning or AI models.

All application data is stored in a Supabase Postgres database in a region we control. Refresh tokens are encrypted at rest using Supabase Vault. Backups are encrypted. The database enforces row-level security so that users can only read their own records. Infrastructure access is limited to the builder and is logged.

We do not sell or rent personal information. We share data only with the minimum set of service providers required to operate the product: Google (Docs and Identity), Supabase (hosting and database), Paystack (payments), and our serverless worker platform. Each provider’s access is scoped to what they need to perform their function.

You can, at any time:

• Revoke accessVisit myaccount.google.com/permissions and remove EvidenceWriter to revoke our Google Docs access.
• Delete sessionsCancel or delete any session from the dashboard; its stored text and compiled ops are removed.
• Delete accountEmail privacy@africantechbro.ai to request account deletion. We will erase account records, sessions, and stored tokens within 30 days of a verified request.
• ExportEmail the same address to request a copy of the data we hold about you.

Session text is retained until you delete the session or close the account. Refresh tokens are retained until you revoke Google access or delete the account. Billing records are retained for at least seven years to comply with South African tax and accounting law. Operational logs are rotated out within 90 days.

EvidenceWriter is intended for users aged 16 or older. We do not knowingly collect data from children under 16. If you believe a child has used the service, contact us and we will delete the associated records.

Questions, corrections, or requests can be sent to privacy@africantechbro.ai. ATB Labs, Cape Town, South Africa.

We may update this policy. Material changes will be surfaced in-app and by email to registered users. The date at the top of this page reflects the most recent revision.