Napisati ("we", "us", "our") operates the website napisati.com and the Napisati application (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, and how you can exercise your rights under the General Data Protection Regulation (GDPR) and applicable Portuguese and EU law.
The data controller is Napisati, reachable at privacy@napisati.com.
When you create an account we collect your email address and, optionally, your full name. This is necessary to provide the Service and is processed on the legal basis of contract performance (Art. 6(1)(b) GDPR).
We store the text you write, generate, and save inside the app — including generation inputs, outputs, style rules, generation types, and content library items. This data is yours and is processed to provide the core features of the Service. Legal basis: contract performance.
When you give feedback on generated text (e.g. "never do this again"), we store that feedback as style rules associated with your account. This is the core learning mechanism of Napisati and is processed on the basis of contract performance.
Payments are handled by Stripe, Inc. We store your Stripe customer ID and subscription status. We do not store or process card numbers — these are handled exclusively by Stripe. Legal basis: contract performance and legal obligation.
We may collect metadata about API requests (timestamps, generation counts, token usage) for the purpose of enforcing plan limits and preventing abuse. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
If you use the Napisati browser extension, it captures the URL and text of web pages you explicitly save to your Content Library. No browsing activity is collected passively or without your action. Legal basis: contract performance.
Napisati uses the OpenRouter API to access AI language models (such as GPT-4o, Claude, and others). When you request a generation, your input text and your style profile context are sent to OpenRouter to produce a response. OpenRouter's Privacy Policy applies to data processed by their service.
We do not use your content to train AI models. Your text is used solely to generate the response you requested.
Your data is stored in the European Union. We use the following subprocessors:
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU (Frankfurt) |
| Stripe, Inc. | Payment processing | USA (SCCs applied) |
| OpenRouter | AI generation | USA (SCCs applied) |
| Resend | Transactional email | USA (SCCs applied) |
| Vercel | Application hosting | EU |
For transfers outside the EU, we rely on Standard Contractual Clauses (SCCs) as the legal transfer mechanism under Chapter V GDPR.
We retain your data for as long as your account is active. When you delete your account:
We may retain billing records for up to 7 years to comply with Portuguese tax and accounting law (Art. 6(1)(c) GDPR — legal obligation).
You have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@napisati.com. We will respond within 30 days. You also have the right to lodge a complaint with the Portuguese data protection authority (CNPD) at www.cnpd.pt.
We use only strictly necessary cookies required for authentication and session management (via Supabase Auth). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No consent banner is required for strictly necessary cookies under ePrivacy Directive Article 5(3).
The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at privacy@napisati.com.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the app at least 30 days before the changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.
For any privacy-related questions or requests:
Napisati
Email: privacy@napisati.com