Skip to main content

Privacy Policy

Last updated: April 7, 2026

This document is a draft pending legal review. The commitments it describes are the ones the code actually honors today. Once a lawyer has reviewed it, the last-updated date will change and any amendments will be logged in the changelog at the bottom.

1. What this covers

This policy describes how Döppelscript (“the service”) collects, uses, stores, and shares the data of people who visit doppelscript.com or create an account. It is written in plain English. Where we had to choose between being legally airtight and being readable, we chose readable; the terms of service at /terms carries the binding commitments.

2. What data we collect

We collect only what the service needs to function:

  • Account data: your email address, a hashed password (if you sign up with a password rather than a social provider), and the time you signed up. We never store your plaintext password.
  • Voice profiles: the rules and patterns we extract from your writing samples, along with any labels or vocabulary preferences you edit. These are scoped to your account and not visible to anyone else.
  • Generated posts and edits: the drafts Döppelscript generates for you and the final text you save, for your own history. We do not share these with anyone.
  • Temporarily: uploaded corpus files. Files you upload to train a voice profile are stored in Cloudflare R2 only until the voice profile is built (usually within a minute or two). Immediately after the profile is built, the file is deleted from storage. The raw text of your uploaded samples is never written to the database.
  • Billing metadata (when you purchase credits): Stripe handles all payment data. We never see your card number. Döppelscript only stores the fact that a purchase happened, the amount, and the Stripe customer ID so we can apply credits to your account.
  • Server logs (temporarily): the server logs request paths, response codes, and basic timing information for debugging. Logs are retained for up to 30 days and do not contain the contents of your generations or writing samples.
  • OAuth tokens (only if you connect a platform): if you connect LinkedIn, Medium, or another platform to import past posts, the access token is stored encrypted and used only to fetch the content you asked us to import. You can revoke access at any time from your platform's settings.

3. What data we do not collect

  • No analytics tracking in the default build. There is no Google Analytics, no Segment, no PostHog by default. If we add analytics in the future, it will be named here and you will be able to opt out.
  • No behavioral advertising. Döppelscript does not show ads, does not track you across sites, and does not sell your browsing history.
  • No training on your data. Your writing samples, voice profiles, and generated posts are never used to train Döppelscript's own models (there are none) or any third party's models. Every generation calls Anthropic's Claude API, and Anthropic's API terms explicitly state that API submissions are not used to train their models.
  • No persistent storage of your raw writing samples. This is worth naming twice. We extract the patterns, we delete the file.

4. Third parties your data touches

Döppelscript uses a small number of infrastructure providers. Each one is named here, along with what data they see:

  • Anthropic (AI generation): sees the text of your generation prompts and receives your voice profile rules as part of the prompt. Does not store submissions for training.
  • Stripe (payments): sees your email and payment method. Döppelscript never sees your card details.
  • Cloudflare R2 (temporary file storage): sees the raw file you upload to build a voice profile, only until the profile is built. After that, the file is deleted.
  • Neon (database): stores everything described in section 2 above.
  • Railway and Vercel (hosting): run the server and frontend. Have access to request logs but not to your generations or voice profiles.

Döppelscript does not share data with anyone else. We do not sell, rent, lease, or barter your data. If we are ever ordered by a court to turn over data, we will comply with the specific legal order and tell you about it unless we are legally prevented from doing so.

5. How long we keep your data

  • Raw uploaded corpus files: deleted immediately after the voice profile is built (within 24 hours of upload in the worst case).
  • Voice profiles, generation history, settings: kept until you delete them yourself (via the Delete Profile button) or until you delete your account.
  • Server logs: up to 30 days, then automatically purged.
  • Billing records Stripe requires us to retain: kept for the legally mandated period (typically 7 years in most jurisdictions). This is your email hash and the transaction amounts. No card details, no addresses beyond what Stripe already has.

6. Your rights

You have the right to see what data we have about you, to correct it, to delete it, to export it, and to object to how we process it. Döppelscript honors these rights regardless of which jurisdiction you are in, because that is the right default even in jurisdictions that do not require it.

To exercise any of these rights, email support@doppelscript.com from the address on your account. Responses come within one business day under normal circumstances. For the specific right to erasure, see the Account deletion section in the FAQ.

7. Cookies

Döppelscript uses a single session cookie (named sid) to keep you logged in between visits. The cookie is httpOnly, secure in production, and expires after 7 days of inactivity. That is the only cookie the service sets. There are no tracking cookies, no advertising cookies, no third-party cookies of any kind.

8. Data breaches

If we ever discover that Döppelscript user data has been accessed by an unauthorized party, we will notify affected users by email within 72 hours of confirming the breach, along with a plain-English explanation of what was exposed and what you should do. This commitment applies regardless of whether the jurisdiction you are in requires it.

9. Changes to this policy

If we change this policy in a way that affects what we collect or how we use your data, we will notify you by email before the change takes effect and update the last-updated date at the top of this page. Trivial changes (spelling fixes, clarifications that do not alter the meaning) can be made without notification.

10. Contact

Questions about privacy, data handling, or anything in this document? Email support@doppelscript.com. The human you reach is Ian Greenough, the person who built Döppelscript. Döppelscript is a one-person product, which means privacy questions reach the same inbox as feature requests and bug reports; that inbox is monitored daily.

Changelog

  • 2026-04-07: Initial draft committed. Pending legal review.
Back to home