Privacy Policy

warrantd is a web-based writing tool that makes argument structure visible. It helps researchers, journalists, and anyone doing evidence-backed writing build, connect, and strengthen structured arguments. This policy explains how we handle your data.

We make money from subscriptions and credit purchases, not your data. We do not sell personal information or share it for advertising.

When you use warrantd, we collect the following:

• Account information: email address, name, and avatar (if you sign in with Google). We detect .edu email domains to determine academic tier eligibility. Authentication credentials are managed by Supabase Auth.
• Content you create: documents, argument scaffolds, sources, annotations, and project metadata. This is your work and belongs to you. We claim no ownership of your content.
• Uploaded files: PDFs you upload to your source library are stored in Supabase Storage and accessible only to your account.
• Usage and credits: AI credit usage (monthly count and purchased balance), credit purchase history, and subscription tier.
• Third-party integration credentials: if you connect Zotero, we store your Zotero user ID and API key server-side. Your Zotero API key is never exposed to the browser or included in any client-side response.
• Usage analytics: feature interactions and session data collected via PostHog. We never include your document content, scaffold content, or source text in analytics events.
• Error diagnostics: application errors and exceptions collected via Sentry. Document content, scaffold content, and source text are stripped from all error reports before they are sent.
• Consent records: when you agree to our Terms of Service and Privacy Policy, we record the date and version of each document you accepted.
• Local preferences: theme (light/dark) and editor font size are stored in your browser only. These are never sent to our servers.

• To provide the service: your documents, scaffolds, and sources are stored so you can access and edit them.
• AI analysis: when you use an AI feature, relevant excerpts from your content are sent to Anthropic (Claude) for analysis. For scanned PDFs, text is extracted via Mistral OCR. These providers process your data on demand and do not use it for model training.
• Error tracking: we use Sentry to monitor application errors. Document content, scaffold content, and source text are stripped from all error reports before they are sent.
• Analytics: we use PostHog to understand how features are used so we can improve the product. Analytics events never contain your writing or source material.

warrantd uses AI to analyze argument structure, not to write for you. When you trigger an AI action, only the minimum necessary content is sent to the AI provider. Your content is never used to train AI models. Anthropic processes AI requests in the United States. Mistral, an EU-based company, processes OCR requests in the European Union. For complete details, see our AI Supplementary Terms.

All data is stored in Supabase with row-level security (RLS) policies. This means your documents, sources, and scaffolds are only accessible to your authenticated account at the database level. API keys and secrets are stored server-side and are never exposed to the browser. PDF files are stored in Supabase Storage with access scoped to your account. We implement administrative, technical, and physical safeguards to protect your data.

We use the following third-party services to operate warrantd. For a detailed list including data categories and locations, see our Sub-processor List.

• Supabase — authentication, database, and file storage
• Anthropic (Claude) — AI analysis of argument structure
• Mistral — OCR text extraction for scanned PDFs
• Sentry — error monitoring (content stripped)
• PostHog — product analytics (content excluded)
• Vercel — application hosting
• Crossref — DOI metadata lookup for citation import
• Jina AI — web article text extraction for source import
• Stripe — payment processing (when enabled)
• Zotero — bibliographic metadata lookup (user-initiated, opt-in only)

• Essential cookies: Supabase sets authentication session cookies (HttpOnly, Secure) to keep you signed in. These are required for the service to function.
• Payment cookies: Stripe sets fraud prevention cookies when payment features are enabled. These are essential for transaction security.
• Analytics cookies: PostHog may set analytics cookies when enabled. These are non-essential.

We do not use advertising cookies or third-party tracking cookies. We do not sell your personal information or share it for cross-context behavioral advertising. We honor Global Privacy Control (GPC) and Do Not Track signals as valid opt-out requests.

We retain different categories of data for different periods, based on the purpose of collection and legal requirements.

Backup copies may persist for up to 30 days during standard rotation cycles. Anonymized or aggregated data that is no longer linked to your account may be retained indefinitely.

You can exercise the following rights at any time through two methods: self-service in the app, or by emailing privacy@warrantd.com.

• Access and export: export your documents using the export feature in the editor (Markdown or Word format), or request a copy of your data by email.
• Deletion: delete your account and all associated data from Settings, or request deletion by email. We respond to email requests within 45 days.
• Correction: request correction of inaccurate personal information by email.
• Data portability: use the in-app export features to download your documents in standard formats.

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act. We do not sell or share personal information as defined under CCPA/CPRA.

• Right to know: you may request details about the categories and specific pieces of personal information we collect, use, and disclose.
• Right to access: you may request the specific pieces of personal information we hold about you.
• Right to delete: you may request deletion of your personal information. You can do this directly from Settings, or by emailing us.
• Right to correct: you may request correction of inaccurate personal information.
• Right to opt out of sale: we do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes beyond what is necessary to provide the service.
• Non-discrimination: we will not discriminate against you for exercising your privacy rights.

Categories of personal information we collect

We do not collect categories C (protected characteristics), E (biometric), G (geolocation), H (sensory), I (professional), or J (education) information.

To exercise these rights, email privacy@warrantd.com. We will respond within 45 days. You may designate an authorized agent to make a request on your behalf. If we deny a request, you may appeal by emailing privacy@warrantd.com with "Appeal" in the subject line. We will respond to appeals within 45 days.

Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws have rights similar to those described in the California section above, including the rights to access, delete, correct, and opt out of certain processing. To exercise these rights, email privacy@warrantd.com. If we deny a request, you may appeal using the same email address.

warrantd is based in Washington state. We do not collect consumer health data as defined by Washington's My Health My Data Act (MHMDA). If this changes, we will update this policy and implement all required consent and disclosure mechanisms.

For Colorado residents: warrantd uses AI features as described in our AI Supplementary Terms. That document explains how AI processes your data, which providers we use, and what data is sent.

You retain full intellectual property rights to all content you create in warrantd, including documents, argument scaffolds, annotations, and source notes.

• We do not access your content except to provide the service or for technical support with your permission.
• Your content is never shared with academic integrity services, plagiarism detection tools, universities, or other researchers.
• If your writing contains human-subjects research data, you are responsible for your own IRB compliance.

This policy governs individual accounts. warrantd does not currently act on behalf of any educational institution. If your institution has a separate agreement with warrantd, those terms may supplement this policy.

warrantd is intended for individuals 18 years or older. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from someone under 18, please contact us at privacy@warrantd.com and we will promptly delete the information.

If warrantd is acquired, merged with another company, or sells substantially all of its assets, your personal information may be transferred to the successor entity. We will notify you via email or in-app notice before your data is transferred and becomes subject to a different privacy policy.

warrantd may contain links to third-party websites, such as source URLs, DOI links, or citation references. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

We may update this policy as the product evolves. For material changes, we will provide at least 30 days' advance notice via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

Questions about this policy? Email us at hello@warrantd.com. For privacy-specific requests, email privacy@warrantd.com.

Mailing address: [Your mailing address here]

See also: Terms of Service · AI Supplementary Terms · Sub-processors