Start Your BookGo from idea to first chapter in minutes
Pricing
PricingSimple plans for every kind of author
Start Creating
Legal

Privacy Policy

Last updated: June 3, 2026

This Privacy Policy explains how Anthra (“Anthra”, “we”, “us”) processes personal data when you create an account, write books, narrate chapters, publish them, or otherwise interact with our service at anthra.com (the “Service”). It is written to satisfy the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR.

1. Data controller

Anthra is the data controller for personal data processed through the Service. Questions about this policy, data-subject requests, and complaints can be sent to will.schulz@aw3.tech. Security disclosures can be sent to will.schulz@aw3.tech.

2. What we collect and why

2.1 Account data

  • Name and email address you provide at signup.
  • Password hash (Argon2id); we never store your password in clear text.
  • OAuth identifiers and tokens when you sign in with Google or GitHub.
  • Timestamps recording your acceptance of these Terms and Privacy Policy.

Legal basis: performance of the contract you enter into by creating an account (Art. 6(1)(b) GDPR).

2.2 Content you create

  • Book premises, prompts, outlines, prose, illustrations, narration audio, author notes, and style preferences.
  • Saved AI-agent conversations and the messages exchanged with the writing assistant.
  • Collaborator invites (the email addresses you invite).

Legal basis: performance of the contract; you control whether each book is private, unlisted, or public.

2.3 Operational telemetry

  • Sign-in events (event type, OAuth provider, timestamp) so you can see your own activity and we can investigate security incidents.
  • Tool-call audit log, generation runs, job records, and token-usage rollups used to debug failures, prevent abuse, and bill credits.
  • Rate-limit counters keyed on a short-lived IP-derived identifier (held in memory, not persisted long-term).

Legal basis: our legitimate interest in operating a secure, reliable service (Art. 6(1)(f) GDPR). We retain these records for 90 days and then delete them.

2.4 Reader analytics on published books

When a visitor opens a published book or plays a chapter we log a coarse, pseudonymous identifier derived by HMAC from the visitor’s IP address, user agent, and a daily server-side key that we do not retain. We use this only to count unique readers and identify drop-off points. We do not link this to any individual reader.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR). You can object — see Section 9.

2.5 Cookies

We use cookies that are strictly necessary to keep you signed in and to protect the Service from CSRF attacks. We do not use advertising or cross-site tracking cookies. See our Cookie Policy for details and controls.

3. How long we keep data

  • Account data: while your account is active, plus up to 30 days after deletion to allow reversal of a destructive request.
  • Books and chapters: until you delete them, with a 30-day soft-delete window before permanent removal.
  • Agent conversations: until you delete them or your account.
  • Operational telemetry: 90 days, then permanently deleted by a daily cron job.
  • Reader analytics: 90 days for individual events, aggregated indefinitely.
  • Backups: rolling encrypted backups for up to 30 days.

4. Who we share data with (sub-processors)

We use carefully selected service providers (“sub-processors”) under Article 28 GDPR data-processing agreements. The current list:

  • Vercel Inc. (USA) — hosting, edge network, function execution, blob storage for cover images and audio.
  • Neon (Databricks Inc.) (USA/EU) — managed PostgreSQL database.
  • Anthropic, PBC (USA) — Claude language models for outline and prose generation, called via the Vercel AI Gateway with zero data retention.
  • Perplexity AI Inc. (USA) — Sonar models for optional research grounding.
  • ElevenLabs, Inc. (USA) — text-to-speech narration.
  • Resend, Inc. (USA / EU region) — transactional email (verification, password reset).
  • cred.diy (USA, on Supabase) — credit ledger and checkout for paid usage.
  • GitHub, Inc. and Google LLC (USA) — optional OAuth identity providers.

A current, dated sub-processor list is maintained in our public repository and is available on request. We notify you at least 14 days before adding a new sub-processor that handles personal data.

5. International transfers

Most of our sub-processors are based in the United States. Where personal data is transferred outside the EEA / UK we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU–US Data Privacy Framework. A copy of the relevant SCCs and a description of supplementary measures can be obtained from will.schulz@aw3.tech.

6. Security

We protect personal data with industry-standard controls: TLS in transit; encrypted storage at the sub-processor layer; Argon2id password hashing; per-tenant access scoping; rate limiting; CSRF defenses; isolated secret storage; and least-privilege access for engineers. We disclose confirmed personal-data breaches to the competent supervisory authority within 72 hours where required and notify affected users without undue delay.

7. AI provider data handling

Prompts, premises, and chapter prose are sent to Anthropic, Perplexity, and ElevenLabs to produce the requested output. We call these providers via the Vercel AI Gateway under a zero-data-retention configuration where supported. We do not consent to providers using your content to train models.

8. Children

Anthra is not directed to children under 16, and we do not knowingly collect personal data from anyone under that age. If you become aware that a child has provided us with personal data, contact will.schulz@aw3.tech and we will delete it.

9. Your rights

Under the GDPR and UK GDPR you have the right to:

  • Access the personal data we hold about you — available from your account page as a JSON export.
  • Rectify inaccurate data — change your name, email, and content directly from your account.
  • Erase your data — delete your account from your account page. We hard-delete account, books, chapters, agent conversations, audit records, and operational telemetry within 30 days and instruct sub-processors to do the same.
  • Restrict or object to processing based on legitimate interest — email will.schulz@aw3.tech and we will action the request within 30 days.
  • Withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Data portability — the JSON export above is in a structured, commonly used, machine-readable format.
  • Lodge a complaint with your local supervisory authority. EU residents can find theirs at edpb.europa.eu; UK residents can contact the Information Commissioner’s Office at ico.org.uk.

10. Marketing email

We send transactional email (verification, password reset, billing receipts) on the legal basis of contract performance and cannot opt out of these while you have an account. We send marketing email only if you explicitly opted in at signup; you can unsubscribe at any time using the link in any marketing email.

11. Changes to this policy

If we make material changes we will notify signed-in users by email and in-product, at least 14 days before the change takes effect. Material changes will require renewed acceptance. The effective date at the top of this page is the date of the current version.