Privacy Policy

Last updated: April 27, 2026 · Version 1.0.0 · Effective: April 27, 2026

EDUCATIONAL TEMPLATE NOTICE. This document is a template drafted for the Unbind product. It is intended to be 99.99% production-ready, but the operating legal entity, registered address, lead supervisory authority, and EU/UK representative must be confirmed by qualified counsel before public use.

Unbind, Inc. (“Unbind,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our website (the “Site”), our web and desktop applications (collectively, the “Service”), and any related services we offer.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Service.

Who we are
Scope of this policy
Personal data we collect
How we collect personal data
How we use personal data
Legal bases for processing (EEA / UK)
How we share personal data
Sub-processors
International data transfers
Data retention
Data security
Your rights
How to exercise your rights
California privacy rights (CCPA / CPRA)
Other US state privacy laws
Children’s privacy
Cookies and similar technologies
AI features and your content
Desktop application and offline data
Automated decision-making and profiling
Do Not Track / Global Privacy Control
Marketing communications
Changes to this policy
Contact us

1. Who we are

The data controller responsible for your personal data under this Policy is:

Unbind, Inc. [Registered Street Address] [City, State / Province, Postal Code] [Country] Email: [email protected]

For users in the European Economic Area (EEA) and the United Kingdom (UK), our representative under Article 27 GDPR / UK GDPR is:

[EU/UK Representative — to be appointed before public launch]

If you have questions about this Policy or about how we handle your personal data, please contact us at [email protected].

2. Scope of this policy

This Policy applies to personal data we collect when you:

visit the Unbind marketing website (unbind.app or any equivalent domain operated by us);
create or use an Unbind account;
use the Unbind web or desktop application to author projects, collaborate with others, or export manuscripts;
contact our customer support team;
subscribe to a paid plan; or
otherwise interact with us, for example through email, social media, or in-product feedback.

This Policy does not cover the practices of third-party services that you may connect to Unbind (for example, an OAuth login provider or a payment processor), except where those third parties act as our service providers under our instructions. Where you authorise a third-party integration, that third party’s own privacy policy will also apply.

3. Personal data we collect

We collect the categories of personal data described below. We do not collect more than we need, and we never collect special-category data (“sensitive” data, such as health, biometric, or precise geolocation data) unless you choose to put such information into a project you author and explicitly upload it to us.

3.1 Account and identity information

Email address (required to create an account and receive service-critical messages).
Display name (optional; chosen by you).
Password stored as a salted, slow-hashed digest using bcrypt or an equivalent algorithm — we never store your password in plain text.
Profile information you choose to provide, such as pronouns, biography, social profile links, or avatar image.
Authentication identifiers when you sign in with a third-party identity provider (Google or Apple): a stable subject identifier, your email address, and your display name as exposed by that provider.

3.2 Billing information

If you subscribe to a paid plan, our payment processor Stripe collects and processes:

Cardholder name, billing address, and country.
Payment instrument details (credit or debit card number, expiry, security code; or PayPal account identifier where supported).
VAT or local tax identifier (if you provide one).

We do not receive or store your full card number. Stripe shares with us only a tokenised reference, the last four digits of the card, the brand, the expiry month and year, and the country of issuance — solely so we can show you which card is on file and process renewals you have authorised.

3.3 Project content (your “Customer Content”)

The substance of what you author in Unbind, including:

story elements you create — characters, locations, events, chapters, lore items, notes, and groups;
canvas layout, viewport, zoom, and the connections between elements;
chapter manuscripts, including text, formatting, and inline mentions;
comments, replies, mentions, and reactions you and your collaborators leave;
uploaded images (character portraits, location imagery, cover art, attachments);
export artefacts (PDF, EPUB, DOCX) you generate from your projects;
project metadata such as titles, descriptions, tags, status, theme, and publishing-pipeline progress.

You retain all rights in your Customer Content. We process it solely to provide the Service, as described in Section 5.

3.4 Collaboration and team data

Invitations you send (recipient email, role).
Collaborator role assignments (Owner, Editor, Commenter, Viewer).
Presence and last-seen indicators when real-time collaboration is enabled.
Shared comment threads, mentions of users, and reactions.

3.5 Device and technical data

We automatically collect limited technical data when you use the Service:

IP address and approximate (country / region) location derived from it.
Browser type, browser version, and language.
Operating system and device type (desktop, tablet, mobile).
Application version and platform (web, desktop-mac, desktop-win).
Screen resolution and locale.
Crash reports and error logs (stack traces with no user content embedded).
Pages visited, features used, and timestamps of those events (only with your consent — see Section 17).

3.6 Communications data

Support tickets, bug reports, and any attachments you send to us.
Survey responses, beta-program feedback, and in-app feedback widget messages.
Email messages you send to us, including headers and any attached files.
Social-media interactions when you publicly tag or message us on a third-party platform (we receive whatever that platform makes available).

3.7 Optional contact information

If you contact us by phone or post — for example, to make a Data Subject Request that you do not wish to send by email — we will collect:

the phone number you call from or provide; and
the physical address you write to us from or specify for a postal response.

We do not require a phone number to create an account, and we do not require a physical address to use the Service. We collect these only when you provide them to us.

If you choose to add a social-media profile link to your Unbind profile, we will store that URL or handle. We do not import, scrape, or back-fill data from social-media platforms about you.

When applicable law requires consent (for example, for non-essential cookies or for marketing emails), we keep an immutable record of:

the version of the notice you saw;
the choices you made;
the date, time, and IP address of your action;
the user agent of the browser you used; and
where applicable, the GPC signal we observed.

We retain this record so that we can demonstrate compliance with GDPR Article 7(1) and equivalent laws.

4. How we collect personal data

We collect personal data in three ways:

Directly from you — when you register, log in, fill in a form, upload content, send us a message, or configure your account.
Automatically — when you interact with the Site or Service, our servers and (with your consent) our analytics provider record events such as feature usage and error reports.
From third parties — limited information from identity providers (Google, Apple) when you choose social sign-in, and tokenised payment data from Stripe when you subscribe.

5. How we use personal data

We use personal data only for the purposes set out below.

5.1 To provide and maintain the Service

Create and authenticate your account, including via Google or Apple sign-in.
Store and synchronise your projects across devices and collaborators.
Render the canvas, list, planning, timeline, and storyboard views.
Process collaboration invitations and manage team permissions and roles.
Generate exports (PDF, EPUB, DOCX) from your projects.
Display your billing status, plan limits, and entitlements.

5.2 Billing and payment processing

Process subscription payments through Stripe.
Manage upgrades, downgrades, prorations, refunds, chargebacks, and tax compliance.
Detect and prevent fraudulent payment activity.
Issue invoices and receipts.

5.3 Analytics and product improvement

With your prior, opt-in consent, measure how users interact with the Service via PostHog (events, feature usage, funnel completion, session replay if enabled).
Diagnose performance issues and prioritise improvements.
Aggregate and anonymise usage data to inform roadmap decisions.

We do not combine analytics data with profile data to build behavioural advertising profiles. We do not sell your personal information.

5.4 Customer support

Respond to your questions, requests, and complaints.
Investigate and resolve technical issues.
Maintain a record of your interactions with our support team.

5.5 Service communications

Send service-critical emails (account verification, password reset, security alerts, billing notices, mandatory legal notices).
Notify you of changes to the Service or these legal documents.

If you opt in, we may send you product updates, release notes, tips, and occasional offers. You can withdraw consent at any time by clicking “unsubscribe” in any marketing email or by changing your preferences in your account settings. Service-critical messages are not marketing and cannot be unsubscribed from while your account is active.

5.7 Personalisation and advertising

Unbind does not currently run a personalised-advertising programme and does not show third-party adverts in the Service. If we ever introduce optional personalised content recommendations or partner offers, they will be opt-in and described in an updated version of this Policy with prior notice.

5.8 Security, fraud prevention, and abuse detection

Authenticate you, including optional two-factor authentication (2FA).
Detect and block account-takeover attempts, brute-force attacks, automated abuse, and policy violations.
Maintain audit and security logs.
Enforce our Acceptable Use Policy.

5.9 Legal compliance and protection of rights

Comply with applicable laws, regulations, court orders, and lawful government requests.
Establish, exercise, or defend legal claims.
Enforce our Terms of Service.
Protect the rights, property, and safety of Unbind, our users, and the public.

6. Legal bases for processing (EEA / UK)

If you are in the EEA or the UK, we rely on the following legal bases under Article 6 GDPR / UK GDPR:

Purpose	Legal basis
Providing the Service to you (account, projects, exports)	Contract — Article 6(1)(b)
Billing and payment processing	Contract — Article 6(1)(b)
Service-critical communications (verification, security alerts, billing)	Contract — Article 6(1)(b)
Security, fraud prevention, abuse detection	Legitimate interests — Article 6(1)(f) (keeping the Service safe)
Product improvement based on aggregated usage	Legitimate interests — Article 6(1)(f) (improving the Service we offer)
Non-essential cookies and analytics	Consent — Article 6(1)(a) and ePrivacy
Marketing emails	Consent — Article 6(1)(a)
Compliance with legal obligations (tax, accounting, court orders)	Legal obligation — Article 6(1)(c)
Establishment, exercise, or defence of legal claims	Legitimate interests — Article 6(1)(f)

You have the right to object at any time to processing based on legitimate interests. See Section 12.

We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

We share personal data only with the limited categories of recipients below, and only to the extent necessary:

7.1 Sub-processors (service providers acting on our behalf)

Our hosting, infrastructure, communications, analytics, and AI providers process personal data only on our written instructions and are bound by data-processing agreements that include the safeguards required by GDPR Article 28. The current list, with locations and the data they process, is in our Sub-processors document.

Categories include:

Cloud hosting and database providers.
Email-delivery (SMTP) providers for transactional and (with your consent) marketing emails.
Payment processor (Stripe), which processes billing data as an independent controller for fraud prevention and as our processor for the rest.
Analytics provider (PostHog), only after you give consent.
AI providers (Anthropic, OpenAI, and other model providers we may add), only when you actively use AI features in the product.
Customer-support and ticketing tooling.
Error- and crash-reporting tooling.

7.2 Marketing partners

We may share aggregated and anonymised statistics (for example, total monthly active users) with prospective investors, business partners, or in public-facing marketing material. We do not share identifiable personal data with marketing partners.

If we ever run a co-marketing or referral programme that involves sharing personal data with a partner, we will obtain your separate, specific opt-in consent first.

7.3 Other Unbind users you collaborate with

If you invite a collaborator, share a project, leave a comment, or @-mention another user, we will share with the relevant recipients the personal data needed to make collaboration work — typically your display name, avatar, email address (for invites), and the content of the comment or mention.

7.4 Regulatory authorities and law enforcement

We may disclose personal data when required to do so by law, in response to a valid subpoena, court order, or other legal process, or where necessary to protect the rights, property, or safety of Unbind, our users, or the public.

We assess every request, push back on overly broad demands, and notify affected users where we are legally permitted to do so.

7.5 Corporate transactions

If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or part of our business or assets, personal data may be transferred as part of that transaction. We will notify you (for example, by email and a prominent in-app notice) before personal data becomes subject to a different privacy policy.

8. Sub-processors

A current, complete list of our sub-processors — including their name, role, location, and whether the transfer is covered by Standard Contractual Clauses or an adequacy decision — is maintained at sub-processors.md.

We will notify you in advance (at least 30 days, except in the case of an emergency) of any addition or replacement of a sub-processor that processes Customer Content, so that you can object before the change takes effect.

9. International data transfers

Unbind is operated from [primary jurisdiction] and our infrastructure may be located in other countries — including the United States and the European Union. When personal data is transferred from the EEA, the UK, or Switzerland to a country that is not the subject of an adequacy decision, we rely on:

the EU Standard Contractual Clauses (2021/914/EU) and, where applicable, the UK International Data Transfer Addendum;
supplementary technical measures (encryption in transit and at rest, key management, access controls);
supplementary organisational measures (vendor due diligence, transfer-impact assessments); and
where available, certifications such as the EU-US Data Privacy Framework for participating US-based sub-processors.

A copy of the safeguards we use for a specific transfer is available on request to [email protected].

10. Data retention

We keep personal data only for as long as we need it for the purposes set out in this Policy, or for as long as applicable law requires. The defaults are:

Data category	Retention
Account profile data (email, display name, password hash, profile fields)	While your account is active. Deleted within 30 days of your account-deletion request.
Project content (canvas, manuscripts, images)	While the project exists. Permanently deleted when you delete a project (subject to backup purge — see below).
Collaboration data (invites, role assignments, comments)	Same as the underlying project.
Billing records (invoices, receipts, transaction logs)	Retained for 7 years to comply with tax and accounting laws.
Consent records (cookies, marketing)	Retained for 5 years to demonstrate compliance under GDPR Article 7(1).
Security and audit logs	Retained for 90 days for fraud prevention, incident response, and abuse detection.
Customer-support tickets	Retained for 24 months after the ticket is closed.
Analytics events (with consent)	Retained in identified form for 24 months, then aggregated/anonymised.
Crash and error logs	Retained for 90 days.
Encrypted backups	Purged within 30 days of a deletion event.

When the retention period ends, we either delete the data or irreversibly anonymise it.

11. Data security

We apply administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, and destruction. These include:

Encryption in transit — all traffic between your device and our servers is protected by TLS 1.2+ (“SSL encryption”).
Encryption at rest — databases and object storage are encrypted with industry-standard ciphers (AES-256 or equivalent). On the Unbind desktop application, locally cached data is additionally protected by the operating-system keychain via electron.safeStorage (AES-256).
Two-factor authentication (2FA) — available to all users; required for administrators.
Role-based access controls — least-privilege access for our employees and contractors. Access is logged and reviewed.
Periodic security audits — internal reviews and, where appropriate, independent third-party assessments and penetration tests.
Vulnerability management — automated dependency scanning, secret scanning, and a coordinated disclosure programme ([email protected]).
Data anonymisation and pseudonymisation — applied where feasible (for example, in long-term analytics aggregates).
Network and application security — WAF, rate limiting, brute-force protection, CSRF protection, and content-security policies.
Operational security — onboarding/offboarding controls, mandatory security training, screened contractors, and incident-response runbooks.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee absolute security. In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware, and we will notify you without undue delay where the breach is likely to result in a high risk to you, in line with GDPR Articles 33–34 and equivalent laws.

A plain-English summary of our security programme is available at security-overview.md.

12. Your rights

Depending on where you live, applicable law may give you some or all of the following rights in relation to your personal data:

Right of access — to obtain confirmation of whether we process your personal data and to receive a copy.
Right to rectification — to have inaccurate or incomplete data corrected.
Right to erasure (“right to be forgotten”) — to request deletion of personal data, subject to limited exceptions (for example, where we must retain it to comply with a legal obligation).
Right to restriction of processing — to ask us to limit how we use your data in defined situations.
Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format (we provide a JSON export).
Right to object — to object to processing based on legitimate interests, including any profiling, and to direct marketing at any time.
Right to withdraw consent — at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right not to be subject to a solely automated decision that produces legal or similarly significant effects, except as permitted by law.
Right to lodge a complaint with a supervisory authority — in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

13. How to exercise your rights

The fastest way to exercise most rights is from inside the Service:

Access and portability — Settings → Privacy → Export my data generates a JSON archive containing your account profile, projects, comments, and consent record.
Rectification — Settings → Profile lets you edit your account fields.
Erasure — Settings → Account → Delete my account triggers deletion within 30 days.
Cookie preferences — Settings → Cookie preferences (or the cookie banner) lets you change your choices.
Marketing preferences — Settings → Notifications or the unsubscribe link in any marketing email.

You can also email [email protected] at any time. We will:

acknowledge your request within 5 business days;
verify your identity in proportion to the sensitivity of the request;
respond within 30 days (extendable by up to two further months for complex requests, with notice to you); and
carry out our response free of charge, except where requests are manifestly unfounded or excessive.

If we cannot fulfil your request, we will explain why and tell you how to escalate.

14. California privacy rights (CCPA / CPRA)

If you are a resident of California, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) gives you the rights below. The “Personal Information” categories used here track Cal. Civ. Code § 1798.140.

14.1 Categories of Personal Information collected (last 12 months)

Category (Cal. Civ. Code § 1798.140(v))	Collected?	Source	Business purpose
A. Identifiers (name, email, IP, device IDs)	Yes	You; automatic	Account, security, support
B. Customer Records (Cal. Civ. Code § 1798.80) — billing address, payment information	Yes (via Stripe)	You	Billing
C. Protected classifications	No	—	—
D. Commercial information (subscriptions purchased)	Yes	You; Stripe	Billing, support
E. Biometric information	No	—	—
F. Internet/network activity (browser, page visits, feature usage)	Yes (analytics only with consent)	Automatic	Product improvement
G. Geolocation (country/region from IP)	Yes (coarse only)	Automatic	Security, fraud, localisation
H. Sensory data (audio, visual)	Only what you upload	You	Service provision
I. Professional or employment information	No	—	—
J. Education information	No	—	—
K. Inferences	Limited	Automatic	Product improvement
L. Sensitive Personal Information	No (we do not collect SPI as defined in CPRA § 1798.140(ae))	—	—

We do not sell Personal Information for monetary or other valuable consideration, and we do not “share” Personal Information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. We have not done so in the preceding 12 months and have no plans to do so. Because we do not sell or share, we are not required to operate a “Do Not Sell or Share My Personal Information” link, but we honour the Global Privacy Control (GPC) signal regardless.

14.3 Your California rights

Right to know — what categories of Personal Information we collect, the sources, the business or commercial purposes, and the categories of third parties with whom we share it.
Right to delete — to request that we delete Personal Information we collected from you.
Right to correct — inaccurate Personal Information.
Right to limit use of Sensitive Personal Information — not applicable, because we do not use SPI for inferential or other purposes that trigger this right.
Right to opt out of sale/sharing — not applicable, because we do not sell or share.
Right to non-discrimination — we will not deny service, charge a different price, or provide a different level of quality because you exercised your rights.

To exercise these rights, email [email protected] or use the in-product controls listed in Section 13. You may designate an authorised agent under Cal. Civ. Code § 1798.135(c) to act on your behalf; we will require written authorisation and will verify your identity directly.

14.4 California “Shine the Light”

We do not disclose Personal Information to third parties for those third parties’ direct marketing purposes within the meaning of Cal. Civ. Code § 1798.83.

14.5 Notice of financial incentive

We do not currently offer any financial incentive in exchange for the collection, sale, or retention of Personal Information.

15. Other US state privacy laws

If you are a resident of Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), or another US state with a comprehensive privacy law, you have rights similar to those described in Sections 12 and 14, including the rights to confirm processing, access, correct, delete, opt out of targeted advertising and sale, and (where applicable) appeal a decision we make about your request. To exercise any of these rights, email [email protected].

16. Children’s privacy

Unbind is a tool for adult creative professionals and is not directed to children. We do not knowingly collect personal data from children under 13 in the United States, under 16 in the EEA (or the lower age set by the relevant Member State), or under the equivalent age in any other jurisdiction.

If you believe a child has provided us with personal data, please contact [email protected] and we will delete the account and any associated data without undue delay.

17. Cookies and similar technologies

We use cookies, IndexedDB, localStorage, sessionStorage, and similar technologies to operate and improve the Service. Strictly necessary technologies (authentication, CSRF protection, load balancing, consent record itself) are exempt from consent under EU/UK ePrivacy rules. Non-essential technologies (analytics, optional product-improvement telemetry) are loaded only after you give consent through our cookie banner, and only as long as that consent remains in effect.

We honour the Global Privacy Control (GPC) signal: if your browser sends GPC, we treat that as a binding opt-out of all non-essential cookies and tracking, and we will not show you the consent banner.

For full details, see the Cookie Policy.

18. AI features and your content

When you use AI-powered features in Unbind (for example, Writer’s Compass, AI suggestions, or pipeline actions), Unbind sends the relevant context — typically the prompt you write together with the surrounding project content needed to produce a useful response — to one of our AI sub-processors (currently Anthropic and OpenAI, plus any others listed in sub-processors.md).

We have data-processing agreements in place with each AI sub-processor that:

prohibit them from using your content to train their general-purpose models without our explicit written authorisation, which we do not grant;
require them to delete prompts and responses after a short retention period (typically 30 days, used only for abuse detection);
bind them to industry-standard security practices.

You can disable AI features at any time from Settings → AI → Disable AI features. When AI is disabled, no prompts are sent to any AI sub-processor.

19. Desktop application and offline data

The Unbind desktop application stores a local copy of your projects on your device so you can keep working offline. That local copy is encrypted on disk using electron.safeStorage, which delegates key management to your operating system’s keychain (macOS Keychain, Windows DPAPI, or libsecret on Linux). When you next come online, the desktop client synchronises with our servers; conflicts are resolved using a “keep mine / load theirs / save as copy” model so that data is never silently overwritten.

If you uninstall the desktop application, the encrypted local store is removed from your operating-system user profile. You can also clear it manually from Settings → Local data → Clear cache inside the application.

20. Automated decision-making and profiling

We do not make decisions that produce legal or similarly significant effects about you using solely automated processing. AI features in the product generate suggestions, drafts, or summaries — they do not make decisions on your behalf. Any actions you take based on AI output are yours.

If we ever introduce automated decision-making within the meaning of GDPR Article 22, we will provide meaningful information about the logic involved, the significance, and the envisaged consequences, and we will give you a way to contest the decision and obtain human intervention.

21. Do Not Track / Global Privacy Control

Some browsers send a “Do Not Track” (DNT) signal. There is no industry consensus on how to interpret DNT, so we do not respond to DNT signals on their own.

We do honour the Global Privacy Control (GPC) signal as an opt-out of sale/sharing under the CCPA/CPRA and as a withdrawal of consent for non-essential cookies under EU/UK ePrivacy rules.

22. Marketing communications

We send marketing emails only with your prior, opt-in consent. Each marketing email contains a one-click unsubscribe link, and you can also manage email preferences from Settings → Notifications. Service-critical communications (account verification, password reset, security alerts, billing notices, mandatory legal notices) cannot be unsubscribed from while your account is active because they are necessary to provide the Service.

23. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

update the “Last updated” date at the top of the document;
post the updated version in this folder and in the in-app legal page; and
where the change is material, give you at least 30 days advance notice by email and a prominent in-app banner. Continued use of the Service after the effective date of a material change constitutes acceptance of the updated Policy.

A summary of past versions is kept in the repository’s commit history.

24. Contact us

If you have any questions, complaints, or requests about this Privacy Policy or our data practices, please contact us at:

Unbind, Inc. — Privacy Team Email: [email protected] Data Subject Requests: [email protected] Data Protection Officer: [email protected] Postal: [Registered Street Address], [City, State / Province, Postal Code], [Country]

If you are in the EEA or UK and you are not satisfied with our response, you have the right to lodge a complaint with your national supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en; UK residents can contact the Information Commissioner’s Office (ICO) at https://ico.org.uk/.

If you are in California, you may also contact the California Privacy Protection Agency at https://cppa.ca.gov/.