Privacy Policy.

This Privacy Policy describes how Linnet (“Linnet,” “we,” “us,” or “our”) collects, uses, and shares information when you use our website at https://linnet.ink and our subscription service (collectively, the “Service”). Linnet is operated by Johnathan Klein, a sole proprietorship based in Michigan, United States.

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

We collect the following categories of information:

Account information. When you create an account, we collect your email address and a password. Passwords are stored as cryptographic hashes; we never have access to your plain-text password.

Payment information. If you subscribe to a paid plan, payment is processed by Stripe, Inc. Stripe collects and stores your payment details (such as credit card number) directly. We receive limited information from Stripe, including the last four digits of your card, billing country, and subscription status. We do not store full payment card numbers.

User-generated content. Content you create through the Service, including character profiles, generated stories, story chapters, notes, and any text you submit through “spark” or “tell the writer” fields. This content is stored in our database to provide the Service to you.

Usage information. Basic usage data such as story generation counts, pages visited, browser type, and approximate location derived from IP address. This information helps us operate, secure, and improve the Service.

Communications. If you contact us via email or other channels, we retain that correspondence to respond and improve our support.

2. How We Use Information

We use the information we collect to:

• Provide and maintain the Service, including generating stories, saving characters, and processing subscriptions
• Authenticate users and maintain account security
• Process payments and manage subscriptions
• Respond to inquiries and provide customer support
• Detect, prevent, and address technical issues, abuse, and security threats
• Send transactional emails (account confirmation, password reset, billing notifications)
• Comply with legal obligations

We do not use your information for advertising or for purposes unrelated to providing the Service.

3. AI Training Disclosure

We do not use your characters, stories, or other user-generated content to train artificial intelligence models, and we do not permit our service providers to do so.

When you generate a story, your character data and inputs are transmitted to Anthropic’s Claude API for the generation. Anthropic’s API has a default policy of not using API traffic to train its models. We similarly do not authorize OpenAI (whose moderation API we use to enforce content policies) to train on your content.

Your stories are yours. We do not claim ownership and do not use them to improve our systems or any AI system.

4. How We Share Information

We share information only with the following categories of recipients, and only as necessary to provide the Service:

Service providers we rely on:

• Stripe (Stripe, Inc.) — payment processing
• Anthropic (Anthropic, PBC) — AI story generation via the Claude API
• OpenAI (OpenAI, Inc.) — content moderation only; we do not use OpenAI for story generation
• Supabase (Supabase, Inc.) — database, authentication, and storage
• Vercel (Vercel, Inc.) — application hosting and edge functions
• Resend (Resend, Inc.) — transactional email delivery
• Upstash (Upstash, Inc.) — rate limiting and caching infrastructure

Each of these providers has its own privacy policy governing how it handles data. We have entered into reasonable agreements with these providers to require appropriate data protection.

Legal compliance. We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers. If Linnet is acquired, merged, or sells substantially all of its assets, your information may be transferred as part of that transaction. We will provide reasonable notice before your information becomes subject to a different privacy policy.

We do not sell your personal information to third parties for any purpose. We do not share your information for cross-context behavioral advertising.

5. Cookies and Similar Technologies

We use cookies only to maintain your authenticated session. We do not use third-party tracking cookies, advertising cookies, or analytics cookies that profile you across other websites.

You can disable cookies in your browser settings, but doing so will prevent you from signing in or using authenticated features of the Service.

6. Data Retention

We retain your information for as long as your account is active. If you delete your account, we will delete your characters, stories, and account information within 30 days, except where we are required to retain certain information for legal, accounting, or fraud-prevention purposes (such as payment records, which we retain as required by applicable tax and financial regulations).

Anonymized or aggregated data that cannot be linked back to you may be retained for analysis and service improvement.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access. You may request a copy of the personal information we hold about you.
• Correction. You may correct inaccurate or incomplete information.
• Deletion. You may request deletion of your account and associated content.
• Portability. You may export your characters and stories at any time through the Service. We support data portability as a core product feature.
• Objection or restriction. You may object to or request restriction of certain processing.
• Withdraw consent. Where we rely on consent, you may withdraw it.

To exercise any of these rights, contact us at the email address in Section 13. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

California residents: Under the California Consumer Privacy Act (CCPA), you have the rights described above. We do not sell personal information, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under California law. We do not knowingly collect personal information from anyone under 18.

European Economic Area, United Kingdom, and Switzerland residents: Under the General Data Protection Regulation (GDPR) and equivalent laws, you have the rights described above. The legal bases on which we process your data include performance of a contract (to provide the Service), legitimate interests (security, service improvement), and consent where applicable. You also have the right to lodge a complaint with your local data protection authority.

8. Children’s Privacy

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International Data Transfers

Linnet is based in the United States, and our service providers are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States or other countries where our providers operate. Where required, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to lawfully transfer personal data internationally.

10. Security

We implement reasonable technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (HTTPS), encryption at rest for sensitive fields, secure authentication, rate limiting, and access controls.

No security system is perfect. We cannot guarantee absolute security, and you use the Service at your own risk.

11. Third-Party Links

The Service may occasionally link to third-party websites or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of any third-party site.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. For material changes, we will provide reasonable notice — typically by email or a prominent notice on the Service — before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions, requests, or concerns about this Policy or our handling of your information, please contact:

We will respond within a reasonable period and typically within 30 days.

This Privacy Policy is provided to give you transparent information about how Linnet handles your data. It is not legal advice. We recommend you consult with qualified legal counsel about your own data practices.

Questions? Email support@linnet.ink