Privacy Policy

Last updated: April 24, 2026

handwritten.md (“we”, “us”) operates the web service at handwritten.md. We take privacy seriously because the data you upload is deeply personal — handwritten journals, study notes, ideas, and plans. This policy explains exactly what we collect, what we don't, and how long we keep it.

What we collect

  • Account information. Email address, optional name and profile photo, hashed password (handled by Clerk), and authentication metadata.
  • Usage metadata. Number of pages transcribed, job timestamps, page counts per billing period, error rates. We do not store the content of your notes against your account.
  • Payment information. Handled entirely by Stripe. We never see or store your card details. Stripe returns a customer ID we use to look up subscription status.
  • Anonymous product analytics. Page views, feature usage, and error events identified by your Clerk user ID — never by email — and only with your cookie consent. PostHog is hosted in the EU.

What we don't collect

  • Your note content, long-term. Photos and PDFs you upload are processed in memory and stored in a per-job temporary folder for the duration of transcription. They are deleted automatically by a scheduled purge within 60 minutes of upload.
  • The transcribed markdown, long-term. The markdown we generate lives on the server only until you download it and the same 60-minute purge fires.
  • Tracking or advertising cookies. We don't run ads and we don't share data with ad networks.

How long we keep things

  • Uploaded photos & generated markdown: deleted within 60 minutes.
  • Account & subscription records: retained while your account is active. Deleted within 30 days of account deletion (a brief grace period prevents accidental loss and allows reuse of the email).
  • Audit logs (security events): kept for 12 months for fraud and abuse review.
  • Anonymous analytics: retained per the PostHog default (12 months) and aggregated thereafter.

Third-party processors

We use the following sub-processors. Each handles a specific function and is bound by their own privacy commitments.

  • Clerk — authentication, session management, user records.
  • Stripe — payments, subscription billing, invoicing, tax.
  • Google (Gemini) — handwriting transcription via the Gemini API. Per Google's API policy, paid Gemini API content is not used to train their models.
  • Resend — transactional email delivery.
  • PostHog (EU host) — anonymous product analytics, opt-in via the cookie banner.
  • Sentry — error tracking. Configured with PII scrubbing on, no request bodies captured.
  • Replit / Neon — managed PostgreSQL hosting in the United States.

Your rights

Under GDPR (EU), CCPA (California), and equivalent laws elsewhere you have the right to:

  • Access the data we hold about you — download a JSON export from Settings → Data.
  • Delete your account and associated data — also from Settings → Data. Stripe subscription is cancelled in the same flow.
  • Correct account information from Settings → Profile.
  • Port your data using the same JSON export.
  • Object to analytics processing by switching your cookie consent to “essential only”.

Children

handwritten.md is not directed to children under 13. We do not knowingly collect personal information from children under 13.

International transfers

Our database and primary processing happen in the United States. PostHog analytics are hosted in the EU. By using the service you consent to your data being processed in the United States.

Contact

Privacy questions, deletion requests, or anything else: privacy@handwritten.md.