Privacy Policy

Last updated: May 24, 2026

1. Scope

This Privacy Policy explains how HandtextAI (“HandtextAI,” “we,” “our,” or “us”) handles information when you use the HandtextAI website, web editor, account pages, billing flows, support forms, document import, handwriting generation, and related online features at handtextai.com (together, the “Service”).

This policy does not give anyone permission to use the Service in a way that violates our Terms of Service. Your use of the Service is also governed by our Terms of Service.

2. Information We Collect

2.1 Information you provide

  • Account information: email address, name, profile image when available, sign-in provider details, account status, plan status, and account preferences. If you sign in with Google, we receive the basic profile information Google makes available for authentication, such as your email address, name, and profile image.
  • Document content: text, formatting, tables, math, images, document titles, settings, saved document versions, generated pages, and exported page assets that you create or save in the editor.
  • Uploaded files: files you import for document conversion, images you place in documents, and custom font files you upload on supported plans.
  • Support messages: name, email address, subject, message text, and related communication details when you contact us.
  • Billing information: subscription plan, billing interval, Stripe customer and subscription identifiers, invoice status, payment method type, card brand and last four digits, billing details provided through Stripe, and renewal or cancellation status. We do not store full card numbers.
  • Administrative support records: account notes, entitlement changes, cancellation status, document identifiers, storage metadata, and other limited records needed to troubleshoot account, billing, or document issues.

2.2 Information collected automatically

  • Usage and feature data: preview and generation activity, credit ledger entries, plan capability checks, import/export actions, error states, and rate-limit events.
  • Technical data: IP address, browser and device information, request headers, referral information, session data, locale preference, diagnostic logs, and similar information needed to operate and secure the Service.
  • Local browser data: editor settings, draft state, preview images, and generated preview metadata may be stored in your browser using local storage or IndexedDB so the editor can restore your work and avoid unnecessary reloads.

2.3 Sensitive content

The Service is not designed for highly sensitive personal information, regulated health information, government identifiers, payment card numbers, or confidential material that you are not allowed to process through an online tool. You are responsible for deciding what content you submit, upload, import, or save.

3. How We Use Information

We use information to:

  • provide, render, save, import, export, and restore handwritten-style documents;
  • authenticate users, maintain sessions, and protect accounts;
  • process subscriptions, invoices, credits, cancellations, and billing support;
  • send sign-in links, welcome messages, billing notices, support confirmations, and service emails;
  • apply plan limits, credit balances, feature access, and abuse-prevention controls;
  • debug errors, monitor reliability, prevent misuse, and secure the Service;
  • respond to support requests and administer user-requested account deletion;
  • comply with legal obligations and enforce our Terms of Service.

3.1 Legal bases where required

Where privacy law requires a legal basis for processing, we rely on the basis that fits the purpose: performance of a contract to provide the Service, legitimate interests in operating and securing the Service, consent where required for optional choices, and legal obligations for accounting, tax, safety, and compliance records.

3.2 Optional AI and import processing

If you use AI writing or document import features, the content you submit for those features may be sent to model or OCR providers so they can return the requested result. Do not use those optional features with content you are not permitted to process with a third-party provider.

4. How We Share Information

We do not sell personal information, and we do not knowingly share personal information for cross-context behavioral advertising. We share information only as needed for the purposes described in this policy.

4.1 Service providers

  • Authentication providers, including Google: to let you sign in and verify account ownership.
  • Stripe: to process checkout, subscriptions, invoices, billing portal access, payment status, and related records.
  • Resend: to deliver sign-in, account, billing, and support emails.
  • Sentry: to collect sanitized error, performance, and diagnostic information for reliability and debugging.
  • AI model and OCR providers: to process optional AI writing requests and document import requests that you initiate.
  • Hosting, database, storage, and rendering providers: to host the website, store account and document data, and generate previews or downloads.

These providers are allowed to process information only for the services they provide to us or as otherwise permitted by their own legal obligations. Their systems may be located in different countries from where you live.

4.2 Legal, safety, and business needs

We may disclose information if required by law, legal process, or a valid government request; to protect the rights, safety, and security of users, HandtextAI, or others; to investigate fraud, abuse, or security issues; or as part of a merger, acquisition, financing, or sale of assets.

5. Storage and Retention

We keep information for as long as needed to provide the Service, maintain records, resolve disputes, comply with law, and protect against abuse.

  • Account records are kept while your account is active and for a reasonable period afterward if needed for legal, security, or accounting purposes.
  • Saved documents, generated pages, embedded images, imported files, and custom fonts are stored for your account until you delete them, delete your account, or they are removed through maintenance or support workflows.
  • Billing records are kept as needed for subscription management, taxes, accounting, chargeback handling, and legal compliance.
  • Deleted account markers may retain the deleted email address and deletion date to prevent repeat signup-credit abuse.
  • Logs and diagnostics are kept for a limited period unless we need them longer for security, fraud prevention, debugging, or legal reasons.
  • Backups and provider records may persist for a limited period after deletion until backup rotation, fraud-prevention, billing, or compliance processes complete.

Account deletion is designed to remove your account, saved documents, document pages, uploaded fonts, imported files, embedded image assets, and associated generated assets. Some records may remain where required or permitted by law or where retained for the limited purposes described above.

Deleting local browser data is separate from deleting server-side account data. If you clear your browser storage, local drafts and previews on that device may disappear, but saved account data remains available until deleted through the Service or by request.

6. Cookies and Local Storage

We use cookies and similar browser technologies for sign-in sessions, CSRF protection, locale preference, routing, editor persistence, feature access, and security. The web editor also uses local storage and IndexedDB to keep draft content, settings, preview images, and generated preview metadata on your device.

We use essential cookies for authentication and security, preference cookies for language and navigation choices, and local browser storage for editor continuity. We do not use these technologies to sell your personal information.

You can control cookies and local storage through your browser settings. Blocking or deleting them may sign you out, reset language or editor preferences, remove local drafts, or prevent parts of the Service from working correctly.

7. Security

We use technical and organizational safeguards intended to protect information, including TLS for data in transit, authentication controls, request validation, access controls, path traversal checks for stored files, size limits, rate limits, CSRF checks for billing actions, and diagnostic sanitization to reduce sensitive data in error reporting.

We also limit uploaded file sizes and supported file types, isolate stored user assets by account paths, validate ownership before serving private assets, and restrict billing actions to same-origin requests with valid CSRF tokens.

No online service can guarantee absolute security. You are responsible for keeping access to your email, Google account, browser, and device secure.

8. Your Choices and Rights

  • You can sign out, manage billing, cancel subscriptions, and delete your account from available account controls.
  • You can delete documents, unused uploaded assets, and custom fonts where those controls are available.
  • You can unsubscribe from eligible non-transactional email by using the unsubscribe link when provided.
  • You can contact us to request access, correction, deletion, portability, restriction, or objection where applicable law provides those rights.
  • California residents may also request to know, delete, correct, limit, or opt out of sale or sharing where applicable. We do not sell personal information or knowingly share it for cross-context behavioral advertising.
  • European Economic Area, United Kingdom, and Swiss residents may have rights to access, correction, deletion, restriction, portability, objection, and withdrawal of consent where applicable.
  • We may need to verify your identity before completing privacy requests.

Transactional messages, such as sign-in links, payment notices, and important account notices, may still be sent when needed to provide the Service.

We will not discriminate against you for exercising privacy rights, but some requests may limit or prevent our ability to provide the Service. For example, deleting your account removes saved documents, remaining credits, subscription benefits, and access to account-only features.

9. International Processing

HandtextAI and its service providers may process information in the United States and other countries. Those countries may have privacy laws different from the laws where you live. Where required, we rely on appropriate legal mechanisms for cross-border processing.

10. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to HandtextAI, contact us and we will take appropriate steps to review and remove it.

11. Changes

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the website, email, or other reasonable means. The “Last updated” date shows when this policy was last revised.

12. Contact

If you have questions or privacy requests, contact us at:

This Privacy Policy was last modified on May 24, 2026. If you have any questions, please contact us.