Privacy Policy

Last Updated: March 1, 2026

Introduction

CoNovel is a collaborative writing platform where users create and vote on stories together. This Privacy Policy explains how we collect, use, protect, and share your personal data when you use our platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

What Data We Collect

Account Information

  • Email address (required for registration)
  • Username (unique identifier)
  • First and last name
  • Password (stored as encrypted hash)

Profile Information (Optional)

  • Biography/description
  • Social media links (Twitter, Instagram, GitHub, LinkedIn, website)
  • Avatar seed and banner image

Content You Create

  • Stories you create or collaborate on
  • Chapter versions you write
  • Comments you post
  • Votes you cast on chapters

Technical Data

  • IP address (for security and fraud prevention)
  • Browser type and device information
  • Cookies and session data
  • Usage analytics (if you consent to cookies)

OAuth Data (If you sign in with Google)

  • OAuth provider (Google)
  • OAuth tokens for authentication (never shared)

How We Use Your Data

  • To authenticate your account and provide secure access
  • To operate the collaborative writing platform and enable features
  • To send you important notifications about your account and activity
  • To improve our platform, analyze usage patterns, and develop new features
  • To detect fraud, prevent abuse, and ensure platform security
  • To comply with legal obligations and enforce our Terms of Service

Legal Basis for Processing (GDPR)

Contract Performance: Processing necessary to provide our services when you create an account

Consent: For analytics cookies and optional email communications (you can withdraw anytime)

Legitimate Interests: To improve our platform, prevent fraud, and ensure security

Legal Obligation: To comply with applicable laws (e.g., content moderation, copyright takedowns)

How Long We Keep Your Data

  • Active accounts: We retain your data as long as your account is active
  • Deleted accounts: Personal data is removed within 30 days of deletion request
  • Content you created: Remains public but is anonymized (attributed to 'Deleted User') since other users have interacted with it
  • Security logs and IP addresses: Retained for 90 days for fraud prevention

Who We Share Your Data With

We DO NOT sell your personal data to third parties. Period.

We only share data in these limited circumstances:

  • Service Providers: Cloud hosting (Railway), email service (Zoho), analytics (Google Analytics with your consent)
  • Legal Requirements: If required by law, court order, or to protect legal rights
  • Public Content: Stories, chapters, and comments you post are publicly visible to all users

Your Privacy Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

  • Right of Access (GDPR Art. 15): Download all your personal data in JSON format
  • Right to Rectification (GDPR Art. 16): Update incorrect personal information in your profile settings
  • Right to Erasure / Right to Delete (GDPR Art. 17, CCPA): Delete your account and remove personal data (content you created will be anonymized)
  • Right to Data Portability (GDPR Art. 20): Export your data in a structured, machine-readable format
  • Right to Object (GDPR Art. 21): Object to processing based on legitimate interests
  • Right to Restriction (GDPR Art. 18): Request restriction of processing in certain circumstances
  • Right to Withdraw Consent: Withdraw consent for analytics cookies or email communications anytime
  • Right to Complain: File a complaint with your local data protection authority (e.g., Spanish Data Protection Agency - AEPD)

How We Protect Your Data

We implement industry-standard security measures:

  • HTTPS encryption for all data transmission
  • Password hashing with bcrypt (we never store plain-text passwords)
  • Role-based access control and audit logging
  • Regular security monitoring and vulnerability assessments

Cookies and Tracking

We use cookies for:

  • Essential Cookies: Required for authentication and platform functionality (cannot be disabled)
  • Analytics Cookies (Optional): Google Analytics to understand how users use the platform (requires your consent)

You can control analytics cookies through our cookie consent banner.

International Data Transfers

CoNovel is available globally. Your data may be processed in data centers located outside your country of residence. We ensure appropriate safeguards are in place when transferring data internationally, in compliance with GDPR requirements.

Children's Privacy

CoNovel is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at privacy@co-novel.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on the platform. Continued use of the platform after changes indicates acceptance of the updated policy.

Contact Us

For privacy-related questions, data access requests, or deletion requests, contact us:

Email: privacy@co-novel.com

Back to Home