Copydirector.io ← Back to Copydirector

Privacy Policy

Version 2026-06-21

Who we are

Copydirector is operated by Bram de Waal h.o.d.n. Copydirector, registered in the Netherlands. Contact: privacy@copydirector.io.

What data we collect and why

CategoryDataLegal basisPurpose
Account dataName, email, password (hashed)Art 6(1)(b) contract performanceAccount creation and authentication
Subscription dataPlan type, billing status, usage historyArt 6(1)(b) contract performanceService delivery and billing
Brand Base contentBrand name, values, tone of voice, reference texts, website URLs and text extracted from them, briefingsArt 6(1)(b) contract performanceGenerating AI-assisted copy outputs
Generated ContentAI-generated copy outputsArt 6(1)(b) contract performanceStoring outputs for user access
Refinement conversationsThe refinement instructions you type and the successive copy versions produced while iterating on a generationArt 6(1)(b) contract performanceLetting you refine copy in conversation and keeping the iteration history so the assistant remembers earlier requests
Technical dataIP address, session cookies, usage logsArt 6(1)(f) legitimate interestsSecurity, fraud prevention, service improvement
Content review recordsUser ID, generation ID, variant index, timestamp, review-confirmation flag, hashed IP, user agentArt 6(1)(f) legitimate interests (establishing and defending legal claims)Audit trail showing user reviewed AI-generated content for factual accuracy and brand suitability before download or copy, supporting compliance with consumer protection and product liability obligations
Product analyticsUser ID, last-seen timestamp, page interactions, briefing form steps viewed, feature engagement events, voluntary feedback submissionsArt 6(1)(f) legitimate interestsImproving the Service based on observed usage patterns and direct user feedback during the closed beta and beyond

AI processing and third-party data flows

To generate copy outputs, we send your Brand Base content, reference texts, and briefing inputs to Anthropic's Claude API. This includes your brand name, brand values, tone of voice, any text you have uploaded as reference material, and text extracted from website URLs you provide. When you refine a generation, the refinement instructions you provide and the relevant copy versions are also sent to the Claude API, including, where a conversation runs long, a summarised form of the earlier refinement history. It does not include your account credentials, payment data, or other users' data.

Anthropic processes this data as our sub-processor. Anthropic does not use API inputs to train its models. API inputs and outputs are retained by Anthropic for up to 7 days for abuse monitoring purposes, after which they are deleted. Where you use the prompt caching feature, your system prompt (including Brand Base data) may be cached for up to 5 minutes at Anthropic's infrastructure for performance purposes.

Anthropic's servers are located in the United States. This transfer is governed by Standard Contractual Clauses (Module 2 and Module 3) under Commission Implementing Decision (EU) 2021/914, incorporated into Anthropic's Data Processing Addendum.

Data storage

Your account data, Brand Bases, reference texts, and Generated Content are stored in Google Cloud Firestore, configured to EU region (europe-west). Google processes this data as our sub-processor under Google's Cloud Data Processing Addendum incorporating Standard Contractual Clauses.

When you upload a PDF or DOCX file, the file is processed in memory to extract text. The original file is not stored. Only the extracted text is retained in Firestore.

When you provide a website URL, the Service fetches the page and extracts its text. The original page is not stored; only the extracted text is retained in your Brand Base in Firestore and processed in the same way as uploaded materials.

Payment data

Payment processing is handled by Stripe. We do not store your payment card details. Stripe's privacy policy governs the processing of your payment data.

How long we keep your data

Data categoryRetention period
Brand Bases, reference texts, Generated Content, refinement conversationsDuration of active account + 30 days following account closure
Account data (email, name)Duration of account + 7 years for tax/legal compliance purposes
Usage logs and technical data12 months
Product analytics and feedback submissions24 months
Content review records5 years from action timestamp
Billing records7 years (Dutch tax law requirement)
Inactive accountsWe will contact you after 12 months of inactivity. If no response within 30 days, your account and content data will be deleted.

Your rights under GDPR

You have the following rights regarding your personal data:

We will respond to requests within one month. To exercise your rights, contact privacy@copydirector.io.

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

Sub-processors

Sub-processorPurposeLocationTransfer mechanism
Anthropic Inc.AI text generationUSASCCs (Module 2 + 3)
Google CloudData storage (Firestore)EU (europe-west)Google Cloud CDPA with SCCs
Stripe Inc.Payment processingUSA / EUStripe DPA with SCCs
ResendTransactional emailEU / USASCCs

We will update this list and notify you before adding new sub-processors.

Cookies

We use a minimal number of cookies:

CookieTypePurposeDuration
Session cookieStrictly necessaryMaintains your login sessionSession (deleted when browser closes)
CSRF tokenStrictly necessaryProtects against cross-site request forgery attacksSession

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, we are not required to obtain your consent for these cookies under the ePrivacy Directive.

If we introduce any non-essential cookies in the future, we will update this policy and obtain your consent before setting them.

Changes to this policy

We will notify you of material changes by email at least 30 days before they take effect.


© 2026 Copydirector.io · Contact: privacy@copydirector.io