Chapterstack
Chapterstackalpha

Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains what personal data Chapterstack collects, why we collect it, how we use it, and what rights you have. It applies to all users of the platform, regardless of where they are located.

1. Who We Are

Data controller

Chapterstack is operated by Delattre Technology. We act as the data controller for all personal data processed through the platform. For any data-related enquiries, please contact us via the Contact Us page.

2. What We Collect

Account data

When you register, we collect your email address, display name, and — if you sign in with Google — your Google profile identifier and avatar URL. You may optionally add a handle and bio to your public profile.

Content data

We store the content you create: project titles, chapter text, cover images, and notes. Draft and review-status content is private to you. Published content is public.

Usage data

We collect basic usage data to operate the service, including the pages you visit, chapters you open, and actions you take (such as publishing or liking a chapter). This data is used to operate and improve the platform and is not sold to third parties.

Device and technical data

We collect standard technical information such as your browser type, device type, operating system, and IP address. This is used for security, fraud prevention, and service reliability.

Payment data

When the coin payment system launches, payment transactions will be processed by a third-party payment provider. Chapterstack does not store full card numbers or bank account details.

Legal consent records

At registration we record the version of the Terms of Service and Privacy Policy you accepted, the timestamp of acceptance, and your age and parental consent confirmation. This record is retained to demonstrate compliance with applicable law.

3. Legal Bases for Processing

Contractual necessity

We process account data, content data, and legal consent records because they are necessary to provide the service you signed up for.

Legitimate interest

We process usage data and technical data on the basis of our legitimate interest in operating a secure and reliable platform, preventing abuse, and improving the service. We have assessed that this interest is not overridden by your rights and freedoms.

Legal obligation

We may process or retain data where required to comply with applicable law, including responding to lawful requests from courts or regulatory authorities.

Consent

Where we rely on consent — for example for non-essential cookies or analytics — we will request it explicitly and separately. You can withdraw consent at any time from the Settings page without affecting the lawfulness of prior processing.

4. How We Use Your Data

To provide the service

Your data is used to operate your account, store your writing, display your public profile, and enable the reading experience for other users.

To communicate with you

We may send you transactional emails (account confirmation, password reset, material changes to these policies, inactivity warnings). We will not send marketing emails without your explicit consent.

To keep the platform safe

We use technical and usage data to detect and prevent abuse, fraud, and illegal activity.

To comply with the law

We may process or disclose data to comply with legal obligations, enforce our Terms of Service, or respond to lawful requests from authorities.

5. Data Sharing

We do not sell your data

Chapterstack does not sell, rent, or trade your personal data to third parties for marketing purposes.

Service providers

We share data with a limited number of trusted service providers who help us operate the platform — including Firebase (authentication and storage), Supabase (database hosting), and payment processors when the coin system launches. These providers are contractually bound to process data only on our behalf and in accordance with applicable law.

Public content

Content you publish is visible to all visitors. Your display name and handle are shown alongside your published work. Your email address is never publicly displayed.

Legal disclosures

We may disclose your data if required to do so by law or in response to a valid legal request, such as a court order or a request from a data protection authority.

6. Data Retention

Active accounts

We retain your personal data for as long as your account is active and as long as necessary to provide the service.

Account deletion

When you delete your account, your personal data (name, email, avatar, bio, drafts) is permanently deleted. Published chapters are retained in anonymised form. Legal consent records are retained for the period required by applicable law.

Inactive accounts

Accounts that have been inactive for an extended period may be closed after advance notice. Data associated with closed inactive accounts is deleted in accordance with our data minimisation obligations.

7. Your Rights

Access and portability

You have the right to request a copy of the personal data we hold about you and, where technically feasible, to receive it in a portable format.

Rectification

You can update most of your personal data directly from the Profile and Settings pages. If you need help correcting data you cannot edit yourself, contact us.

Erasure

You have the right to request deletion of your personal data. You can delete your account directly from Settings. Certain data may be retained where we have a legal obligation to do so.

Restriction and objection

You have the right to ask us to restrict processing of your data or to object to processing based on legitimate interest. We will honour such requests unless we have compelling legitimate grounds to continue.

Withdrawing consent

Where processing is based on your consent, you may withdraw it at any time from the Settings page. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to complain

If you believe we are not handling your data in accordance with applicable law, you have the right to lodge a complaint with your national data protection authority — for example the CNIL in France, the ICO in the UK, or the relevant supervisory authority in your country of residence.

8. Cookies

Essential cookies

We use cookies that are strictly necessary to operate the platform — for example to maintain your session. These do not require your consent.

Non-essential cookies

We may use analytics or preference cookies with your consent. A consent banner is shown on first visit and you can change your preferences at any time from Settings.

9. International Data Transfers

Transfers outside the EEA

Some of our service providers (including Firebase and Supabase) may process data outside the European Economic Area. Where this occurs, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to protect your data to the same standard as within the EEA.

10. Changes to This Policy

Updates

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. We will notify registered users of significant changes by email or by a prominent notice on the platform before they take effect.

11. Contact

For any questions about this Privacy Policy or to exercise your rights, please contact us. For questions about our Terms of Service, see the Terms of Service page.

Spotted an error or something that doesn't look right? Let us know — we read every message and will fix it.