Privacy Policy

Effective Date:

SKRIB, INC.

Privacy Policy

Effective Date: 26 May 2026 | Last Updated: 26 May 2026

1. About

Skrib, Inc. and its affiliates (“Skrib,” “we,” “us,” or “our”) provide an AI-integrated writing studio. This Privacy Policy explains how Skrib collects, uses, discloses, and otherwise processes personal information, and the privacy rights and choices available to you. Capitalised terms not defined in this Privacy Policy have the meanings set out in the Skrib Terms of Service.

2. Scope

This Privacy Policy applies to personal information we process through skrib.com, any subdomain of skrib.com, our mobile and desktop applications (when launched), our APIs, and our related online and offline offerings (collectively, the “Services”).

This Privacy Policy does not apply to third-party websites, applications, or services that are not controlled by Skrib, even if accessible through the Services. A separate privacy notice, available on request if it applies to you, governs Skrib’s processing of personal information about its current and former employees and contractors.

3. Personal information we collect

The personal information we collect depends on how you interact with the Services.

Information you provide to us

Account information — What it includes: Name, username, display name, email address, password (managed by Clerk and not stored by Skrib in cleartext), profile picture, and account preferences..

Payment information — What it includes: Billing name, billing address, payment method type (card brand and last 4 digits), tax-residency country, and transaction identifiers. Skrib uses Stripe to process payments and to calculate applicable taxes (via Stripe Tax); Skrib does not receive or store full payment-card numbers..

Communication information — What it includes: Email address, phone number (where provided), mailing address, and marketing preferences when you contact us, request information, or subscribe to communications..

Customer Content — What it includes: Files, documents, prompts, AI inputs and outputs, comments, and other content you upload, create, edit, or share through the Services. Customer Content may include personal information if you choose to include it..

Customer support information — What it includes: Support tickets and the content of your communications with Skrib’s support, sales, or other personnel. We may record video conferences for training and quality-assurance purposes..

Survey, contest, and event information — What it includes: Information you provide in connection with surveys, contests, sweepstakes, or events Skrib hosts..

Information collected automatically

Technical data — What it includes: IP address, device identifiers, browser type and version, operating system, language and time-zone settings, referring URLs, navigation paths, and other usage telemetry..

Usage data — What it includes: Pages visited, features used, dates and times of access, events, performance metrics, and interactions with the Services. Usage data excludes Customer Content itself..

Cookies and similar technologies — What it includes: Information collected through cookies, pixels, local storage, and similar technologies, as further described in our Cookie Policy at https://skrib.com/legal/cookies..

Diagnostic and security data — What it includes: Crash reports, error reports, and security telemetry..

Information from other sources

From your organisation — What it includes: If you use the Services on behalf of an organisation (such as your employer), the organisation may provide us with information about you to provision your account..

From other users — What it includes: If another user invites you to a workspace, shares files with you, or identifies you in collaborative content, we may receive your name, email, and role in that context..

From service providers — What it includes: Transaction confirmations, fraud signals, support activity, and similar service-related information from our service providers..

From public and compliance sources — What it includes: Where necessary for legal, security, or compliance purposes (sanctions screening, fraud prevention)..

4. How we use personal information and our legal basis

We use personal information for the purposes set out below. Where the GDPR or analogous law applies, we identify the legal basis on which we rely. When we rely on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Provide and operate the Services (account creation; authentication; access to features; storage; collaboration; AI Features when invoked). — Categories of personal data used: All categories above except marketing-only data.; Legal basis (GDPR): Performance of a contract with you..

Process payments, calculate taxes, and manage subscriptions. — Categories of personal data used: Payment information, account information.; Legal basis (GDPR): Performance of a contract; legal obligation (tax)..

Communicate with you about your account, security, billing, and material updates to legal terms. — Categories of personal data used: Account information, communication information.; Legal basis (GDPR): Performance of a contract; legal obligation..

Maintain, secure, troubleshoot, and improve the Services. — Categories of personal data used: Technical data, usage data, diagnostic data.; Legal basis (GDPR): Legitimate interests (operating, securing, and improving the Services)..

Provide AI Features when you invoke them. — Categories of personal data used: Customer Content selected for AI use, prompts, AI outputs.; Legal basis (GDPR): Performance of a contract; legitimate interests..

Detect, prevent, and respond to fraud, abuse, security incidents, and policy violations. — Categories of personal data used: Account information, technical data, usage data, security telemetry.; Legal basis (GDPR): Legitimate interests (security and integrity); legal obligation..

Enable customer support. — Categories of personal data used: Account information, customer support information.; Legal basis (GDPR): Performance of a contract; legitimate interests..

Send marketing or promotional communications. — Categories of personal data used: Account information, communication information.; Legal basis (GDPR): Consent (where required); legitimate interests (where permitted)..

Conduct surveys, run contests and sweepstakes, and host events. — Categories of personal data used: Survey/event information; account information.; Legal basis (GDPR): Performance of a contract; legitimate interests..

Comply with legal obligations and respond to lawful requests. — Categories of personal data used: Any of the above as relevant.; Legal basis (GDPR): Legal obligation..

Establish, exercise, or defend legal claims. — Categories of personal data used: Any of the above as relevant.; Legal basis (GDPR): Legitimate interests; legal obligation..

Create de-identified or aggregated information for analytics, reporting, research, and product development. — Categories of personal data used: Any of the above, de-identified before use.; Legal basis (GDPR): Legitimate interests (continuously improving the Services). Once de-identified, the information is no longer personal data..

5. How we disclose personal information

We may disclose personal information to the categories of recipients described below. Skrib does not sell personal information for monetary consideration. Skrib’s use of advertising-related cookies and similar technologies (described in the Cookie Policy) may, however, constitute “sale” or “sharing” for cross-context behavioural advertising under California and analogous U.S. state laws; you may opt out as described in Section 8 and Section 13.

Other users and collaboration recipients — What is shared and why: Where you use sharing, collaboration, or workspace features, your User Content and basic profile information are shared with the users you invite or authorise. If your account is part of an organisation that has enabled domain capture, your name, email, and profile picture may be visible to other users in your organisation’s workspace..

Your organisation and its administrators — What is shared and why: If you access the Services on behalf of an organisation, the organisation may have administrative access to your account, audit logs, and account data..

Service providers and processors — What is shared and why: Cloud hosting (AWS), authentication (Clerk), payments (Stripe), AI providers (OpenAI, Anthropic, Google), analytics (PostHog, Mixpanel, Amplitude, Google Analytics), session-replay (Hotjar, Microsoft Clarity), customer support (Intercom, Zendesk), email delivery (SendGrid), security and infrastructure (Cloudflare, Datadog, Sentry), and consent management (Cookiebot). The full list with location and transfer mechanism is at https://skrib.com/legal/subprocessors..

AI providers — What is shared and why: Where you use AI Features, prompts, selected text, uploaded content, and instructions are shared with the AI provider serving your request. Providers act under contractual restrictions that prohibit them from using your content to train their foundation models. See https://skrib.com/legal/ai-terms..

Advertising and marketing partners — What is shared and why: Subject to your consent, Skrib uses Meta Pixel and LinkedIn Insight Tag on marketing pages for measurement and retargeting..

Legal, regulatory, and law enforcement — What is shared and why: Where Skrib is required to comply with law, respond to lawful requests, or protect Skrib or others. Skrib publishes an annual transparency report at https://skrib.com/trust/transparency summarising government requests..

Corporate transactions — What is shared and why: In connection with an actual or proposed merger, acquisition, financing, reorganisation, or sale of assets..

Professional advisers — What is shared and why: Lawyers, auditors, insurers, accountants, and consultants where reasonably necessary..

With your consent or at your direction — What is shared and why: In other cases where you instruct Skrib to disclose information..

6. International data transfers

Skrib operates internationally. Personal information we process may be transferred to, processed and stored in, and accessed from countries other than the country in which you are located, including the United States, Georgia, and other jurisdictions where Skrib’s service providers operate.

Skrib’s primary platform data is hosted in the European Union on AWS infrastructure (Frankfurt, Germany). Where personal information is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that is not the subject of an adequacy decision, we rely on appropriate safeguards as required by applicable law, including the European Commission’s Standard Contractual Clauses (2021), the UK International Data Transfer Addendum, and (where Skrib has certified) the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. The full list of subprocessors and the transfer mechanism applicable to each is at https://skrib.com/legal/subprocessors.

For transfers from Georgia, Skrib complies with the cross-border transfer requirements of the Law of Georgia on Personal Data Protection No. 3144/2023 (the “Georgian DPP Law”), including by relying on appropriate contractual safeguards or, where required, prior authorisation from the Personal Data Protection Service of Georgia (the “PDPS”).

7. EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework

Skrib intends to certify under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework. Once certified, Skrib will publish its certification with the U.S. Department of Commerce and will commit to the relevant DPF Principles. Until certification is complete, Skrib relies on the Standard Contractual Clauses and analogous mechanisms described above.

8. Your choices

Email.

You can unsubscribe from marketing emails using the unsubscribe link in any marketing email or by adjusting your communication preferences in account settings. You will continue to receive transactional and operational communications about your account.

AI Features.

AI Features are optional. You can disable them at the account level in settings. Where AI is invoked, the AI Use & Transparency Statement at https://skrib.com/responsible-ai and the AI Terms at https://skrib.com/legal/ai-terms describe how it works.

Cookies and interest-based advertising.

You can manage cookie preferences through Skrib’s Cookie Settings link in the website footer at any time. Browser-based controls and industry opt-out tools are described in the Cookie Policy.

Global Privacy Control (GPC).

Where supported by your browser, Skrib treats a Sec-GPC signal as a valid request to opt out of the “sale” or “sharing” of personal information for cross-context behavioural advertising.

9. Your privacy rights

Depending on your location and the laws that apply to you, you may have the right to:

confirm whether we are processing your personal information;

request access to and a portable copy of your personal information;

request correction of inaccurate or incomplete personal information;

request deletion of your personal information (subject to legal-retention exceptions);

request restriction of, or object to, certain processing activities;

withdraw consent where processing is based on consent;

opt out of marketing communications;

opt out of the “sale” or “sharing” of personal information for cross-context behavioural advertising; and

lodge a complaint with a competent supervisory authority.

To exercise any of these rights, contact us as set out in Section 18, or use the privacy controls dashboard in account settings, or submit a request via the public form at https://skrib.com/privacy-request. We may need to verify your identity before acting on a request. We will respond within the timeframes required by applicable law (generally 30 days under the GDPR, with extensions for complex requests; 45 days under the CCPA).

10. Data retention

Skrib retains personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods depend on the nature of the data and the legal basis for processing. A consolidated, plain-language retention schedule is published at https://skrib.com/trust/retention. Customer Content is generally retained until you delete it or close your account; backup and disaster-recovery copies are typically retained for up to ninety (90) days; system logs and technical records for approximately ninety (90) days; billing records for at least six (6) years following the end of the relevant accounting period.

11. Security

Skrib uses reasonable technical, organisational, and administrative measures designed to protect personal information against unauthorised access, loss, misuse, alteration, disclosure, or destruction. The Trust & Security overview at https://skrib.com/trust describes these measures at a higher level. The Data Processing Addendum at https://skrib.com/legal/dpa contains the technical and organisational measures required by Article 32 of the GDPR for B2B customers.

If Skrib becomes aware of a personal data breach likely to result in a risk to the rights and freedoms of data subjects, Skrib will notify the relevant supervisory authority without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, and will notify affected data subjects where required by applicable law.

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for using two-factor authentication where supported.

12. Third-party websites and services

The Services may contain links to third-party websites and services that are not owned or controlled by Skrib. This Privacy Policy does not apply to the privacy practices of those third parties. We encourage you to read the privacy notices of any third-party service you access.

13. California and other U.S. state privacy rights

This Section supplements the rest of this Privacy Policy and applies to residents of California (under the CCPA, as amended by the CPRA) and other U.S. states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Rhode Island, and any successor or analogous laws), to the extent those laws apply to Skrib’s processing of personal information.

Categories of personal information collected, sources, purposes, and disclosures.

These are described in Sections 3, 4, and 5 of this Privacy Policy.

No sale; “sharing” for cross-context behavioural advertising.

Skrib does not sell personal information for monetary consideration. Skrib’s use of advertising-related cookies and similar technologies (Meta Pixel and LinkedIn Insight Tag on marketing pages) may constitute “sharing” for cross-context behavioural advertising. You may opt out by using the “Cookie Settings” link in the website footer, by configuring your browser to send Global Privacy Control signals, or by exercising the rights set out in Section 9. The dedicated links “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” are available in the website footer.

Sensitive personal information.

Skrib does not use or disclose “sensitive personal information” (as defined under the CCPA) for purposes other than those permitted under Section 7027 of the CCPA Regulations or analogous provisions, and does not solicit such information through the Services.

Annual metrics disclosure.

In accordance with California Civil Code § 1798.130(a)(5), Skrib will publish, on or before 1 July of each calendar year, the number of CCPA requests received, complied with, and denied in the preceding calendar year, together with the median or mean response time, at https://skrib.com/legal/ccpa-metrics.

U.S. state rights.

Subject to verification, you have the right to know, access, delete, correct, and obtain a portable copy of your personal information; to opt out of sale or sharing; to limit use of sensitive personal information (where applicable); and not to be subject to retaliation for exercising these rights. You may exercise these rights via the contact channels in Section 18, the privacy controls dashboard in account settings, or the public form at https://skrib.com/privacy-request. You may designate an authorised agent to make a request on your behalf, subject to verification.

14. Nevada residents

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information. Skrib does not currently sell the personal information of Nevada residents (as defined under Nevada Revised Statutes Chapter 603A). You can exercise your right by contacting us with the subject line “Nevada Do Not Sell Request.”

15. Children

The Services are not directed to children under the age of 13 (or any higher minimum age set by Applicable Law in your jurisdiction). For users in EU member states with a higher digital age of consent (for example, sixteen (16) in Germany or fifteen (15) in France), the higher local age governs. Skrib does not knowingly collect personal information from children in violation of applicable law. If you become aware that a child has provided personal information to Skrib without parental consent, please contact us; if Skrib confirms that personal information was collected in violation of applicable law, Skrib will take appropriate steps to delete the data, disable the account, or otherwise restrict access. AI Features may be used only by individuals aged 18 or older.

16. Supervisory authority

If you are located in the European Economic Area, the United Kingdom, Switzerland, or Georgia, you have the right to lodge a complaint with the competent supervisory authority — for users in Georgia, the Personal Data Protection Service of Georgia at personaldata.ge; for users in the EEA, the supervisory authority of your habitual residence, place of work, or place of the alleged infringement; for users in the United Kingdom, the Information Commissioner’s Office at ico.org.uk.

17. Changes to this Privacy Policy

Skrib may revise this Privacy Policy from time to time. Material changes will be notified by appropriate means (in-product notice, account email, or banner on the Services) at least thirty (30) days in advance, and we will obtain fresh consent where required by applicable law. The “Last Updated” date is shown in the metadata header at the top of this document. Previous versions are available via the “See all versions” link on the published page or on request from contact@skrib.com.

18. Contact

If you have questions about this Privacy Policy or about Skrib’s privacy practices, or if you wish to exercise a right described in this Privacy Policy, please contact us at:

Skrib, Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA

Operational address: 37m I. Chavchavadze Avenue, Axis Business Centre, 0179 Tbilisi, Georgia

Privacy: contact@skrib.com

Data Protection Officer: contact@skrib.com