Privacy Policy

Last updated: 16 April 2026
v1.0

ScriptAce is built on the principle that your creative work belongs to you. This policy explains exactly what data we collect, why we collect it, how long we keep it, and the controls you have over it. We've written it in plain language — no legal smoke screens.

01

Information We Collect

We collect only what we need to operate ScriptAce and improve your experience. Here's what that means in practice:

Category What We Collect Why
Account Email address, display name, authentication tokens Creating and securing your account
Script Content Script text, block structure, titles, notes, timestamps, tags Saving and syncing your scripts across devices
Usage Feature usage patterns, session duration, error logs, page views Improving the product and diagnosing bugs
Payment Billing email, subscription tier, payment status (no card numbers stored by us) Processing subscriptions via Stripe
Technical IP address, browser type, operating system, device type Security, fraud prevention, and analytics
Communications Support emails and chat messages you send us Responding to your requests
What We Never Collect
We do not collect your payment card numbers (handled exclusively by Razorpay), government IDs, biometric data, or sensitive personal categories under GDPR Article 9.
02

How We Use Your Data

Your data is used solely to operate and improve ScriptAce. We rely on the following legal bases under GDPR:

Contract performance — delivering the ScriptAce service you signed up for, including saving scripts, syncing across devices, and processing payments.
Legitimate interests — analysing usage patterns to improve features, preventing fraud, and debugging errors. We balance this against your interests and only process what is proportionate.
Consent — sending marketing emails or newsletters. You can withdraw this consent at any time via the unsubscribe link or your account settings.
Legal obligation — retaining billing records as required by applicable tax and financial laws.

We do not sell your personal data. We do not use your script content to train machine learning models. We do not use your data for behavioural advertising on third-party platforms.

03

Data Storage & Security

All ScriptAce data is stored on Google Cloud Platform (Firebase / Firestore), hosted in data centres located in the European Union and the United States. Data transfers outside the EEA are covered by Standard Contractual Clauses.

We apply the following security measures:

All data in transit is encrypted using TLS 1.2 or higher.
All data at rest is encrypted using AES-256.
Access to production databases is restricted to authorised personnel only, protected by multi-factor authentication.
We conduct regular security reviews and dependency audits.
In the event of a personal data breach, we will notify affected users and relevant supervisory authorities within 72 hours where required by law.
Retention Periods
Account data and scripts are retained for the duration of your subscription plus 90 days after account deletion, to allow recovery. Deleted scripts are purged from backups within 30 days. Anonymised analytics data may be retained indefinitely.
04

Third-Party Services

ScriptAce uses a limited set of trusted third-party services to operate. Each has its own privacy policy and data processing agreements with us where required by GDPR.

Service Purpose Data Shared
Firebase (Google) Authentication, database, hosting Email, script content, usage data
Stripe Payment processing Billing email, payment status
Google Analytics Anonymised usage analytics Anonymised session data, IP (truncated)
Cloudflare CDN, DDoS protection IP address, request metadata
Resend Transactional emails Email address, name

We do not share your script content with any advertising networks, data brokers, or social media platforms.

05

Cookies & Tracking

ScriptAce uses a minimal set of cookies. No third-party advertising cookies are set on any ScriptAce domain.

Essential cookies — session tokens, authentication state, CSRF protection. These are required for the service to function and cannot be disabled.
Preference cookies — storing your editor settings (dark/light mode, WPM rate, focus mode). Deleted when you clear browser storage.
Analytics cookies — anonymised Google Analytics data used to understand feature usage. You may opt out via your browser settings or the Google Analytics Opt-out Browser Add-on.

A cookie consent banner is presented on your first visit. You may change your preferences at any time via the Cookie Settings link in the footer.

06

Your Rights

Under GDPR and applicable data protection laws, you have the following rights. We respond to all valid requests within 30 days.

Right to access — request a copy of all personal data we hold about you.
Right to rectification — correct inaccurate personal data. Most data can be edited directly in your account settings.
Right to erasure — request deletion of your account and all associated data. You can initiate this from Settings → Account → Delete Account.
Right to portability — receive your script data in a machine-readable format (JSON). Use Export → JSON from within any script.
Right to restrict processing — request that we limit how we use your data in certain circumstances.
Right to object — object to processing based on legitimate interests, including any direct marketing.
Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at . You also have the right to lodge a complaint with your national supervisory authority.

07

Children's Privacy

ScriptAce is not directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal data from children under these ages. If you believe a child has provided us with personal data, please contact us immediately at and we will delete the data promptly.

08

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and by posting a notice in the ScriptAce dashboard at least 14 days before the changes take effect.

For non-material updates (e.g., clarifying language, fixing typos), we will update the "Last updated" date at the top without notice. We encourage you to review this page periodically. Continued use of ScriptAce after the effective date of any changes constitutes acceptance of the updated policy.

Version History
v2.1.0 — January 2026: Added Retention Simulation data category, updated third-party list.
v2.0.0 — June 2025: Full rewrite for GDPR compliance.
v1.0.0 — January 2024: Initial policy.
09

Contact & Data Controller

The data controller for ScriptAce is MKTechs Ltd. For all privacy-related enquiries, data subject requests, or to report a concern:

Privacy Contact
Email:
Response time: within 30 days of receipt
Subject line: "Privacy Request — [Your Request Type]"

For urgent data breach reports or security disclosures, please use with "URGENT" in the subject line.