Privacy Policy

Authorial Privacy Policy

Effective date: 28 January 2026

This Privacy Policy explains how Authorial Pty Ltd (ABN 50 684 226 015) (Authorial, we, us, our) collects, uses, discloses, stores, and protects personal information when you use our website and our web app hosted at app.authorial.com.au (together, the Services).

We aim to keep this policy clear, current, and easy to find, consistent with the Australian Privacy Principles requirements for an APP privacy policy.

1. Scope

This Privacy Policy applies to:

  1. the Authorial website

  2. the Authorial web app at app.authorial.com.au

  3. related support and communications (such as email)

It does not cover third party sites or services you may access through links in Authorial.

2. Key ideas

  1. You can use Authorial to create manuscripts, files, and chats. Much of this may be private by design.

  2. We collect information needed to run the service, facilitate marketplace transactions, keep the platform secure, and improve the product.

  3. We do not use your User Content to train machine learning or AI models.

  4. We use service providers such as Stripe and Klaviyo to help deliver the Services.

  5. We operate internationally and may store and process data in multiple regions.

3. Personal information we collect

We collect information in the following categories.

3.1 Information you provide

  1. Account and profile details, such as name, email, profile photo, bio, and preferences

  2. Content and files you upload or create, such as manuscripts, notes, messages, attachments, images, and project briefs

  3. Marketplace and transaction information you provide, such as project details, milestones, approvals, messages with other users, and reviews

  4. Support communications, such as requests, feedback, and report submissions

3.2 Information collected automatically

  1. Device and usage data, such as device identifiers, browser type, operating system, session information, pages or features used, and interactions

  2. Log and security data, such as IP address, timestamps, and audit logs used for fraud prevention, abuse prevention, and integrity controls

  3. Approximate location data inferred from IP address

  4. Cookies and similar technologies data, as described in section 7

3.3 Payments

Payments are processed by Stripe. Depending on your Stripe configuration and transaction flow, we may receive limited payment related information (such as payment status, a payment token or identifier, and basic billing details). We do not typically store full card numbers on our servers.

4. Sensitive information

We do not ask you to provide sensitive information. However, sensitive information may appear in manuscripts, files, or messages if you choose to include it. If you include sensitive information, you consent to us processing it as part of providing the Services.

5. How we use personal information

We use personal information for the purposes below.

5.1 Providing and operating the Services

  1. create and manage accounts

  2. provide writing tools, storage, collaboration, and sharing features

  3. facilitate marketplace workflows such as project milestones, approvals, and platform fees

  4. provide customer support and respond to enquiries

5.2 Security, safety, and integrity

  1. protect against fraud, abuse, unauthorised access, and misuse

  2. enforce our Terms of Service and policies

  3. investigate reports, including review of relevant platform activity where appropriate

  4. maintain backups and business continuity processes

5.3 Communications

  1. send service messages, including verification, security alerts, and important notices

  2. send product updates and marketing communications where permitted and where you have choices to opt out

5.4 Improving and developing the Services

  1. monitor performance and fix bugs

  2. understand feature usage and reader and creator needs

  3. develop new functionality, including non generative AI supported product improvements that do not train on your User Content

6. Legal bases for processing for EU and UK users

If the GDPR or UK GDPR applies, we process personal data under one or more lawful bases depending on context, commonly:

  1. contract, to provide the Services you request

  2. legitimate interests, such as operating, securing, and improving the Services, where those interests are not overridden by your rights

  3. consent, such as where required for certain cookies or marketing

  4. legal obligation, such as compliance and record keeping

We also provide mechanisms for you to exercise GDPR rights and we respond within required timeframes, generally within one month.

7. Cookies and similar technologies

We use cookies and similar technologies for:

  1. essential functions, such as login sessions, security, and load balancing

  2. preferences, such as remembering settings

  3. analytics and performance, where enabled

  4. marketing, where enabled and permitted

Where required, we obtain consent for non essential cookies and provide controls so you can accept or reject categories of cookies. UK guidance expects clear information and valid consent for non essential cookies, with an exception for cookies strictly necessary to provide a service requested by the user.

You can also control cookies through your browser settings, but disabling cookies may affect functionality.

8. How we disclose personal information

We may disclose personal information to the following types of recipients.

8.1 Service providers

We use trusted third party providers to help deliver the Services, including:

  1. payments processing, such as Stripe

  2. email communications, such as Klaviyo

  3. hosting and infrastructure, such as GoDaddy

  4. website hosting and publishing, such as Framer

  5. analytics, security, logging, and support tooling where enabled

These providers process personal information for us to provide their services.

8.2 Other users, when you choose to share

  1. your public profile information may be visible to other users and the public

  2. when you invite collaborators to a Project, they can access the content you share with them

  3. if you share via link, people with the link may be able to view content depending on your settings

  4. marketplace messages, milestones, and delivery files are shared between the Author and the Professional involved in that Project

8.3 Legal and safety disclosures

We may disclose information where required to comply with law, court order, or regulator request, or to enforce rights, prevent harm, and protect the Services and users.

9. Overseas disclosures and international transfers

Authorial operates in Australia and may store or process data in multiple regions, including Australia, the United States, the European Union, and the United Kingdom, depending on where our service providers operate.

Under Australian privacy requirements, where we disclose personal information overseas, we take reasonable steps to ensure overseas recipients handle that information appropriately.

If GDPR or UK GDPR applies, cross border transfers may rely on recognised safeguards such as the EU Standard Contractual Clauses and the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs, where required.

10. Data retention

We keep personal information for as long as needed to:

  1. provide the Services and maintain your account

  2. comply with legal, tax, accounting, and regulatory obligations

  3. resolve disputes and enforce agreements

  4. maintain security and prevent abuse

If you request deletion, we will take reasonable steps to delete or de identify personal information unless we need to keep it for legitimate reasons such as legal compliance, security, or dispute resolution.

11. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes access controls, encryption in transit, and security monitoring. No system is perfectly secure, but we work to maintain appropriate safeguards.

12. Your choices and rights

12.1 Australia

You may request access to personal information we hold about you and request corrections. Our policy includes a complaints process consistent with APP requirements.

12.2 EU and UK

Depending on your circumstances, you may have rights including access, rectification, erasure, restriction, objection, and portability. We aim to respond without undue delay and generally within one month.

12.3 California

If the CCPA applies to our handling of your information, you may have rights to know, delete, correct, and opt out of sale or sharing, plus notice at collection requirements.
We do not sell personal information in the conventional sense. If we ever engage in practices that qualify as sale or sharing under the CCPA, we will provide required opt out mechanisms and honour valid opt out signals where required, including Global Privacy Control signals for covered businesses.

13. How to make a request

To request access, correction, deletion, or to ask questions about this Privacy Policy, contact:
hello@authorial.com.au

We may need to verify your identity before completing certain requests.

14. Children

The Services are not intended for children under 15. If we learn that a user is under 15, we may suspend or terminate the account and take reasonable steps to remove associated personal information, subject to legal and security requirements.

15. Complaints

If you believe we have breached applicable privacy law, you can contact us at hello@authorial.com.au and we will investigate and respond.

If you are not satisfied with our response, you may be able to complain to the Office of the Australian Information Commissioner or the relevant regulator in your jurisdiction. APP guidance expects a privacy policy to explain how complaints may be made and handled.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will update the effective date at the top and, where appropriate, provide notice through the Services.