Privacy Policy

ScriptLix ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our screenplay platform.

This policy applies to all users of the ScriptLix platform, including registered users and visitors. By accessing or using ScriptLix, you acknowledge that you have read and understood this Privacy Policy.

ScriptLix is the data controller responsible for your personal data as described in this Privacy Policy. As the data controller, we determine the purposes and means of processing your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, contact us at [email protected]. We aim to respond to all legitimate requests within 30 days.

Account Data: When you register on ScriptLix, we collect your name, email address, and authentication credentials. Authentication is handled through Firebase Authentication (a Google service). We do not store your password directly; Firebase manages credential security.

Profile Data: You may choose to provide additional information such as a display name, avatar image, biography, and links to external portfolios. This data helps personalize your presence on the platform.

Transaction Data: When you purchase screenplays, we collect data related to those transactions, including purchase history, selected license tiers, and payment amounts. Credit card numbers and sensitive payment credentials are processed exclusively by Stripe (our payment processor) and are never stored on ScriptLix servers.

Usage Data: We collect information about how you interact with the platform, including pages viewed, scripts browsed, reading progress, search queries, and time spent on various features.

Device and Cookie Data: We automatically collect technical information such as your IP address, browser type, device type, and operating system. We use cookies for authentication and analytics purposes.

We use your personal data to provide, operate, and maintain the ScriptLix platform. This includes processing transactions, delivering purchased screenplays, managing your account, and personalizing content recommendations based on your browsing history and preferences.

We may use your email address to send important service-related communications, such as purchase confirmations, account security alerts, and policy updates. With your explicit consent, we may also send marketing communications about new features or curated screenplay recommendations. You may unsubscribe from marketing emails at any time.

We process data to detect, prevent, and address fraud, abuse, and security threats. This includes monitoring for suspicious account activity, unauthorized access attempts, and violations of our Terms of Service.

Contract Performance: We process your account and transaction data as necessary to fulfill our contractual obligations to you, including creating your account, processing screenplay purchases, delivering content, and managing license agreements.

Legitimate Interest: We rely on our legitimate interests to process usage and device data for platform analytics, service improvement, and fraud prevention. We have assessed that these interests do not override your fundamental rights and freedoms.

Consent: Where required by law, we obtain your explicit consent before processing certain data, including marketing emails and optional analytics cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Payment Processing: We share transaction data with Stripe, our payment processor. They receive the information necessary to process payments, handle refunds, calculate applicable taxes, and comply with financial regulations. Stripe operates under their own privacy policy.

Authentication: User authentication is handled by Firebase Authentication (Google). Firebase processes your login credentials and authentication tokens. Firebase operates under Google's privacy policy.

Analytics: We use Google Analytics 4 to collect anonymized data about how users interact with ScriptLix. Analytics cookies are only set with your consent where required by law.

Infrastructure: Our platform is hosted on Hetzner (Germany). Your data may be processed and stored on servers located in Germany and the European Union.

All third-party processors are contractually obligated to maintain Data Processing Agreements compliant with GDPR Article 28. We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We may disclose your personal data if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of ScriptLix, our users, or the public.

We retain your account data for as long as your account remains active on ScriptLix. If you choose to delete your account, we will remove your personal data from active systems within 30 days and from backup systems within 90 days, except where retention is required by law.

Transaction records, including purchase history and payment amounts, are retained for a minimum of 7 years to comply with tax, accounting, and financial reporting obligations.

Usage data, including browsing history, search queries, and reading progress, is retained for up to 2 years from the date of collection. After this period, usage data is either permanently deleted or anonymized.

Fraud investigation records may be retained for up to 3 years. Records subject to active legal holds are retained until the hold is lifted.

Under the GDPR, you have the right to: access your personal data and receive a copy in a structured, machine-readable format (data portability); request correction of inaccurate or incomplete personal data; request deletion of your personal data (right to be forgotten), subject to legal retention obligations; object to processing based on legitimate interests; restrict processing in certain circumstances; and withdraw consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. Under the CCPA, "personal information" includes identifiers (name, email, IP address), commercial information (purchase history), internet activity (browsing, search history), and inferences drawn from this data.

Your CCPA rights include: the right to know what personal information we collect and how we use it; the right to request deletion of your personal information; the right to opt out of the sale of your personal information; and the right to non-discrimination for exercising your privacy rights.

ScriptLix does not sell your personal information in the traditional sense. However, we use Google Analytics 4, which may constitute a "sale" under CCPA's broad definition. You may opt out of analytics tracking by disabling cookies in your browser settings or by contacting us at [email protected].

To exercise your CCPA rights, contact us at [email protected] with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

Strictly Necessary Cookies: These cookies are essential for the operation of ScriptLix, including session cookies that maintain your authentication state. These cookies cannot be disabled.

Functional Cookies: These cookies remember your preferences, such as display settings and recently viewed scripts. They enhance your experience but are not strictly necessary.

Analytics Cookies: We use Google Analytics 4 to collect anonymized usage data. Analytics cookies are only set with your consent where required by law.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality. ScriptLix honors Do Not Track (DNT) browser signals by disabling non-essential cookies when DNT is enabled.

Your personal data may be processed and stored in countries outside your jurisdiction, including Germany (Hetzner hosting), the United States (Stripe, Firebase, Google Analytics), and other locations where our service providers operate.

Where we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or adequacy decisions.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where required by applicable law (including GDPR Article 33), notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

Our notification will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

ScriptLix is not intended for use by individuals under the age of 18. We do not knowingly collect, store, or process personal data from children or minors.

If we become aware that we have inadvertently collected personal data from a person under 18, we will take immediate steps to delete that information from our systems. If you believe that a minor has provided us with personal data, please contact us at [email protected].

We implement industry-standard security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data transmitted between your browser and ScriptLix is encrypted using TLS encryption. User passwords are managed by Firebase and are never stored in plain text on our servers.

Access to personal data is restricted to authorized personnel who require it to perform their duties. While we take every reasonable precaution to protect your data, no method of transmission over the internet or electronic storage is completely secure. We continuously review and update our security practices.

We may update this Privacy Policy from time to time. When we make material changes, we will provide prominent notice through the ScriptLix platform or by email. The effective date will be updated at the top of this policy.

We encourage you to review this policy periodically. Your continued use of ScriptLix after changes take effect constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data processing practices, contact us at [email protected]. For GDPR data subject requests, include "Data Request" in the subject line. For CCPA requests, include "CCPA Request" in the subject line.