1. Introduction
Rewrait is built and operated by Lemonity. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have when you use the Rewrait desktop apps for Mac and Windows, the rewrait.com website, and related services (together, the "Service").
Our guiding principle is simple: Rewrait processes your text to return a rewrite and nothing more. We do not use your content to train AI models, and rewrite history is off by default. The sections below describe that in detail.
2. Who We Are
Lemonity is the data controller responsible for your personal data under this policy. If you are on a Team plan, your employer or workspace administrator is the controller for the user content processed through your workspace, and Lemonity acts as a data processor on their behalf under a Data Processing Agreement.
You can reach us at [email protected] for any privacy question, request, or complaint.
3. Information We Collect
User content: the text you select or dictate and submit for rewriting, and any approved source context (for example, a Notion, Confluence, or Google Docs page you have whitelisted) that a shortcut is configured to read at the moment it runs.
Account information: your name, email address, password hash or Google OAuth identity, and your workspace memberships and roles.
Configuration data: your styles, shortcuts, workflows, the approved source whitelist, and AES-encrypted OAuth tokens for any integrations you connect.
Payment information: handled by Stripe. We receive subscription status, plan, and transaction identifiers - never your full card number or security code.
Device and usage information: device type, operating-system version, app version, language, feature interactions, performance and error logs, and a truncated IP address used for security and rate limiting.
Communications: messages you send us for support, sales, or security questionnaires.
4. How We Use Information
Provide, operate, secure, and maintain Rewrait.
Process your selected or dictated text and return the rewrite.
Read approved source context on demand so a shortcut can match your voice.
Manage accounts, workspaces, subscriptions, and billing.
Send service, security, and support messages, and - only with your consent - product or marketing updates.
Analyze aggregated usage to understand and improve the product.
Detect, prevent, and investigate fraud, abuse, and security incidents, and comply with legal obligations.
5. How Rewrait Handles Your Text
Text is processed on demand. Rewrait only receives your content when you trigger a shortcut - by selecting text or dictating a draft. There is no background sync of your writing.
We do not use your content to train Rewrait's models or any third-party model. On Team plans this is a contractual commitment backed by a written no-training guarantee.
Rewrite history is off by default. If you choose to enable it, items are stored only for your account, can be deleted individually, and turning history off stops new items from being saved.
Thumbs-up and thumbs-down feedback is recorded as an event without the underlying text, so quality signals never become a copy of your writing.
Voice dictation audio is transcribed by Deepgram at the moment you dictate; the resulting transcript then follows the same rules as typed text.
Connected sources are fetched read-only over OAuth scopes that cannot write or delete, cached to limit repeat fetches, and capped per fetch so a shortcut pulls the section it needs rather than syncing your knowledge base.
6. Legal Bases for Processing
Performance of a contract: to deliver the Service you or your organization signed up for.
Legitimate interests: to secure, debug, and improve the Service, where those interests are not overridden by your rights.
Consent: for optional features such as rewrite history and for marketing communications, which you can withdraw at any time.
Legal obligation: to meet tax, accounting, and other legal requirements.
7. Sharing and Subprocessors
We share data with the vendors that make the Service work, each limited to what its function requires. AI providers (OpenAI and Google Gemini) receive only the text of a specific rewrite request plus approved context. Deepgram receives dictation audio only while you dictate. Stripe handles payments and Brevo sends transactional email - neither ever sees your text. Fly.io provides hosting and the managed database.
We may also disclose information to comply with the law, enforce our terms, protect the rights and safety of users and the public, or in connection with a merger, acquisition, or sale of assets, with notice where required.
We do not sell your personal data or user content, and we do not share it for cross-context behavioral advertising.
8. International Transfers
Lemonity is based in Spain, and some of our subprocessors are located in the United States and other countries. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
9. Data Retention
Account and configuration data is retained while your account is active and for a reasonable period afterward to meet legal, accounting, and security needs.
User content is not stored unless you enable rewrite history; history items persist until you delete them or disable the feature.
Logs and analytics are kept only as long as needed for security, support, and product improvement, then deleted or anonymized.
Cached source context is short-lived and refreshed or evicted automatically.
10. Your Rights and Choices
Depending on where you live, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to receive a copy in a portable format.
You can withdraw consent for optional features or marketing at any time, disable or clear rewrite history from within the app, and disconnect any integration to immediately cut off source access.
To exercise any of these rights, email [email protected]. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority.
If you are on a Team plan, please direct content-related requests to your workspace administrator, who controls that data.
11. Security
We use industry-standard safeguards, including encryption in transit, AES encryption of stored OAuth tokens, hashed credentials, access controls for internal systems, and read-only scopes for connected integrations. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to any incident.
12. Children's Privacy
Rewrait is not directed to children. The Service is intended for users who are at least 18 years old, and we do not knowingly collect personal data from anyone under that age.
13. Changes to This Policy
We may update this Privacy Policy as the Service evolves. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you. Your continued use of the Service after an update means you accept the revised policy.
14. Contact
For any privacy question or request, email [email protected].