PRIVACY POLICY

Last updated: September 3, 2025

Essay Cafe (“Essay Cafe,” “we,” “us,” or “our”) provides an online platform and human-led services to help students ideate, plan, and refine application essays and related materials. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, apps, and services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1) Who we are & scope

  • Controller: Essay Cafe, based in California, United States.
  • Contact: contact@essay.cafe
  • Applies to: www.essay.cafe and any pages, tools, and human-led services we operate that link to this policy.

If you access the Services from outside the U.S., your information will be processed in the U.S. and other countries where our providers operate.

2) Children & teens

The Services are not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If we discover such data, we will delete it in accordance with the Children’s Online Privacy Protection Act (“COPPA”). Parents/guardians who believe a child has used our Services may contact us at contact@essay.cafe.

3) The information we collect

We collect information in three main ways: (a) you provide it to us, (b) it’s collected automatically, and (c) we receive it from others (like payment or analytics providers).

A. Information you provide

  • Account & Contact: name, email, login credentials.
  • User Content: essay drafts, graded papers, resumes, transcripts or writing samples you upload, brainstorm prompts and outputs, live-session notes, comments, and any other materials you submit.
  • Scheduling & Support: availability, meeting details, messages with us.
  • Purchases: transaction details (e.g., product, amount, currency). We do not collect or store full payment card numbers; payments are handled by our processor(s).

B. Information collected automatically

  • Usage & Device: IP address, approximate location (derived from IP), device and browser type, operating system, referring/exit pages, timestamps, pages viewed, clicks, and similar event data.
  • Cookies & Similar Technologies: small files and tags that store or access information on your device for essential features and analytics (see Cookies below).

C. Information from third parties

  • Payments: confirmation of transaction status, last four digits of card, card type, billing ZIP/postal code, fraud signals.
  • Diagnostics & Security: error reports and logs from our monitoring tools.
  • Collaborative Docs: content and metadata if you share or grant us access to your documents in third-party tools (e.g., Google Docs/Drive).

We do not intentionally collect sensitive personal information (like government ID numbers, precise geolocation, or health information). Please avoid including sensitive data in the brainstorm tool, uploads, or communications with us.

4) How we use information

We use personal information to:

  • Provide the Services: operate the site and tools, generate brainstorm outputs, perform editing, schedule sessions.
  • Power AI features: process your prompts and content to generate ideas and suggestions (see AI Features).
  • Process payments and prevent fraud.
  • Improve and secure the Services: analytics, debugging, error monitoring, quality assurance.
  • Communicate with you: service updates, transactional emails, and—with your consent where required—product news or helpful content.
  • Comply with law: tax, accounting, and legal obligations.
  • Protect rights: enforce terms, prevent misuse, ensure integrity of our Services.

We may aggregate or de-identify information for research, product improvement, and statistics. We may use aggregated/de-identified data for any lawful purpose.

5) AI features (online brainstorm tool)

When you use our online brainstorm tool, the text and files you submit (“Prompts”) and the model outputs are sent via API to our AI providers Anthropic (Claude) and OpenAI to generate responses for you. These AI providers act as our service providers/processors and process data only on our instructions.

  • No model training on your API/business data by default: For business/API use, OpenAI states it does not use customer API or business data to train models by default. Anthropic provides similar commitments for commercial/API use.
  • Provider log retention: OpenAI may retain API inputs/outputs for up to 30 days to operate the service and detect abuse, after which they are removed, unless required by law.
  • Litigation preservation: OpenAI has disclosed that a current court preservation order requires it to retain consumer ChatGPT and certain API content going forward until the court lifts the order. This may temporarily override the standard 30-day removal timeline on OpenAI’s side.
  • What we store: Any Prompts and outputs you choose to save inside our product are stored by us as “User Content” until you delete them (see Retention).
  • Sensitive data: Please avoid submitting sensitive personal information (e.g., government IDs, precise geolocation, health information) in Prompts.

If you use consumer AI products outside of our app, their separate terms and privacy policies apply to that usage.

6) Subprocessors and key service providers

We share information with vendors who help us operate the Services, under contracts that limit their use of personal information to providing services to us:

  • Payments: Stripe (card processing, fraud prevention)
  • Analytics: PostHog (product analytics, events, cookies)
  • Error Monitoring: Sentry (diagnostics, performance, crash/error reporting)
  • AI Processing: Anthropic Claude and Open AI (model inference via API)
  • Documents & Collaboration: Google Docs/Drive (document storage and real-time editing, at your direction)

We may update this list as our stack evolves. We also share information when necessary to comply with law, protect rights and safety, respond to lawful requests, or in connection with a merger, acquisition, or asset transfer (we’ll notify you if your personal information becomes subject to a different policy).

We do not sell personal information and we do not share personal information for cross-context behavioral advertising (as those terms are defined under California law).

7) Human-led services & live sessions

  • Your User Content is accessible only to the assigned editor(s) and limited authorized personnel who are bound by confidentiality obligations.
  • Live sessions (video/voice): We do not record sessions unless we disclose it to you in advance and you consent. If a recording is made with your consent, we’ll tell you where it’s stored, who can access it, and for how long.

8) Retention

We keep personal information only as long as necessary for the purposes described above, including to comply with legal, accounting, or reporting requirements.

  • Account & Profile: for the life of your account and up to 2 years after closure (unless a longer period is required by law).
  • User Content (ideas, drafts, files, comments): until you delete it or close your account; routine backups may persist for 30–90 days.
  • Transactions & Tax Records: typically 7 years.
  • Analytics & Logs: typically 30–180 days, then aggregated or deleted.
  • Support & Scheduling: typically 2 years after last interaction.

We will also retain information as needed to resolve disputes, enforce agreements, and meet legal obligations.

9) Your choices & controls

  • Access/Update: You can access and update account details through your account or by contacting us.
  • Delete: You can delete saved ideas and uploaded files from within the product (where available) or ask us to delete them.
  • Marketing: You can opt out of non-essential emails via unsubscribe links or by contacting us.
  • Cookies: See Cookies & similar technologies below for consent and controls.

10) California privacy disclosures (CPRA/CCPA)

If you reside in California, the California Consumer Privacy Act (as amended by the CPRA) grants you rights over your personal information.

A. Categories we collect

Identifiers (e.g., name, email, device IDs), commercial information (purchases), internet/technical activity (usage, logs), approximate geolocation (from IP), user-generated content, audio/visual (only if you consent to a recording), professional/education information you choose to share with us, and inferences (e.g., feature usage). We do not intentionally collect sensitive personal information, and we do not use or disclose personal information to sell it or to share it for cross-context behavioral advertising.

B. Sources

You (directly), your devices (automatic collection), our service providers (payments, analytics, diagnostics), and documents you direct us to access.

C. Purposes

See How we use information above.

D. Your CPRA rights

  • Right to know/access the categories and specific pieces of personal information we collected about you.
  • Right to delete personal information (subject to legal exceptions).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale/share (not applicable—we do not sell/share personal information as defined by CPRA).
  • Right to limit use/disclosure of sensitive personal information (not applicable as we do not use it for inferrence beyond what’s necessary to provide the Services).
  • Right to non-discrimination for exercising your rights.

E. How to exercise your rights

Email us at contact@essay.cafe with the subject “CPRA Request.” We will verify your identity (e.g., by confirming control of your account email). You may also use an authorized agent; we may require proof of authorization and additional verification.

F. “Do Not Sell or Share” & GPC

Because we do not sell or share personal information for cross-context behavioral advertising, our Services honor Global Privacy Control (GPC) signals by treating them as opt-out preferences for any features that could be construed as sale/share in the future.

11) EU/UK data protection (GDPR/UK-GDPR)

If you are in the EEA or UK, Essay Cafe is the data controller for your personal data.

Legal bases

  • Contract: to provide the Services you request (including AI features and editing).
  • Legitimate interests: to secure, improve, and analyze the Services.
  • Consent: for non-essential cookies/analytics and certain marketing.
  • Legal obligation: tax, accounting, and compliance.

Your rights

You may request access, rectification, erasure, restriction, objection (including to processing based on legitimate interests), and data portability. You also have the right to lodge a complaint with your local supervisory authority. To exercise rights, contact contact@essay.cafe.

International transfers

We and many of our providers are in the U.S. Where required, we use Standard Contractual Clauses or other approved safeguards for transfers.

12) Cookies & similar technologies

We use:

  • Essential cookies for core functionality (authentication, security, load balancing).
  • Analytics cookies (e.g., PostHog) to understand feature usage and improve the product.

Your choices:

  • In regions where required, we obtain consent before setting non-essential cookies.
  • You can change your preferences through our cookie banner/manager and via browser settings (blocking or deleting cookies may impact functionality).
  • We honor GPC signals where feasible.

13) Security

We implement technical and organizational measures designed to protect your personal information.

Data-Breach Notification: If we become aware of a security incident that affects your personal data, we will notify you without undue delay in accordance with applicable law, describe the nature of the breach, the likely consequences, and the measures taken or proposed to mitigate its effects.

14) Third-party links

Our Services may link to third-party sites or services (e.g., payment pages, document tools). We are not responsible for their privacy practices. Review their policies before providing information.

15) Your responsibilities

  • Do not submit sensitive personal information in the brainstorm tool or uploads.
  • Manage sharing permissions when you invite collaborators to external documents (e.g., Google Docs).
  • Keep your account credentials confidential and use a strong, unique password.

16) Changes to this policy

If we make material changes, we will provide 30 days’ advance notice via email or an in-product banner before the new policy takes effect. Continued use after the effective date constitutes acceptance.

17) Contact us

Questions or requests about this Privacy Policy or your personal information:

Essay Cafe Email: contact@essay.cafe