Privacy Policy

Last updated: March 25, 2026

This Privacy Policy describes how Polishit (“we”, “us”, or “our”) collects, uses, and shares information when you use our AI-powered message rewriting service at polishit.io (“the Service”).

1. Information We Collect

We collect the following categories of information:

  • Account information: If you create a Polishit account, we collect your email address and any other information you provide during sign-up.
  • Message content: Text you submit to the Service for rewriting. This content is sent to our AI provider to generate the rewritten output and is not stored by us beyond the duration of your request.
  • Usage data: Information about how you use the Service, including the number of rewrites performed, selected tones, and timestamps. Free-tier usage is tracked via a browser cookie and local storage to enforce daily limits.
  • Payment information: If you subscribe to the Pro Plan, your payment is processed by Stripe. We do not receive or store your full card details — only a Stripe customer ID and subscription status.
  • Technical data: Standard server logs including IP address, browser type, device type, and pages visited. This data is used for security, debugging, and service improvement.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process subscription payments and manage your account
  • Enforce daily usage limits for free-tier users
  • Respond to your support requests and inquiries
  • Send transactional emails (e.g., payment receipts, account notifications)
  • Detect and prevent fraud, abuse, or violations of our Terms of Service
  • Comply with legal obligations

We do not sell your personal information. We do not use your message content to train AI models.

3. Third-Party Services

We share data with the following third-party service providers as necessary to operate the Service:

  • Anthropic: Your submitted text is sent to Anthropic’s API to generate AI-powered rewrites. Anthropic processes this data under its own Privacy Policy. As of this policy’s date, Anthropic does not use API inputs to train its models.
  • Stripe: Payment processing for Pro subscriptions. Stripe collects and stores your billing information under its own Privacy Policy.
  • Memberstack: Account authentication and membership management. Memberstack stores your email address and account data under its own Privacy Policy.
  • Vercel: Hosting and infrastructure. Vercel may process server request logs containing IP addresses and request metadata.

4. Cookie Policy

We use the following cookies and browser storage:

  • _pi_usage (httpOnly cookie): Stores your daily rewrite count to enforce the free-tier limit. Contains only a usage count and today’s date. Expires after 2 days.
  • _pi_usage (localStorage): A client-side mirror of the above used to display your remaining rewrites in the UI without an extra server round-trip.
  • Session cookies: Set by Memberstack for authentication purposes. These are necessary for logged-in features and cannot be disabled without logging out.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. You can clear browser storage and cookies at any time through your browser settings, though this will reset your free usage counter.

5. Data Retention

We retain your information as follows:

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion upon request.
  • Message content: Not stored. Text submitted for rewriting is processed in real time and discarded after the response is returned.
  • Payment records: Retained for a minimum of 7 years as required by applicable tax and financial regulations.
  • Usage logs: Retained for up to 90 days for security and debugging purposes, then deleted.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your account and associated personal data. To delete your account, email support@polishit.io with the subject “Delete my account”.
  • Data export: Request an export of your personal data in a portable format. Email support@polishit.io to make this request.
  • Opt out of marketing: We send very few marketing emails. You can unsubscribe from any such email using the unsubscribe link, or by contacting us directly.

To exercise any of these rights, contact us at support@polishit.io. We will respond within 30 days.

7. Data Security

We use industry-standard measures to protect your data, including HTTPS encryption for all data in transit. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at support@polishit.io.

Terms of ServiceContact Us