tome

Legal

Privacy.

Last updated: 29 May 2026

What we collect

The email you sign in with, the API keys you choose to add, and the content you create in the studio (manuscripts, chapters, voice profiles, cover designs, audiobooks, publishing destinations). That’s it. No tracking pixels, no third-party analytics in the writing experience.

How we use it

Your email is used for sign-in and transactional notifications (welcome, voice ready, audiobook ready, publish ready, billing alerts). Your API keys are decrypted only when you ask Tome to make a call. Your content is rendered back to you and exported when you publish or download.

How we store it

Manuscripts and metadata live in Supabase Postgres with row-level security so other writers can never see your work. API keys are encrypted with AES-256-GCM; the column holding the encrypted blob is revoked from the authenticated database role so even an authenticated SQL injection can’t read it. Decryption happens server-side only.

Bring your own storage

When you connect Google Drive or Dropbox, exports save to your own cloud. Tome holds only the OAuth refresh token (encrypted) needed to push files into the folder you authorise.

What we share

Nothing, except: (1) requests we make to your AI providers using your keys, on your behalf; (2) error reports to Sentry with PII redacted; (3) anonymised, aggregated usage metrics (page views, error rates) for service health. We don’t sell data, and we don’t use your content to train AI.

Sub-processors

Tome relies on Supabase (database + auth + storage), DigitalOcean (hosting), Stripe (payments), Resend (transactional email), Sentry (error monitoring), and the model providers you connect. Each operates under their own DPA.

Cookies

We use httpOnly cookies for authentication (session JWT) and OAuth state. No advertising or tracking cookies.

Your rights

You can export every work as PDF, EPUB, DOCX, Markdown, or M4B from inside the studio. You can delete a work permanently from the dashboard. To delete your entire account and all associated data, email [email protected] and we’ll process the deletion within thirty days.

GDPR + UK GDPR

The legal bases we rely on are: contract (operating the service you’ve subscribed to), legitimate interest (security monitoring, fraud prevention), and consent (the BYOS / publishing OAuth flows you initiate). Data subjects can exercise rights under GDPR / UK GDPR by emailing us.

Changes

Material changes to this policy will be announced by email at least thirty days in advance.

Contact

Privacy questions, deletion requests, complaints — [email protected].