Your draft goes in, and no one else can see it.
Writers are careful about who reads an unfinished script — rightly so. Here is exactly what happens to your pages when you hand them to the lab, in plain terms and in technical ones.
Anonymous sessions
There is no account to create. No email, no password, no profile. You arrive, upload, get your report, and leave — and at no point does the service learn your name or attach your script to your identity.
What that means in practice
- No sign-up form — you are never asked who you are.
- A short-lived session token is the only thing linking you to your work — it isn't tied to an email or a login.
- We can’t hand your script to anyone who asks, because we have no way to look up "the script that belongs to you."
Under the hood: Sessions are anonymous tokens generated with nanoid; there is no user table, no email store, no auth provider.
It deletes itself within 24 hours
Your report — and the encrypted script behind it — is on a timer from the moment it's created. Within a day it is gone, automatically, whether or not you come back. This isn't a policy we promise to honour by hand; the storage itself expires the data.
What that means in practice
- Reports live for a maximum of 24 hours, then vanish.
- The script you uploaded is held only long enough to run the analysis, then expires too.
- You can incinerate a report yourself, immediately, from the report page — you don't have to wait for the timer.
Under the hood: Every stored key carries a TTL — reports expire at 24h, pending uploads at 1h. Expiry is enforced by the datastore, not by application code we could forget to run.
Your writing never trains an AI
Your pages are read once, to produce your report, and then they're done. They are not added to a training set, not kept as “examples,” not used to improve a model — not ours, and not the model provider's. The only thing your script produces is the analysis you paid for.
What that means in practice
- No part of your screenplay is retained to train or fine-tune a model.
- Requests to the language model run with training turned off at the provider level.
- Your ideas stay yours. Nothing you upload can resurface in someone else's results.
Under the hood: Analysis is sent to the model provider with data-retention and training disabled; combined with 24-hour expiry, there is no copy of your work left to learn from.
Encrypted in transit and at rest
From your browser to the lab, your script travels over an encrypted connection — the same standard your bank uses. And while it waits to be analysed, it’s stored scrambled, so even a look inside the database shows nothing readable.
What that means in practice
- The upload itself is protected in transit by HTTPS/TLS.
- On our side it's encrypted before it's stored, so it never sits in plain text.
- The encrypted copy expires within hours — encryption and deletion work together.
Under the hood: Pending scripts are encrypted at rest with AES-256-GCM; transport is TLS. Keys are never committed to code or logs.