Safety & privacy

Your draft goes in, and no one else can see it.

Writers are careful about who reads an unfinished script — rightly so. Here is exactly what happens to your pages when you hand them to the lab, in plain terms and in technical ones.

◇ Who you are

Anonymous sessions

There is no account to create. No email, no password, no profile. You arrive, upload, get your report, and leave — and at no point does the service learn your name or attach your script to your identity.

What that means in practice

  • No sign-up form — you are never asked who you are.
  • A short-lived session token is the only thing linking you to your work — it isn't tied to an email or a login.
  • We can’t hand your script to anyone who asks, because we have no way to look up "the script that belongs to you."

Under the hood: Sessions are anonymous tokens generated with nanoid; there is no user table, no email store, no auth provider.

◷ How long we keep it

It deletes itself within 24 hours

Your report — and the encrypted script behind it — is on a timer from the moment it's created. Within a day it is gone, automatically, whether or not you come back. This isn't a policy we promise to honour by hand; the storage itself expires the data.

What that means in practice

  • Reports live for a maximum of 24 hours, then vanish.
  • The script you uploaded is held only long enough to run the analysis, then expires too.
  • You can incinerate a report yourself, immediately, from the report page — you don't have to wait for the timer.

Under the hood: Every stored key carries a TTL — reports expire at 24h, pending uploads at 1h. Expiry is enforced by the datastore, not by application code we could forget to run.

◈ What we do with it

Your writing never trains an AI

Your pages are read once, to produce your report, and then they're done. They are not added to a training set, not kept as “examples,” not used to improve a model — not ours, and not the model provider's. The only thing your script produces is the analysis you paid for.

What that means in practice

  • No part of your screenplay is retained to train or fine-tune a model.
  • Requests to the language model run with training turned off at the provider level.
  • Your ideas stay yours. Nothing you upload can resurface in someone else's results.

Under the hood: Analysis is sent to the model provider with data-retention and training disabled; combined with 24-hour expiry, there is no copy of your work left to learn from.

⛨ How it travels

Encrypted in transit and at rest

From your browser to the lab, your script travels over an encrypted connection — the same standard your bank uses. And while it waits to be analysed, it’s stored scrambled, so even a look inside the database shows nothing readable.

What that means in practice

  • The upload itself is protected in transit by HTTPS/TLS.
  • On our side it's encrypted before it's stored, so it never sits in plain text.
  • The encrypted copy expires within hours — encryption and deletion work together.

Under the hood: Pending scripts are encrypted at rest with AES-256-GCM; transport is TLS. Keys are never committed to code or logs.

Start selection →