Skip to main content
Built&Written
Log inWrite a Bestseller

Data, Security & Privacy

Exactly how we store, protect, and handle your writing samples, Voice DNA profiles, and personal data.

Last updated: May 2026

Infrastructure & Encryption

Built&Written runs on Supabase (database and file storage) hosted on AWS, and Vercel (application layer). Both providers encrypt data at rest using AES-256 and in transit using TLS 1.2+.

  • Database rows (account info, book content, Voice DNA settings) — AES-256 encryption at rest via Supabase/AWS RDS.
  • Uploaded files (writing samples, cover images, exports) — stored in Supabase Storage (AWS S3) with server-side encryption.
  • All traffic between your browser and our servers — TLS 1.2+ enforced; HTTP connections are redirected to HTTPS.
  • Application hosting on Vercel's edge network with DDoS protection and automatic TLS certificate management.

Voice DNA

Voice DNA is the writing-style profile you create by pasting samples of your own text. Here is exactly what happens to those samples:

  • Stored in your account only. Your Voice DNA samples are stored in your private account record in our database, encrypted at rest. They are not shared with other users.
  • Used only to generate your content. Samples are sent to our AI provider (for the duration of your request) solely to generate text in your style. They are not retained by the AI provider beyond that request.
  • Not used to train AI models. Your writing samples are never used to fine-tune, retrain, or otherwise improve any AI model — ours or third-party.
  • Retention. Voice DNA samples are kept as long as your account is active, or until you delete them yourself from your account settings, or request account deletion.
  • Deletion. You can delete your Voice DNA profile at any time from the editor settings. Deletion removes the samples from our database within 30 days of your request, including backups.

Uploads & Content

Any files you upload — writing drafts, notes, cover images, or exported books — are stored in your private Supabase Storage bucket. Row-level security policies ensure only you (and authorized Built&Written staff for support purposes) can access your files.

  • Files are isolated per user account — other users cannot access your uploads.
  • You retain full ownership of all content you create or upload.
  • Generated books and exports are stored temporarily and can be re-downloaded from your dashboard at any time.

AI & Model Training

We do not use your content to train any AI model.

Your writing samples, Voice DNA profiles, book drafts, and uploaded files are never used for:

  • Training, fine-tuning, or distilling AI or machine learning models.
  • Improving AI outputs for other users.
  • Any form of model development or research.

Requests sent to our AI providers are subject to their data-processing agreements, which prohibit using API customers' data for training without explicit opt-in consent.

Payments

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Built&Written never sees or stores your card number, CVV, or full payment details. Stripe handles tokenization and vault storage. You can manage or cancel your subscription at any time from your account settings.

Access Controls

  • User data is accessible only to the account owner and authorized Built&Written team members who need access to provide support.
  • Internal access to production data is logged and audited.
  • Authentication is managed by Supabase Auth with bcrypt password hashing. You can also sign in via Google OAuth.
  • Sessions are protected with secure, HTTP-only cookies. Tokens are rotated on each session refresh.

Retention & Data Deletion

We keep your data as long as your account is active. You can request full deletion of your account and all associated data at any time:

  1. Email support@builtwritten.com with the subject line "Delete my account".
  2. We will confirm your identity and process the request within 30 days.
  3. Deletion includes: account record, Voice DNA samples, uploaded files, book drafts, and generated exports.
  4. Backup copies are purged on a rolling 30-day cycle after deletion.

Some anonymized, non-identifiable transaction records may be retained for legal and accounting purposes as required by law.

Contact & Reporting

For security questions, data requests, or to report a vulnerability, contact our team:

You can also review our Privacy Policy and Terms of Service for full legal details.