Privacy Policy

The data controller for personal data processed through Scriptorium.works is the operator of Scriptorium.works, reachable at [email protected].

Account data: Name or pseudonym, email address, username, password (hashed), country, language preference, profile photo (optional), biography (optional).

Transaction data: Payment records, purchase history, payout records. We do not store full card numbers — all payment data is handled by our payment processor.

Content metadata: Titles, descriptions, tags, and metadata of content you upload. We do not read or store the full text of unpublished manuscripts beyond what is necessary to fulfill a transaction.

Communications: Messages sent through the Platform's internal chat system, support tickets, dispute communications.

Technical data: IP address, browser type, operating system, device type, pages visited, session duration, referring URLs.

Copyright certificate data: If you use the /protect service, we store the SHA-256 hash, declared author name, declared title, timestamp, and blockchain anchoring receipt. We do not store file contents.

We use your data to: create and manage your account; process transactions, payments, and payouts; enable communication between buyers and sellers; provide customer support and resolve disputes; send transactional emails; detect fraud and policy violations; comply with legal obligations; improve Platform performance via aggregated, anonymized analytics.

We do not: sell your personal data to third parties; use your content to train AI or machine learning models; send marketing emails without your explicit opt-in consent; use behavioral tracking for targeted advertising.

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Platform services you requested.

Legitimate interests (Art. 6(1)(f)): Fraud prevention, security, Platform improvement using anonymized analytics.

Legal obligation (Art. 6(1)(c)): Tax records, anti-money-laundering compliance, responding to court orders.

Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies, where applicable.

We share your data only with: our payment processor; our database and authentication provider (data stored in EU data centers); our security and content delivery provider; our hosting provider; the public blockchain timestamping service (only the SHA-256 hash is transmitted — no personal data, no file contents); law enforcement where required by valid legal process.

All third-party processors are bound by data processing agreements compliant with GDPR Article 28.

Account data: Retained while your account is active, plus 2 years after deletion.

Transaction records: 10 years (required by EU/Romanian accounting and tax law).

Messages: 3 years after the last message.

Copyright certificate records: Indefinitely.

Technical logs: 90 days.

If you are located in the EU/EEA or UK, you have the right to: Access, Rectification, Erasure ("right to be forgotten"), Restriction, Data portability, Objection, and Withdrawal of consent.

To exercise any right, contact us at [email protected]. We will respond within 30 days.

We use only essential cookies necessary for Platform functionality. See our Cookie Policy for details.

Your data may be processed in countries outside the EU/EEA, including the United States, where some of our third-party service providers may be located. All such transfers are made under Standard Contractual Clauses (SCCs) approved by the European Commission.

The Platform is not directed at users under 16 years of age. Contact [email protected] if you believe we have inadvertently collected data from a child.

We will notify registered users by email at least 14 days before any material changes take effect.

Data protection inquiries: [email protected]