Spine

Privacy practices

Last updated 2026-04-27. This page is the human-readable summary of what we do with your data.

Your manuscripts are not training data.

Spine is an editorial workspace, not a training pipeline. We do not use your manuscript text, annotations, or chat transcripts to train any model — ours or anyone else's. When we send your text to a model provider (Anthropic by default; OpenAI or Google if you configure BYOK), the request is governed by that provider's data-use terms. We use the API endpoints with the strongest no-training defaults available.

What we store, and where.

  • Account info: email, optional display name, hashed password (scrypt). Stored in our SQLite database, encrypted at rest by your hosting provider's disk encryption.
  • Manuscript text: stored in the same database. Private to your account by default. Org-shared projects are visible only to org members per their role. Public-link visibility is opt-in per project.
  • Provider keys (BYOK): AES-256-GCM encrypted at rest using a server-only keyring (SPINE_KEYRING_SECRET). We decrypt them in-memory only at request time. Keys are never logged, never returned to clients, and never sent anywhere except the provider you bound them to.
  • Sessions: a server-side row in the sessions table plus a signed cookie. Default TTL 30 days. You can revoke any session by signing out.
  • Audit trail: we keep an append-only log of authentication events, project mutations, and BYOK changes for security forensics. Logs do not contain manuscript text.

What we send to model providers.

When you run Ask, the editor brief, character chat, or any other AI surface, we send the relevant prompt (system + user message + tool definitions) and the necessary context (the manuscript or selected scenes) to the provider. We do not send your email, account ID, or any other personal information. The provider's response and usage metadata return to us; we cache the parsed output (model-independent, by content hash) so that re-runs and tier upgrades are instant and free.

Cookies and trackers.

We set cookies for two purposes: a signed first-party demo session cookie (anonymous; expires in 30 days; cleared on cookie reset) and a signed authenticated-session cookie (when you sign in; revocable from the settings page). We do not load third-party analytics, advertising, or tracking scripts on any page Spine controls.

Email.

We email you only for transactional reasons: magic-link sign-in, team invites, and waitlist updates you opted into. We never sell your email or share it with anyone. Every email has a clear unsubscribe path; we honor it on the next send cycle.

Deletion.

You can delete your account at any time from the settings page. Deletion is immediate for all rows we own (user, sessions, manuscripts, annotations, BYOK keys, audit log). Cached LLM responses tied to your manuscripts are dropped within 24 hours. We have no way to recall data already returned to you or to model providers.

Children.

Spine is not directed at children under 13. We do not knowingly accept accounts from anyone under 13.

Reach us.

Questions about this page or how we handle a specific situation: support@rodyr.com. Security disclosures: see the /security page.

Spine by Argonode Studio · A brand of Rodyr, Inc. · Registered office: 1111B S Governors Ave Suite 55111, Dover, DE 19904, United States.

Privacy practices — Spine · Spine