Data Processing

Transparent information about how we handle your data

Our Approach to Data Processing

Silent Scribe is built on the principle of data minimization and local processing. This page provides detailed, technical information about how we handle different types of data in our systems.

Core Principle

Local-First Processing: Your writing, code, and documents are processed entirely on your local device. We never see, store, or analyze your content.

Content Processing (Local Only)

Writing Assistant Processing

What Happens Locally

  • Text Analysis: Grammar, style, and clarity checking happens in your device's memory
  • Rule Engine: Style guide enforcement runs locally using embedded rule sets
  • Terminology Checking: Custom dictionaries and terminology lists stored and processed locally
  • Context Understanding: Code awareness and technical writing analysis performed on-device
  • Suggestions: All writing recommendations generated by local AI models

Technical Implementation

Processing Location

All content analysis happens in your computer's RAM. Text is never written to temporary files, logs, or persistent storage during processing.

Data Flow

Your IDE → Silent Scribe Extension → Local NLP Engine → Suggestions back to IDE. No network requests or external API calls for content analysis.

Memory Management

Processing memory is automatically cleared after analysis. No content persists in memory beyond the immediate processing session.

What We Never Process Remotely

  • Document content, text, or any writing you're working on
  • Code snippets, comments, or technical documentation
  • API keys, passwords, or sensitive strings in your files
  • File names, paths, or project structure information
  • Custom terminology, dictionaries, or style configurations
  • Writing patterns, corrections, or usage statistics

Website Data Processing

Beta Signup Information

Data TypeProcessing PurposeLegal BasisRetention
Email AddressBeta communication, updates, early access deliveryConsentUntil unsubscribe + 30 days
GitHub UsernameUnderstanding development context, optionalLegitimate InterestUntil program completion
Tool PreferencesProduct development, feature prioritizationLegitimate InterestAggregated indefinitely
Use Case DescriptionBetter beta experience, feature developmentLegitimate InterestUntil program completion

Data Processing Activities

Collection

Data collected through web forms with explicit consent and clear purpose statements.

Storage

Encrypted storage in EU-based Supabase infrastructure with access controls and audit logging.

Processing

Automated email sending, manual review for product insights, aggregation for analytics.

Access

Limited to authorized team members on need-to-know basis with full audit trail.

Email Processing and Automation

SendGrid Integration

We use SendGrid as our email service provider to deliver beta program communications and updates.

Data Shared with SendGrid

  • • Email addresses for delivery purposes only
  • • First name (if provided) for personalization
  • • Email content and templates
  • • Delivery preferences and unsubscribe status

SendGrid's Role

  • • Data Processor under GDPR (we remain Data Controller)
  • • Email delivery and bounce handling
  • • Basic engagement metrics (opens, clicks) - aggregated only
  • • Unsubscribe management and compliance

Email Event Processing

Event TypeData CollectedProcessing PurposeIndividual Tracking
Email SentTimestamp, campaign IDDelivery confirmationNo
Email OpenedTimestamp (aggregated)Campaign effectivenessNo
Link ClickedLink destination (aggregated)Content effectivenessNo
UnsubscribeEmail address, timestampCompliance, preference managementYes (required)
Bounce/FailureEmail address, error typeDelivery troubleshootingTemporary only

Website Analytics Processing

Plausible Analytics Implementation

We use Plausible Analytics, a privacy-focused analytics platform that doesn't use cookies or track individual users across sessions.

What We Track

  • • Page views (anonymous)
  • • Referrer sources (which sites link to us)
  • • General geographic regions (country/state)
  • • Device categories (mobile/desktop)
  • • Popular content and user flows

What We Don't Track

  • • Individual users or sessions
  • • Personal identifiers or IP addresses
  • • Cross-site tracking or cookies
  • • Detailed behavioral patterns
  • • Any personally identifiable information

Analytics Data Processing

  • Collection Method: Lightweight JavaScript beacon with minimal data payload
  • Data Anonymization: IP addresses are immediately anonymized and not stored
  • Aggregation: All data is aggregated and cannot be traced back to individuals
  • Retention: Analytics data retained for 24 months for trend analysis
  • Access: Only aggregate reports accessible to authorized team members

Third-Party Data Processors

We work with a minimal set of trusted service providers who act as data processors under GDPR. All have appropriate data processing agreements and security measures in place.

Supabase

Database & Backend
Data Processed:

Beta signup data, email preferences, account information

Security Measures:

EU servers, encryption at rest/transit, SOC 2 Type II, GDPR compliant

Data Location:

European Union (Frankfurt, Germany)

Access Controls:

Role-based access, audit logging, MFA required

SendGrid

Email Services
Data Processed:

Email addresses, email content, delivery events

Security Measures:

SOC 2 Type II, ISO 27001, encryption, DPA signed

Data Location:

United States (Standard Contractual Clauses)

Retention:

Email events retained for 30 days, addresses until unsubscribe

Plausible Analytics

Website Analytics
Data Processed:

Anonymous page views, referrers, device categories

Security Measures:

No cookies, no personal data, GDPR compliant by design

Data Location:

European Union

Privacy Features:

No cross-site tracking, no user profiles, aggregated data only

Your Data Rights and Controls

GDPR Rights Implementation

Right to Access (Article 15)

Request a complete copy of all personal data we hold about you.

Implementation: Email data-export@silentscribe.dev with verification. Response within 30 days with structured data export.

Right to Rectification (Article 16)

Correct any inaccurate or incomplete personal data.

Implementation: Email corrections to hello@silentscribe.dev. Updates processed within 48 hours.

Right to Erasure (Article 17)

Request complete deletion of your personal data from our systems.

Implementation: One-click unsubscribe or email deletion request. Complete removal within 48 hours, confirmed via email.

Right to Portability (Article 20)

Receive your data in machine-readable format for transfer to another service.

Implementation: JSON export including all signup data, preferences, and communication history available on request.

Automated Processing and Decisions

No Automated Decision Making

Silent Scribe does not use automated decision-making or profiling that produces legal effects or significantly affects individuals. All beta program decisions and communications involve human review.

Data Protection Contact

Data Protection Queries

Data Protection Officer:privacy@silentscribe.dev
Data Requests:data-export@silentscribe.dev
General Privacy Questions:hello@silentscribe.dev
Response Time:Within 30 days for formal requests, 48 hours for general queries

For more information about our privacy practices, please see ourPrivacy Policy andSecurity pages.