● Cherry

Privacy Policy

Last updated April 24, 2026

This policy explains what data Cherry collects, what we do with it, who else sees it, and how you can control it. We try to collect as little as possible and to be clear about the rest.

If something here is unclear, email hello@cherrydraft.com and we’ll explain.

The short version

  • We store your account info, your screenplays, and your usage of Cherry. That’s essentially it.
  • We do not sell your data. We do not show ads. We do not train AI models on your writing.
  • We use a small set of trusted vendors (Stripe for payments, Anthropic for AI, Supabase for database, Resend for email, Vercel for hosting) and they’re bound by their own privacy commitments.
  • You can export your data, request deletion, or correct what we have on you at any time.

What we collect

Account info

When you sign up, we store your email and a hashed password. If you change your name, billing info, or other profile details, we store those too.

Your screenplays and writing

Cherry stores the screenplays you write, the character profiles you build, the prose you feed into the prose-to-screenplay tool, and the AI tool runs you invoke. This is the core data Cherry exists to manage.

Usage data

We track how many tool runs and Deep Reads you use each month (for billing limits) and aggregate metrics like how often each tool is used (for product decisions). We do not track what you’re writing about — only that a tool was invoked.

Payment info

Stripe handles all card data. We never see your full card number; we only receive a token (e.g. cus_xyz) we can use to charge you again or open the Stripe Customer Portal. The last four digits of your card and its brand are stored with Stripe and we can display them to you, but we never have the full PAN.

Technical info

Like most web services, we automatically receive your IP address, browser type, and request timestamps in our server logs. We use these for security (detecting abuse, debugging crashes) and not for advertising or profiling.

Cookies

We use a small number of essential cookies for keeping you signed in. We do not use third-party advertising cookies or tracking pixels.

How we use this data

We use the data above to:

  • Run Cherry — show your screenplays, save your edits, authenticate you, deliver email
  • Bill you accurately and meter your tier limits
  • Send transactional emails (welcome, payment receipts, security alerts)
  • Improve the product (which features get used, where bugs happen)
  • Detect abuse, prevent fraud, and enforce our Terms of Service

What we do NOT do

  • We do not sell your data. Not to advertisers, not to data brokers, not to anyone.
  • We do not train AI on your writing. Anthropic’s commercial API does not train on submitted content by default. We have not opted into any program that would change that. Your screenplays remain yours.
  • We do not show ads. Cherry has one revenue source: paid subscriptions.
  • We do not share your screenplays with anyone except when required to operate the service (e.g. sending the relevant scene to Anthropic when you invoke a Reader Simulator run).

Vendors that touch your data

Cherry runs on a small stack. These services see specific slices of your data in the course of operating Cherry:

  • Stripe (payment processing) — sees your email, billing info, and payment method. PCI-DSS Level 1 compliant. Privacy: stripe.com/privacy
  • Anthropic (AI tools) — sees the screenplay content you send to AI tools (the relevant scene, character profile, prompt). Does not train on API submissions. anthropic.com/privacy
  • Supabase (database + auth) — stores your account, screenplays, and usage data. Hosted in the US. supabase.com/privacy
  • Vercel (hosting) — serves the website and API. Sees request metadata and logs. vercel.com/legal/privacy-policy
  • Resend (transactional email) — sees your email address and the messages we send you (welcome, receipts, alerts). resend.com/legal/privacy-policy

We pick vendors who treat data carefully. If we add or change vendors, we’ll update this list.

Data location

Cherry is operated from the United States. Your account data and screenplays are stored on US-based servers (Supabase). If you access Cherry from outside the US, your data is transferred to and processed in the US. By using Cherry, you consent to this transfer.

For users in the European Economic Area, the United Kingdom, or Switzerland, this transfer is supported by Standard Contractual Clauses where applicable.

How long we keep data

Your account data and screenplays stay until you delete them. Closed accounts get a 30-day grace period (in case you change your mind), then we delete the data. Backups age out within 90 days of original deletion.

Server logs (IP addresses, request data) are kept 30 days for debugging and security, then deleted.

Billing records (invoices, payment history) we keep for 7 years as required for tax and accounting.

Your rights

Depending on where you live, you have rights over your data. We honor these regardless of location:

  • Access — you can see what we have on you by emailing us.
  • Export — you can download your screenplays via the export feature in Cherry, and request a full data export by email.
  • Correction — you can fix incorrect data via your account settings or by emailing us.
  • Deletion — you can delete individual screenplays or your whole account at any time. Account deletion removes everything within 30 days.
  • Restriction — you can ask us to limit how we process your data. We’ll do what we can without breaking the service.
  • Objection — you can object to specific uses. We don’t do profiling or automated decision-making beyond standard authentication and billing, so this rarely comes up, but the right is yours.

To exercise any of these, email hello@cherrydraft.com from the address on file. We respond within 30 days.

For California residents (CCPA)

California residents have the rights described above plus the right to know whether we’ve sold your personal information in the last 12 months. The answer is no. We do not sell personal information as defined by the CCPA, and we do not knowingly do so for users under 16.

Children

Cherry isn’t designed for users under 13 and we don’t knowingly collect data from them. If you believe a child under 13 has created an account, email us and we’ll remove it promptly.

Security

We use industry-standard security: HTTPS everywhere, hashed passwords, encrypted backups, vendor-managed key storage. No system is perfect, but we take this seriously and respond to reported vulnerabilities quickly. Email hello@cherrydraft.com for any responsible disclosure.

Changes to this policy

We’ll update this policy as Cherry evolves. Material changes come with notice (email or in-app banner) at least 30 days before taking effect.

Contact

Cherry Draft, Inc.
Fayetteville, Arkansas
Email: hello@cherrydraft.com

This policy is provided as a starting point. It is not legal advice and has not been reviewed for your specific jurisdiction. If you operate a business that depends on this policy, consult a qualified privacy attorney.