Premise
Contents
This policy describes how Tanigh Clark, doing business as Premise (“Premise,” “we,” “us”) handles information when you use premise.systems (the “Service”), an AI-assisted book-writing tool. It should be read together with our Terms of Service.
Two commitments up front: we do not sell your personal information, and we do not use your creative work to train AI models.
When you sign up — by email and password or with Google — our authentication provider (Clerk) handles your credentials, and we receive your email address, basic profile information from Google sign-in if you use it (such as your name), and the identifiers needed to link your account. We never see or store your password.
The substance of the Service: your book ideas, premises, descriptions, instructions, project settings, workshop-chat messages, and everything the Service generates for your projects (story bibles, plots, chapters, drafts). This is stored in our database, isolated per account.
To run, debug, secure, and account for the cost of the Service, we keep operational records. This includes logging the prompts sent to our AI providers — which contain your creative content — along with the model used, token counts, generation timing, compute cost, and which generation run they belonged to. We log this because each generation costs real compute and because diagnosing failures requires seeing what was actually sent. Our web server also keeps standard access logs (IP address, pages and endpoints requested, timestamps), and we apply per-account rate limits.
Paid subscriptions are processed by Stripe through our billing provider. We never receive or store your full card number. We keep records of your plan, subscription status, and billing periods.
We use essential cookies only — the session cookies our authentication provider needs to keep you signed in. We do not currently use advertising or cross-site tracking cookies.
When you run a generation stage or use workshop chat, your input and relevant project content are sent to third-party AI providers to produce the result: OpenAI and Anthropic for text generation, and Voyage AI for embeddings (a numerical representation of text that powers retrieval features like chat’s awareness of your project). These providers process your content as our service providers via their business APIs.
We do not train AI models on your content. Under the API terms we use, our AI providers do not use business-API content to train their models by default. If that ever changes for any provider we use, we will update this policy and the processor table before it affects you.
We use a small set of providers to run Premise. Each receives only what its role requires:
| Provider | Role | What it handles |
|---|---|---|
| Clerk | Authentication & billing platform | Your sign-in credentials, email, session cookies; subscription management |
| Stripe | Payment processing | Your payment details and transactions (we never store card numbers) |
| Neon | Database hosting | Your account records, projects, generated content, operational logs |
| OpenAI | AI text generation | Prompts containing your creative input and project context |
| Anthropic | AI text generation | Prompts containing your creative input and project context |
| Voyage AI | Text embeddings | Project text embedded for retrieval features |
| ElevenLabs | Text-to-speech | Manuscript text you choose to listen to, converted to audio |
| Cloudflare R2 | Audio file storage | Generated audio files, served via short-lived private links |
| Optional sign-in (OAuth) | Confirms your identity if you choose Google sign-in | |
| DigitalOcean | Application hosting | Runs our servers; server access logs (including IP addresses) |
| Google Analytics | Website analytics (consent-gated) | Aggregate traffic and engagement on our public pages; loads only after you accept analytics cookies |
Our infrastructure and providers operate in the United States.
Cookies and local storage. Premise uses essential cookies (your Clerk session) and stores some functional settings in your browser. Our public pages also use Google Analytics, which loads only after you accept analytics cookies. For details and to change your choice, see our Cookie Policy.
We share personal information only: with the service providers above, to operate the Service; when required by law or valid legal process; to protect the rights, safety, or security of users, the public, or the Service (including investigating Acceptable Use violations); and as part of a business transfer (merger, acquisition, or sale of assets), in which case this policy continues to apply until changed with notice. We do not sell personal information and we do not share it for cross-context behavioral advertising.
Wherever you live, we extend these basics to you:
U.S. state privacy laws (such as the CCPA/CPRA and similar laws): residents of those states may have rights to know, access, correct, delete, and to opt out of “sales” or “sharing” of personal information. We do not sell or share personal information as those laws define it, and we do not use sensitive personal information beyond what is necessary to provide the Service. To exercise rights, contact us; we will verify your request via your account email and will not discriminate against you for exercising rights.
Massachusetts residents: Massachusetts protects personal information through its data security regulation (201 CMR 17.00) and breach notification law (M.G.L. c. 93H). The Massachusetts Consumer Data Privacy Act, recently passed by the legislature, will phase in additional rights; we already extend its core rights — access, correction, deletion, and export — to everyone, and we will honor Massachusetts-specific rights as they take effect.
EU/UK visitors: the Service is operated from the United States and is not currently directed at the EU or UK. If you use it from there, the legal bases for our processing are performance of our contract with you (providing the Service), our legitimate interests (security, operations), and consent (marketing); you may have additional rights under the GDPR/UK GDPR, which we will honor on request.
We take security seriously and design for it: all traffic is encrypted in transit (TLS); every account’s data is isolated at the database layer with row-level security enforced on every query; the application connects to the database with a least-privilege role that cannot bypass that isolation (and refuses to start in production if it could); access credentials are restricted to the minimum each system needs. We maintain a written information security program consistent with Massachusetts 201 CMR 17.00. No system is perfectly secure; if a breach affects your personal information, we will notify you and regulators as applicable law requires (including M.G.L. c. 93H).
The Service is for adults. We do not knowingly collect personal information from anyone under 18 (see the Terms of Service eligibility section). If we learn we have, we will delete it; contact us if you believe a minor has provided us information.
We are based in the United States and process information there. If you use the Service from elsewhere, you understand your information is transferred to and processed in the U.S., where privacy laws may differ from your jurisdiction’s.
We will update this policy as the Service evolves — for example, when billing goes live or when self-serve export ships. We use Google Analytics on our public pages, loaded only after you accept analytics cookies (see our Cookie Policy). For material changes we will give notice (email or in-product) before they take effect, and the “Last updated” date above always reflects the current version.
Privacy questions and requests: support@premise.systems.