Home Accessibility About How It Works
Legal
Terms Privacy NDA GDPR DMCA Cookies
Data rights for EEA, UK, and Swiss users

GDPR & EU Data Rights

Effective Date: April 5th, 2026

This page explains the rights and protections afforded to individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland under the General Data Protection Regulation ("GDPR"), the UK GDPR, and the Swiss Federal Act on Data Protection ("FADP"). Plotmi LLC ("Plotmi," "we," "us," or "our") is a United States-based company that provides a community platform for readers, writers, and people who love stories. This GDPR Policy supplements our Privacy Policy and forms part of our overall legal terms.

1. Data Controller

Plotmi LLC is the data controller responsible for personal data processed in connection with your use of the Plotmi platform.

  • Entity: Plotmi LLC
  • Jurisdiction: United States (California)
  • Privacy contact: support@plotmi.com

We do not currently have a designated EU representative. If our user base in the EEA grows beyond a threshold requiring one under Article 27 GDPR, we will appoint one and update this page.

2. Categories of Personal Data We Process

Depending on how you use Plotmi, we may process the following categories of personal data about you:

  • Account data: email address, handle, display name, password (hashed), date of registration.
  • Profile data: avatar, bio, stamps collected, Plotmi Letters earned, Vibes selections, reading or viewing preferences.
  • Content you submit: manuscripts, scripts, sneak peeks, full reports, promo posts, community posts, reactions, comments, Chatmi direct messages, Lab notes, cue cards, and any other creative or written content.
  • Voice data: optional voice memos you choose to record on Plotmi (in Full Reports for reader feedback, or in The Lab / Cue Cards for collaborator notes), and the AI-generated transcriptions of those memos.
  • Engagement data: behavioral signals such as time spent reading, navigation patterns, interactions with posts and stamps, votes, and other engagement metrics used to generate Plotmi reports for writers.
  • Technical data: IP address, browser type, device type, operating system, session timestamps, referrer URLs, and similar telemetry.
  • Payment data: billing email, transaction history, subscription tier. Full card details are processed by our payment processor (Stripe) and are not stored on Plotmi servers.
  • Communications: emails, support tickets, and any correspondence with us.
  • Cookies and similar technologies: as described in our Cookies Policy.

3. Legal Basis for Processing (Article 6 GDPR)

We process your personal data only when one of the following lawful bases applies. The table below maps our processing activities to their legal bases.

Processing Activity Lawful Basis
Creating and operating your account; delivering Plotmi services you've requested or paid for Performance of a contract (Art. 6(1)(b))
Processing payments and managing subscriptions Performance of a contract (Art. 6(1)(b))
Storing and analyzing creative content you upload for the purpose of generating reports to you Performance of a contract (Art. 6(1)(b))
Optional voice memo recording and transcription Explicit consent (Art. 6(1)(a)) — you choose to enable these features
Behavioral analytics that generate aggregate engagement insights Legitimate interests (Art. 6(1)(f)) — providing platform value; or contract performance for paid analytics
Sending you platform notifications, transactional emails, and security alerts Performance of a contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Marketing emails (newsletters, product updates, promotions) Consent (Art. 6(1)(a)) — you can opt out at any time
Fraud prevention, abuse detection, account security Legitimate interests (Art. 6(1)(f))
Complying with tax, accounting, and legal obligations Legal obligation (Art. 6(1)(c))
Responding to lawful requests from authorities, defending legal claims Legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f))

4. Special Category Data & Voice Recordings

Plotmi does not intentionally collect special category data under Article 9 GDPR (data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric or genetic data, sexual orientation, etc.).

However, you should be aware that:

  • Voice recordings. If you choose to enable Plotmi's optional voice memo features in Full Reports or The Lab, audio recordings of your voice will be processed for the limited purpose of producing a transcript. Voice recordings could qualify as biometric data under some interpretations of GDPR Article 9 if used to uniquely identify an individual. Plotmi does not use voice data for identification purposes. Voice features are entirely optional and require your explicit opt-in.
  • Creative content you submit. Manuscripts, scripts, and personal essays you upload may inadvertently contain special category information (e.g., autobiographical writing about your health, sexuality, religion, or political views). You retain control over what you upload. Plotmi does not analyze creative content for personal characteristics of the author.

If you do not wish to have voice data or sensitive creative content processed, do not upload it.

5. Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

5.1 Right of Access (Art. 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

5.2 Right to Rectification (Art. 16)

You have the right to ask us to correct inaccurate or incomplete personal data. Most profile data can be edited directly in your account settings.

5.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer needed for the purposes for which it was collected, or when you withdraw consent. We will honor erasure requests unless we have a legal obligation to retain the data (for example, tax or anti-fraud records).

5.4 Right to Restriction of Processing (Art. 18)

You have the right to ask us to limit how we use your data — for example, while we verify the accuracy of data you have contested.

5.5 Right to Object (Art. 21)

You have the right to object to processing of your data when we rely on legitimate interests as the legal basis. We will stop processing unless we have compelling legitimate grounds that override your rights.

5.6 Right to Data Portability (Art. 20)

For data we process by automated means based on consent or contract, you have the right to receive a copy of that data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.

5.7 Right to Withdraw Consent (Art. 7)

Where our processing is based on your consent (e.g., voice memos, marketing emails), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

5.8 Right Regarding Automated Decision-Making (Art. 22)

Plotmi uses automated systems to generate engagement analytics and reports based on reader interactions with creative work. These reports are informational only and do not produce legal effects or similarly significant effects for any individual user. Reports are not used to deny services, make hiring decisions, or otherwise impact your rights or opportunities. You have the right to request human review of any automated processing if you believe it materially affects you.

5.9 How to Exercise Your Rights

To exercise any of these rights, email us at support@plotmi.com with the subject line "GDPR Request" and include:

  • The right you wish to exercise.
  • Your account email and handle.
  • Sufficient information for us to verify your identity (we may request additional information to confirm).

We will respond within one month of receipt. This period may be extended by up to two further months for complex or numerous requests, in which case we will inform you of the extension and the reasons. Exercising your GDPR rights is free of charge, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

6. International Data Transfers

Because Plotmi LLC is based in the United States, personal data of EEA, UK, and Swiss users is transferred to and processed in the United States. The U.S. is not currently subject to an EU adequacy decision (as of the effective date of this policy).

To ensure your data continues to be protected when transferred outside the EEA, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission with our sub-processors located outside the EEA.
  • UK International Data Transfer Agreement (IDTA) or UK SCC Addendum for transfers from the UK.
  • Swiss FADP-compliant agreements for transfers from Switzerland.
  • Where applicable, EU-U.S. Data Privacy Framework participation by our sub-processors.
  • Additional technical and organizational measures including encryption in transit, encryption at rest, access controls, and audit logging.

You can request a copy of the relevant transfer safeguards by contacting support@plotmi.com.

7. Sub-Processors

Plotmi engages third-party sub-processors to provide certain services. Each sub-processor is contractually bound to protect personal data in accordance with applicable law. Our current key sub-processors include:

  • Supabase — database hosting, authentication, and backend infrastructure.
  • Stripe — payment processing.
  • Vercel — frontend hosting and content delivery.
  • Voice transcription provider(s) — automated transcription of optional voice memos. Audio is transmitted solely for transcription and is not used to train models.
  • Email delivery providers — sending transactional and (where opted in) marketing email.
  • Analytics providers — basic platform analytics where applicable, as disclosed in our Cookies Policy.

We update this list as our processing changes. If you would like the current full list of sub-processors, contact support@plotmi.com.

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, subject to legal retention obligations. Our general retention principles:

  • Account data: retained while your account is active. Deleted within 30 days of account closure, except as required for legal or tax reasons.
  • Creative content (manuscripts, sneak peeks, full reports, etc.): retained for as long as you keep it on the platform. You may delete your own content at any time. Backups may persist for up to 90 days after deletion for disaster recovery.
  • Voice memos and transcripts: retained for the duration of the related project or collaboration. Deleted within 30 days of project completion or upon your request, whichever is sooner.
  • Engagement and analytics data: retained in identifiable form for 24 months. Aggregated or anonymized data may be retained indefinitely.
  • Payment records: retained for 7 years (or as required by applicable tax and accounting law).
  • Communications and support tickets: retained for 3 years.
  • Security and audit logs: retained for 12 months.

9. Children's Data

Plotmi is intended for users aged 18 and older. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected personal data from a person under the applicable age of digital consent (which varies between 13 and 16 across EU member states), we will delete that data without undue delay.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • TLS/HTTPS encryption of data in transit.
  • Encryption at rest for sensitive data.
  • Hashed and salted password storage.
  • Role-based access controls and least-privilege principles.
  • Audit logging of administrative actions.
  • Regular review of sub-processor security practices.

No security measure is perfect. We will notify the relevant supervisory authority and affected users in the event of a personal data breach as required under Articles 33 and 34 GDPR.

11. UK GDPR & Swiss FADP

References to "GDPR" in this policy should be read to include the UK GDPR for individuals located in the United Kingdom and the Swiss Federal Act on Data Protection (FADP) for individuals located in Switzerland, as applicable. The rights described above apply substantively to UK and Swiss users.

UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk. Swiss users may contact the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.

12. Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully or have not properly addressed your request, you have the right to lodge a complaint with your local supervisory authority. You can find your country's data protection authority through the European Data Protection Board at edpb.europa.eu/about-edpb/about-edpb/members_en.

We encourage you to contact us first at support@plotmi.com so we can attempt to resolve your concern directly.

13. Changes to This Policy

We may update this GDPR Policy from time to time. Material changes will be communicated to EU/UK/Swiss users via email or in-app notice. The "Effective Date" at the top of this page indicates when the latest version took effect.

14. Contact

For all GDPR-related inquiries, requests, or complaints:

© 2026 Plotmi LLC. All rights reserved.