Novelith is responsible for the personal data it controls when you create an account, read, publish, subscribe, tip, report content, or contact support. For privacy questions, rights requests, or data protection concerns, contact support@novelith.co.uk.

Stripe handles payment card and payout data through its own hosted services. We receive payment status, subscription status, connected account, refund, and risk metadata needed to operate Novelith, but we do not store full card numbers.

• Account data: email address, display name, sign-in provider, role, user ID, and account settings.
• Reader data: library, follows, reading preferences, mature-content choices, comments, reports, and subscription access state.
• Notification data: email category preferences, unsubscribe tokens, queued notification events, delivery status, and retention timestamps.
• Creator data: author profile, stories, chapters, posts, tags, lifecycle state, Stripe connected account status, and payout eligibility metadata.
• Commerce data: checkout session IDs, subscription status, renewal or cancellation state, billing portal return state, tips, platform fee metadata, and end-of-contract notice records.
• Moderation data: content reports, enforcement decisions, appeal notes, timestamps, and staff review state.
• Technical data: device and browser information, IP-derived security signals, logs, cookies, analytics events where enabled, and anti-abuse telemetry.
• Support data: messages you send to us and the information needed to resolve the request.

We process account, subscription, and creator workspace data to perform our contract with you. We use legal obligation where records are needed for tax, accounting, consumer protection, safety, or lawful requests.

We rely on legitimate interests for security, fraud prevention, service improvement, moderation, abuse prevention, operational diagnostics, and protecting users and creators. We use consent for optional cookies and any future optional analytics where consent is required. You can withdraw consent at any time without affecting processing that already happened.

We use personal data to run the web product, authenticate accounts, show public and subscriber-only content, process subscriptions and tips, manage author access, enforce mature-content preferences, send requested account and product notifications, moderate UGC, respond to reports and appeals, keep evidence for Release Ops and billing operations, and protect the service.

We keep account data while the account remains open. We keep billing, tax, accounting, moderation, dispute, and legal records for the period reasonably needed to meet legal obligations, handle disputes, and protect the platform. Drafts, stories, comments, and posts remain until deleted, unpublished, removed under moderation rules, or retained where needed for safety or legal reasons. Notification event logs are normally retained for 18 months, unless a shorter or longer period is needed for legal, safety, billing, or dispute evidence.

Core service providers include Supabase for database, authentication, and storage services, and Stripe for hosted checkout, billing portal, subscription records, fraud prevention, tax where enabled, and creator payout onboarding. We may also use hosting, email delivery or support tooling, analytics where enabled, monitoring, and security providers. Processors must handle data only for Novelith instructions and protect it with appropriate security controls.

Some providers may process data outside the UK. Where that happens, we rely on an adequacy decision, the UK International Data Transfer Agreement, UK addendum to EU standard contractual clauses, or another lawful transfer mechanism.

Novelith uses cookies and similar storage in these categories:

• Strictly necessary cookies for sign-in, session security, CSRF protection, checkout returns, and load balancing.
• Preference cookies or local storage for reader controls, mature-content choices, and interface settings.
• Payment and fraud-prevention cookies set by Stripe when you use hosted checkout, billing portal, or creator onboarding.
• Analytics cookies only where enabled and permitted, used to understand page quality and service health.

You can change cookie choices through the cookie controls on the site when shown, browser settings, or by clearing site data. Blocking strictly necessary cookies may prevent sign-in, checkout, billing portal, or reader preferences from working.

Depending on the data and circumstances, you may have rights to access, correct, erase, restrict, object to processing, receive a portable copy, and withdraw consent. You can also ask us to review automated or moderation-related decisions where a right of appeal is available under our rules.

Contact support@novelith.co.uk to exercise rights. We may need to verify your identity and keep limited records of the request. You can complain to the UK Information Commissioner's Office if you are unhappy with how we handle your data.