This is the privacy policy for Hollywood Metrics. It explains what we collect when you visit the marketing pages, what changes when you create an account, what changes again when you upload a screenplay, and what every third-party service in our pipeline does with the slice of data we hand them. It is written to be read by a human, not survived by one.
We are a solo-operated company. There is no privacy desk, no legal department, and no dedicated data-protection officer performing kabuki for a Series B deck. There is a founder, an inbox, and an honest answer to every question you ask. If anything below feels evasive, write in and the next revision of this page will say it more clearly.
Your screenplay text never leaves your browser. We never see it, store it, sell it, or train a model on it.
01 / What We Collect
When you visit Hollywood Metrics without signing in, we collect essentially nothing identifiable. The marketing pages do not ship Google Analytics, do not embed Facebook or LinkedIn tracking pixels, do not run a third-party heatmap tool, and do not load an advertising SDK. The site loads static HTML and a handful of self-hosted JavaScript bundles.
When you create an account, we collect the data Firebase Authentication returns from the sign-in method you choose. For Google sign-in: email address, display name, profile photo URL, and a Google account identifier. For email-and-password sign-in: email address and a salted, hashed password stored by Firebase. We never see your plaintext password.
When you upgrade to a paid tier, Stripe collects your card details directly inside an iframe served from stripe.com. We see only the brand, last four digits, expiry month and year, and the outcome of each charge. We store your Stripe customer and subscription identifiers in Firestore so we can recognise you on return visits and grant the right tier.
When you use the product, we record a small ledger of how many AI features you have triggered (script analyses, deep analyses, simulations, oracle calls) so we can enforce per-tier quotas and bill cost back to the right account. This is a count, not a transcript. We do not log the contents of your screenplays, your prompts, or the AI responses.
When you subscribe to the newsletter, we store the email address you give us, the timestamp of confirmation, and a per-subscriber unsubscribe token. The token lets the one-click unsubscribe link in every email work without forcing you to log in.
02 / What We Don't Collect
Your screenplay text. PDF parsing, DOCX parsing, and the twenty-feature quantitative engine all run client-side, inside your browser, using lazy-loaded copies of pdfjs-dist and mammoth. Your script never reaches our servers. You can prove this by opening DevTools, watching the Network tab, and uploading a script — the only outbound requests are for static model JSON files, which we send out, not in.
AI features are the one exception. When you explicitly click a button that asks for an AI rewrite, a deep analysis, or a simulated audience reaction, the relevant portion of text is sent to the upstream AI provider for processing. That is unavoidable — we cannot run a frontier model in your browser. The text is sent over TLS, processed, and the response is returned to your session. We do not log the text on our side; the provider's retention policy applies on theirs. Both providers we use offer zero-retention commitments for API traffic, and we have not opted into any training-on-customer-data programmes.
Your physical location. We do not request geolocation, do not record IP-derived city, region, or country, and do not enrich your record with reverse-DNS or third-party demographics.
Your device fingerprint. We do not run canvas fingerprinting, audio fingerprinting, font enumeration, or any of the techniques the digital-rights community has spent the last decade exposing.
Anything we don't need. If we cannot explain in one sentence why we hold a piece of data about you, we should not be holding it. Tell us if you find an example and we will remove the collection point and purge the column.
SCREENPLAY TEXT NEVER LEAVES THE BROWSER. HERE'S HOW TO CHECK.
- Open the script analysis page and your browser's DevTools. Move to the Network panel and filter to
Fetch/XHR. - Upload a screenplay (PDF, DOCX, or paste).
- Watch what fires. You will see outbound requests for static model JSON files (we send those out to you) and you will see no POST or PUT carrying the body of your script. Inspect each request payload to confirm.
- If you find a request that disagrees with this claim, that is a bug and we will fix it before the next deploy. Email the repro and we will credit you in the changelog.
03 / How We Use It
We use the data we collect to do the four things the product promises to do. We authenticate you so the dashboard loads your saved scripts and not someone else's. We charge your card so the subscription you bought continues to work. We send you transactional email — receipts, password resets, billing failures — so you know what is happening to the account you own. We send you the weekly newsletter if and only if you have opted in.
We also use the per-account usage counter to enforce the rate limits each tier promises. If you are on Writer ($9 per month), we count how many script analyses you have run this month and block the eleventh until the next billing period starts. If you are on Producer or Studio, the counter still runs but the cap is high enough that you will almost certainly never hit it.
Finally, we use the aggregate view of which dashboard tabs are opened, which charts are scrolled to, and which AI features are most popular to decide what to build next. The aggregate view is not keyed to your account; it is a count across all sessions in a given week. We do not need to know that you personally opened the Comedy heatmap on Tuesday to know that the Comedy heatmap is worth keeping.
04 / Who We Share With
The platform is built on a small number of named processors. Each one receives the smallest slice of data needed to do the job we hired it for. There are no resellers, no data brokers, no marketing partners.
Authentication, Firestore database, hosting.
Email, display name, profile photo URL, Firebase UID, account documents (saved analyses, API keys, tier).
Firebase Privacy →Payment processing for paid subscription tiers.
Card details (entered directly into Stripe iframe, not seen by us), billing email, subscription metadata.
Stripe Privacy →Transactional and newsletter email delivery.
Email address, unsubscribe token, delivery and open events for the messages we send you.
Resend Privacy →AI rewrite, deep analysis, oracle features (only when you click an AI button).
The specific prompt and context for the feature you triggered. Sent over TLS, processed, returned. We do not log content; provider zero-retention applies.
Anthropic Privacy →Poster analysis and select AI utilities (only when you trigger the relevant feature).
The specific image or text payload for the feature you triggered. Sent over TLS, processed, returned.
Google AI Privacy →Hosting and CDN for the Next.js application.
Request logs (URL, timestamp, response code, anonymised UA). No body of your authenticated requests, no AI payloads.
Vercel Privacy →| Processor | Purpose & Data |
|---|---|
Firebase (Google LLC) Policy → | Purpose:Authentication, Firestore database, hosting. Data:Email, display name, profile photo URL, Firebase UID, account documents (saved analyses, API keys, tier). |
Stripe, Inc. Policy → | Purpose:Payment processing for paid subscription tiers. Data:Card details (entered directly into Stripe iframe, not seen by us), billing email, subscription metadata. |
Resend, Inc. Policy → | Purpose:Transactional and newsletter email delivery. Data:Email address, unsubscribe token, delivery and open events for the messages we send you. |
Anthropic, PBC Policy → | Purpose:AI rewrite, deep analysis, oracle features (only when you click an AI button). Data:The specific prompt and context for the feature you triggered. Sent over TLS, processed, returned. We do not log content; provider zero-retention applies. |
Google Generative AI Policy → | Purpose:Poster analysis and select AI utilities (only when you trigger the relevant feature). Data:The specific image or text payload for the feature you triggered. Sent over TLS, processed, returned. |
Vercel, Inc. (App Hosting) Policy → | Purpose:Hosting and CDN for the Next.js application. Data:Request logs (URL, timestamp, response code, anonymised UA). No body of your authenticated requests, no AI payloads. |
We do not share data with any party not listed above. If a future processor joins the stack, this list is updated before the integration ships, and the change is noted in the last-updated date at the top of the page.
05 / Cookies & Local Storage
We use a handful of cookies and a handful of localStorage keys. Neither category is sold, syndicated, or shared with an ad network. The complete inventory:
__sessionEssentialHolds the encrypted session token that proves you are signed in.
Two weeks, refreshed on activity.
firebase:authUser:*EssentialCaches the JWT used to authorise API calls without a round-trip on every request.
Until sign-out or token expiry.
hm_themePreferenceRemembers your theme preference (we only ship the dark Abyss theme today, but the slot is reserved).
Until you clear it.
hm_recent_filmsPreferenceRemembers the last few films you opened so the dashboard can offer a 'recently viewed' rail.
Until you clear it.
hm_dashboard_prefsPreferenceRemembers which dashboard tab you last had open and which chart settings you prefer.
Until you clear it.
newsletter_dismissedPreferencePrevents the newsletter prompt from re-appearing after you have dismissed it.
Until you clear it.
__stripe_mid / __stripe_sidEssentialStripe's own fraud-prevention cookies, set during checkout flows on stripe.com.
Defined by Stripe (one year / 30 minutes).
| Key | Type | Purpose | Lifetime | Class |
|---|---|---|---|---|
__sessionset by Firebase Auth | Cookie | Holds the encrypted session token that proves you are signed in. | Two weeks, refreshed on activity. | Essential |
firebase:authUser:*set by Firebase Auth SDK | Local Storage | Caches the JWT used to authorise API calls without a round-trip on every request. | Until sign-out or token expiry. | Essential |
hm_themeset by Hollywood Metrics | Local Storage | Remembers your theme preference (we only ship the dark Abyss theme today, but the slot is reserved). | Until you clear it. | Preference |
hm_recent_filmsset by Hollywood Metrics | Local Storage | Remembers the last few films you opened so the dashboard can offer a 'recently viewed' rail. | Until you clear it. | Preference |
hm_dashboard_prefsset by Hollywood Metrics | Local Storage | Remembers which dashboard tab you last had open and which chart settings you prefer. | Until you clear it. | Preference |
newsletter_dismissedset by Hollywood Metrics | Local Storage | Prevents the newsletter prompt from re-appearing after you have dismissed it. | Until you clear it. | Preference |
__stripe_mid / __stripe_sidset by Stripe (checkout pages only) | Cookie | Stripe's own fraud-prevention cookies, set during checkout flows on stripe.com. | Defined by Stripe (one year / 30 minutes). | Essential |
We do not display a cookie banner because we do not place non-essential cookies. The handful above are either required for authentication or set by you (theme preference, most-recently-viewed film). If you are in a jurisdiction that requires explicit consent for non-essential storage and you believe one of the items above qualifies, write in and we will add a per-key opt-out.
06 / How Long We Keep It
Never reaches our servers in the first place. Parsing and feature extraction are 100% client-side.
Retained while the account exists; fully purged within thirty days of a deletion request.
Used for per-tier quota enforcement and cost attribution. No prompt content. Pruned automatically.
We do not log the contents of AI calls. Provider zero-retention commitments apply on their side.
Counts of which features are popular, keyed to no user. Cannot be re-personalised.
After unsubscribe we keep the email on a suppression list for 30 days to prevent accidental re-add, then purge.
U.S. tax and EU VAT rules require we keep invoices and charge records. Held in Stripe, isolated from active account data after deletion.
Retained so we have context if you write back. Purged on request, otherwise pruned at the three-year mark.
URL, timestamp, response code only. Rotated and overwritten on a monthly cycle.
| Category | Retention | Detail |
|---|---|---|
| Screenplay text | Zero seconds. | Never reaches our servers in the first place. Parsing and feature extraction are 100% client-side. |
| Account profile | Active life + 30 days after deletion request. | Retained while the account exists; fully purged within thirty days of a deletion request. |
| AI feature ledger (counts only) | Rolling 90 days. | Used for per-tier quota enforcement and cost attribution. No prompt content. Pruned automatically. |
| AI prompt / response content | Not retained. | We do not log the contents of AI calls. Provider zero-retention commitments apply on their side. |
| Aggregate usage analytics | Indefinite, but de-identified. | Counts of which features are popular, keyed to no user. Cannot be re-personalised. |
| Newsletter subscription | Until you unsubscribe + 30 days. | After unsubscribe we keep the email on a suppression list for 30 days to prevent accidental re-add, then purge. |
| Stripe billing records | Seven years (legal retention). | U.S. tax and EU VAT rules require we keep invoices and charge records. Held in Stripe, isolated from active account data after deletion. |
| Support email threads | Three years. | Retained so we have context if you write back. Purged on request, otherwise pruned at the three-year mark. |
| Server access logs | Thirty days. | URL, timestamp, response code only. Rotated and overwritten on a monthly cycle. |
Where law requires longer retention (most commonly: invoices and tax records under U.S. and EU rules), we retain the minimum necessary record, isolated from your active account data, for the legally required period only.
07 / Your Rights
We honour the rights granted by the relevant data-protection regimes for the jurisdictions where our users live. In practice this means:
- Right of access. Email and ask for a copy of every row keyed to your account. We respond within thirty days with a structured export.
- Right of rectification. If a field is wrong, email and ask for it to be corrected. We do not charge for this and we do not ask why.
- Right of erasure (GDPR Art. 17, CCPA § 1798.105). Email and we delete your account, your Firebase Auth record, your Firestore documents, your Stripe customer record (where Stripe permits), and your newsletter row, within thirty days.
- Right of portability. The access export above is delivered in machine-readable JSON.
- Right to opt out of sale or sharing (CCPA). We do not sell personal information and do not share it for cross-context behavioural advertising. There is nothing to opt out of, but if our practice changes the change will be announced here first.
- Right to unsubscribe (CAN-SPAM). Every marketing email has a one-click unsubscribe link in both the header and footer. The unsubscribe is honoured immediately, without confirmation friction.
- Right to lodge a complaint. EU and UK residents have the right to complain to their national data-protection authority. We would rather hear from you first so we can fix it, but the right exists either way.
08 / Account & Data Deletion
To delete your account and the data attached to it, email alcheon.ai@gmail.com from the address tied to the account. The subject line should be clear; the body does not need to be.
On receipt we acknowledge within two business days, delete within thirty days, and confirm completion. Concretely, the deletion sweep removes:
- Your Firebase Auth user record.
- Every Firestore document keyed to your UID.
- Your Stripe customer record, where Stripe permits removal (financial-record retention may keep an invoice trail).
- Your Resend audience entry and any pending broadcast queue rows.
- Your newsletter subscription, if active.
- Your API keys, immediately invalidated.
Aggregate, non-identifying statistics derived from your usage before deletion (which decade tab is most popular, which feature converts best) may persist in derivative form. They cannot be re-keyed to you and we cannot reconstruct you from them.
09 / Children's Data
Hollywood Metrics is intended for professional and serious amateur screenwriters, producers, and industry analysts. It is not directed at children under sixteen, we do not knowingly collect data from anyone under that age, and our marketing is not targeted at minors. If we learn we have collected such data we will delete it.
10 / Changes to This Policy
We update this policy when the product changes, when a new processor joins the stack, or when the legal landscape moves. Material changes are announced via email to registered users before they take effect. The last-updated date at the top of this page is bumped on every revision, and a changelog of substantive changes is kept in the git history of the repository at web/src/app/privacy/page.tsx.
11 / Contact
For any privacy matter, write to alcheon.ai@gmail.com. The address goes directly to the founder. There is no ticketing system and no autoresponder. Expect a reply within two business days, often sooner.
Hollywood Metrics is a sole-proprietor operation based in Los Angeles, California, United States. The data controller for the purposes of GDPR is the founder. There is no separately appointed EU representative because we do not meet the thresholds at which one is required; if our usage in the EU grows past that threshold, we will appoint a representative and update this page.