Privacy

Privacy, in plain English.

Last updated June 30, 2026. This page is maintained by Wren to answer common privacy questions about the Wren app. It isn't a legal contract — the Terms are.

The short version

  • We collect the minimum needed to run Wren — your account, your drafts, the assets you upload.
  • We don't sell your data, and we don't train public AI models on what you write.
  • You can export or delete everything any time. One email gets it done within 7 days.
  • Wren is built for adults and small teams — not for children under 16.

Who's responsible

Wren is operated by the Wren team ("Wren", "we", "us"). For privacy questions, contact privacy@usewren.app or use the contact page. If you're in the EU/UK and need a Data Processing Addendum (DPA), email us — we'll send the current version.

What we collect

Account data

Your email address, a securely hashed password if you sign up with one, and your Google profile basics (name, email, avatar) if you sign in with Google.

Content you create

The drafts you write, the subject lines, headlines, body copy, sign-offs, footer details, and the logo or hero images you upload. We store this so your work is there when you come back.

Usage data

Lightweight product analytics: page views, feature usage counts, error reports. We use this to fix bugs and decide what to build next. We don't run third-party advertising trackers and we don't follow you around the web.

Billing data

If you upgrade, our payment processor (Stripe) handles your card details — we never see or store the card itself. We do store your plan, renewal date, and invoice history.

Why we use it (legal bases under GDPR)

  • Contract — to give you the Wren account and features you signed up for.
  • Legitimate interests — to keep Wren secure, debug errors, and improve the product.
  • Consent — where required (e.g. optional cookies). You can withdraw any time.
  • Legal obligation — to keep tax and billing records.

AI generation

When you ask Wren to write, polish, or suggest a subject, your notes are sent to our AI provider (Lovable AI Gateway, which routes to underlying model providers) solely to generate that single response. Inputs and outputs aren't used to train public models and aren't retained by the provider beyond what's needed to deliver the result. Don't paste secrets, customer PII, or anything you wouldn't want a contractor to see — and always re-read AI output before you send it.

Who we share data with (subprocessors)

We keep this list short on purpose. Today Wren relies on:

  • Lovable Cloud — managed database, authentication, file storage, and edge hosting for the app.
  • Lovable AI Gateway — routes AI generation requests to underlying model providers.
  • Google — only if you choose Sign in with Google.
  • Stripe — payments and billing for paid plans.

If we add or change a subprocessor that handles your data, we'll update this page. Email privacy@usewren.app to be notified in advance.

Where your data lives

Wren's database and file storage run on Lovable Cloud infrastructure. Some of our subprocessors operate globally, which can mean your data is processed outside your home country (including the US). When that happens we rely on the appropriate safeguards (such as Standard Contractual Clauses) offered by those providers.

How long we keep things

  • Drafts and uploads — until you delete them or close your account.
  • Account record — until you ask us to delete it. After deletion, we purge content within 30 days; backups roll off within 90 days.
  • Billing records — kept as long as tax law requires (typically 7 years).
  • Security logs — up to 90 days for abuse and incident investigation.

How we keep it safe

Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access is gated by row-level security so accounts can only see their own data. Administrative access is limited to the people who need it. No system is unbreakable — if we ever discover a breach affecting your data, we'll notify you and the relevant authority without undue delay.

Cookies & analytics

We use a single authentication cookie to keep you signed in and a small amount of local storage to remember UI preferences. Product analytics are privacy-respecting and aggregated — no cross-site advertising trackers, no data brokers.

Your rights

Depending on where you live (GDPR in the EU/UK, CCPA in California, similar laws elsewhere), you can:

  • Ask for a copy of the data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and content.
  • Object to or restrict certain processing.
  • Withdraw consent where we relied on it.
  • Lodge a complaint with your local data protection authority.

Email privacy@usewren.app and we'll handle requests within 7 days (30 days max if the request is unusually complex). We never charge for reasonable requests.

Children

Wren isn't intended for anyone under 16. We don't knowingly collect data from children. If you're a parent or guardian and believe your child signed up, email us and we'll remove the account.

Changes to this policy

If we make a material change, we'll email account holders before it takes effect and update the date at the top. Small clarifications go in without a notice.

Contact

Privacy questions, deletion requests, DPA requests, or anything else: privacy@usewren.app or the contact page.