Back to Limnen

Limnen — Privacy Policy

Effective Date: [DATE] · Version: Beta v1.0 · Availability: United States only

This Privacy Policy explains how Manoli Studio Lab, Inc., doing business as Limnen ("Limnen," "we," "us," or "our"), collects, uses, shares, and protects personal data when you use limnen.co and our products and services (the "Service"). By using the Service, you agree to this Policy. For terms not defined here, see our Terms of Service.

#1. Who We Are and Scope

Limnen is a screenwriting and story-intelligence platform. The controller responsible for your personal data is Manoli Studio Lab, Inc. dba Limnen, [REGISTERED ADDRESS]. Reach us about privacy at privacy@limnen.co. The Service is currently in Beta and offered in the United States only. This Policy therefore focuses on U.S. privacy requirements. When we expand to other countries, we will add the corresponding disclosures (for example for the EEA, UK, Switzerland, and Canada).

#2. Personal Data We Collect

You provide:

  • Account and identity data: your name and email address when you create an Account, including via a sign-in provider such as Google.
  • Your Content (Inputs and Outputs): the screenplays, notes, comments, and other material you create or store; the Sources you upload or link (scripts, books, documents, images, video, links); and the Inputs you submit to, and Outputs you receive from, AI Features. Your Content may contain personal data you choose to include.
  • Support and feedback: information you provide when you contact us or send feedback.

Collected automatically: device and connection data (device/browser type, IP address and approximate location, identifiers); usage data (when and how you use the Service); log and error data; and cookies (Section 7).

Payments: the Beta is free, so we do not collect payment information during the Beta.

#3. How We Use Personal Data

We use personal data to: provide, operate, secure, and maintain the Service and your Account; power AI Features (Section 4); provide support; send service messages and — where permitted — product updates you can opt out of; detect and prevent fraud, abuse, and security issues; debug and improve the Service, including product analytics; and comply with law and enforce our Terms. We do not use your Content to train AI models, and we do not sell your personal data. Because the Beta is offered in the United States, this Policy focuses on U.S. requirements; we will add EU/UK legal-bases and related disclosures when the Service expands to those regions.

#4. AI Processing and Subprocessors

To provide AI Features, we transmit your Inputs (which may include parts of your Content) to AI providers we engage. We currently use Anthropic to generate Outputs and OpenAI for the text embeddings that power retrieval; this applies to all users of Platform AI. These providers process your content under their commercial/API terms, which do not use your content to train their models and retain it only briefly (generally around 30 days) for abuse monitoring. If you supply your own AI provider key (BYO-AI), your content is processed through your own account with that provider, under that provider's terms; we act only to relay it. We keep the provider list current in Section 6.

#5. How We Share Personal Data

We share personal data only as described here: with service providers / subprocessors (Section 6) under contracts that limit their use; with collaborators you invite to a project, in the roles you grant; for legal, safety, and rights reasons where we believe in good faith it is necessary; in connection with a merger, acquisition, or sale of assets (with protection for your data); and with your consent or at your direction. We do not sell your personal data or share it for cross-context behavioral advertising.

#6. Subprocessors

We use the following providers to operate the Service, and will keep this list current:

  • Supabase — database, storage, and hosting
  • Vercel — application hosting
  • Anthropic — AI generation
  • OpenAI — AI text embeddings
  • Google — account sign-in (OAuth)
  • Resend — transactional and notification email
  • An analytics provider — product analytics

Stripe will be added when paid plans launch.

#7. Cookies and Analytics

We and our providers use cookies and similar technologies to operate the Service, keep you signed in, and understand how the Service is used so we can improve it. We use a product-analytics provider to measure feature usage, configured to avoid capturing the substance of your Content. In the United States, we provide this disclosure and an opt-out, and we honor recognized opt-out signals such as Global Privacy Control where applicable. You can manage cookies through your browser settings. (A cookie-consent banner will be added when the Service is offered in the EU/UK.)

#8. Data Retention and Deletion

We keep personal data only as long as needed for the purposes in this Policy.

  • Your Content is retained while your Account is active. After you close your Account, we make your Content available for export for 30 days, then delete it from the live Service.
  • Backups. Residual copies may remain in routine backups until they cycle out, generally within 30 days of deletion.
  • Legal holds. If we reasonably anticipate or are involved in a dispute or investigation, we may retain relevant data until it is resolved.
  • Beta note. As described in our Terms, during the Beta we may need to reset or remove data; we will make reasonable efforts to give notice and an opportunity to export first.

You can delete individual projects and your Account from your settings, and request a full export of your data (Section 11).

#9. Security

We take the confidentiality of your Content seriously and use technical and organizational measures designed to protect personal data, including encryption in transit and at rest, row-level access controls, encrypted storage of any BYO-AI keys, and restricted internal access. Internal access. Our personnel access your Content only for limited, legitimate reasons — to provide support you have requested, to investigate a security issue, or to comply with law — and not for any other purpose. We do not browse user Content. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a breach affecting your personal data occurs, we will act in accordance with applicable law, including notifying you and authorities where required.

#10. Where Your Data Is Stored

We are based in the United States, and your personal data is processed and stored in the United States and other countries where our service providers operate (Section 6). During the Beta, the Service is offered only in the United States. We do not currently offer the Service to residents of the EEA, the UK, Switzerland, or Canada, so those international-transfer frameworks and local-representative requirements do not yet apply. We will add the appropriate safeguards and representatives before offering the Service in those regions.

#11. Your Privacy Rights and Choices

If you are a California resident, you have the right to: know/access the personal data we hold about you; delete it; correct it; opt out of any sale or sharing for targeted advertising (we do not sell or share in this way); and not be discriminated against for exercising these rights. Residents of other US states with applicable privacy laws have equivalent rights. How to exercise your rights. Use the in-product tools to delete projects, export your data ("download all my data"), and close your Account, or email privacy@limnen.co. We will verify your request (for example by confirming your Account email) and respond within the time the applicable law requires — generally within 45 days under California law. An authorized agent may submit a request on your behalf with proof of authorization.

#12. Children

The Service is intended for users 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us personal data, contact privacy@limnen.co and we will investigate and, where appropriate, delete it.

#13. Regional Disclosures

California (CCPA/CPRA). If you are a California resident, you have the rights described in Section 11. We do not sell your personal data and do not share it for cross-context behavioral advertising. The categories of personal data we collect, our purposes, and the categories of recipients are described in Sections 2, 3, 5, and 6, and you may exercise your rights as described in Section 11 without discrimination. Other regions. The Service is currently offered in the United States only. EEA/UK, Swiss, and Canadian disclosures will be added when the Service expands to those regions.

#14. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you as appropriate and update the Effective Date. Your continued use of the Service after changes take effect means you accept the updated Policy.

#15. Contact

For privacy questions, requests, or complaints, contact privacy@limnen.co, or write to: Manoli Studio Lab, Inc. dba Limnen, [REGISTERED ADDRESS].