Legal
Wordaro is built on a simple principle: your messages are none of our business. We process them to give you results, then they're gone.
Last updated: June 5, 2025
The short version
When you create an account, we collect your email address and store a hashed (one-way encrypted) version of your password. We never see your password in plain text.
When you use the service, we increment a usage counter tied to your account — a simple number like "4 analyses this month." This is used to enforce free-tier limits and nothing else.
If you subscribe to a paid plan, Stripe stores your payment details. We receive a Stripe customer ID and subscription status only — we never see or store card numbers, expiry dates, or CVVs.
That's the complete list of what we collect.
We do not store the messages you submit for analysis. Ever.
When you paste a message into Wordaro, it travels over an encrypted connection to our server, is passed to OpenAI's API to generate your results, and is then discarded. Nothing is written to our database. There is no history. There are no logs of your message content.
We also do not collect: • IP addresses or browser fingerprints for tracking purposes • Device identifiers • Location data • Behavioral analytics tied to your identity • Any content from the messages you analyze
Here is exactly what happens when you submit a message:
1. Your message is sent over TLS (encrypted in transit) to Wordaro's server 2. It is forwarded to OpenAI's API to generate a resonance score, friction words, and rewrites 3. The result is returned to you in your browser 4. The message content is never written to any database or log file
The only record that analysis occurred is an anonymous counter increment: your usage count goes from N to N+1. Your message content is not part of that record.
OpenAI processes your message under their API terms. By default, OpenAI does not use API inputs to train their models. You can review their policy at openai.com/privacy.
We use your email address for three things only:
• To authenticate your account (log you in) • To send essential service emails (password resets, billing receipts, significant policy changes) • To contact you if there is a security issue affecting your account
We do not send marketing emails unless you explicitly opt in. We do not share your email with any third party for marketing purposes.
Wordaro uses the following services to operate:
Supabase — hosts our database. Stores your email, hashed password, usage count, and Stripe subscription ID. Supabase is SOC 2 Type II certified.
OpenAI — processes your messages to generate analysis results. Your messages are transmitted to OpenAI and subject to their API privacy policy. OpenAI does not train on API inputs by default.
Stripe — handles payment processing. Stripe is PCI DSS Level 1 certified. We never see your card details.
Vercel — hosts the application. Vercel may retain server logs (IP address, request path, timestamp) for up to 30 days for security and infrastructure purposes.
All data in transit is encrypted using TLS 1.2 or higher. Data at rest in Supabase is encrypted using AES-256. Passwords are hashed using bcrypt and are never stored in plain text.
Access to our database is restricted to authenticated server-side processes. No one on our team has routine access to user data.
We will notify you promptly in the event of a security breach that affects your personal information.
You can delete your account at any time from your account settings. When you delete your account, we remove your email, usage count, and all associated data from our systems within 30 days.
Since we do not store your message content, there is nothing to export or delete in that regard.
If you are in the EU or UK, you have rights under the GDPR and UK GDPR, including the right to access, correct, or erase your personal data, and the right to lodge a complaint with your local supervisory authority. Contact us at privacy@wordaro.com to exercise any of these rights.
Wordaro is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, please contact us at privacy@wordaro.com and we will remove it promptly.
If we make material changes to this policy — meaning changes that affect how we collect or use your data — we will notify you by email before the changes take effect. Minor clarifications may be made without notice.
The date at the top of this page always reflects when the policy was last updated.
Questions, concerns, or data requests:
privacy@wordaro.com