Ellipsus Privacy Policy

This Privacy Policy explains how Ellipsus collects, uses, stores, and shares your personal information. Here's the TL;DR:

The pen is mightier than the policy!

  • We care about writer's rights. We're committed to giving you a place to express your full creativity—free from judgment or the prying eyes of Big Tech.
  • We will never sell your information. We will never sell your personal information (and that most certainly includes your writing) to third-parties.
  • We will never use your writing to train AI models. Your documents, drafts, comments, chat messages, and data will never be used to train or otherwise develop machine learning or AI models, and will not be shared or sold to third-parties for that purpose.
  • We limit the information we collect. We only collect the information necessary to create your account, maintain and improve our services, and provide outstanding support.
  • We never sell your billing data. When you pay for Ellipsus, we share only what's necessary with our payment processor (Stripe) to complete the transaction. We don't sell, rent, or share that information for marketing purposes.

No plot twists.

This policy is effective as of 10 June 2026. Last updated: 10 June 2026.

The information we collect

We collect certain information when you use Ellipsus, including information you provide us, information we collect automatically, and information we receive from other sources.

Information you provide to us

  • Account information. When you create an Ellipsus account, you're asked to enter your email address and display name.
  • Content you create. Your writing—which includes what you write in docs, drafts, comments, and chat messages—is yours. As part of our service, we store it so that it's available to you and your collaborators across devices, but only you can make it visible to others. We do not review, moderate, or censor the content you create in Ellipsus.

Your words are yours, always.

  • Other information you provide directly to us. When creating an account, we ask how you heard about Ellipsus and your collaboration preferences. You also have the option to submit additional information as you use Ellipsus, such as feedback via surveys, email, and in-app support.
  • Billing information (paid plans only). When you subscribe to a paid plan, you provide payment details directly to our payment processor, Stripe. We don't see or store your full card number—Stripe handles that. What we do receive and store is a customer reference, the last four digits and brand of your card, your billing country, your billing address (where required for tax), your subscription status, and your invoice history.

Information we collect automatically

Some information is automatically collected as you use Ellipsus, including:

  • Information about your device. When you visit our website or use Ellipsus, we collect information about your device type, operating system, and browser.

We won't critique your browser choice.

  • Information about your use of Ellipsus. In order to improve Ellipsus and provide support, we collect information about how you use our service. (That being said, we do not track what you're writing—just whether or not you are.) This includes log and event information about the features you use. It also includes information about errors you might have encountered during a session.
  • Other information that we automatically collect. When you take certain actions online, we may receive additional information about you. For instance, if you click on a link in an Ellipsus email, we may receive additional information via UTM tags.

We also receive some information from cookies—small pieces of data that our website stores on your computer and accesses each time you visit. Our use of cookies is limited to web analytics and customer support.

How we use your information

Under GDPR, companies need to have a valid reason to process personal information. We use your data to:

  • Provide you with access to Ellipsus. We want you to have the best experience possible when using Ellipsus. In order to do that, we need to process information about you (e.g., the device you're on, the features you're trying to use), to provide you with continuous access to our services.
  • Contact you. We use your information to contact you in connection with your account, such as sending a one-time code or password reset. We may also use your information to contact you about product or policy changes.
  • Offer customer service. We use your information to respond to your questions about Ellipsus and investigate bugs or other issues.
  • Provide and bill paid services. If you subscribe to a paid plan, we process your billing information to charge you, send invoices and receipts, prevent fraud, manage subscription status, and meet our tax and accounting obligations. The legal basis under GDPR is performance of contract (Art. 6(1)(b)) and, for tax recordkeeping, legal obligation (Art. 6(1)(c)).

We also use your data to support legitimate business interests, such as:

  • Measuring and reporting on business performance. We use anonymized information to track and evaluate core metrics (e.g., how many times users visit Ellipsus in a week, what percentage of users are collaborating in the tool, etc.).
  • Improving Ellipsus. We use your data to help us understand how users use Ellipsus and prioritize product improvements.
  • Notifying you about cool or important things. We'll occasionally use your information to let you know about product updates, like new features and improvements, or to ask for your feedback on our product. We also let you know when others send document invites or comment on your work. You can always opt out of receiving any email marketing communications and you can manage collaboration notifications in-app.

What we will never do with your data

To be explicit: we will never use your content—your documents, drafts, comments, or chat messages—to train or otherwise develop machine learning or AI models, whether internal or passed to a third-party provider for that purpose. We repeat: we never pass written content to third-parties.

We also won't use your billing data for advertising or sell it to third parties for any purpose.

Disclosure of personal information to third parties

We may share your personal information with third parties under the following circumstances:

  • Your collaborators. When you invite others to collaborate on a document—or when you're invited to collaborate on a document—your display name and other information (text edits, comments, and chat messages) will be visible to collaborators.
  • Service providers we work with. We rely on a small set of trusted third parties to run Ellipsus. They access only the information they need to do their job, and they're contractually bound to protect it in accordance with GDPR standards.
    • Stripe (payments, invoicing, tax calculation, fraud prevention)—contracted via Stripe Payments Europe Ltd in Ireland, with processing in the EU and US under Standard Contractual Clauses.
    • Amazon Web Services (hosting and infrastructure)—contracted via AWS EMEA SARL in Luxembourg, with all production workloads in EU regions.
    • Iterable (transactional and marketing email)—based in the US, with our tenant on Iterable's EU data centre under Standard Contractual Clauses.
    • Plain (customer support)—based in the UK (covered by the UK adequacy decision), with processing in the EU and UK under Standard Contractual Clauses.
    • Better Stack (logs and uptime monitoring)—based in the US, with all processing in the EU.
    • Plausible Analytics (privacy-friendly analytics for our marketing site)—based in Estonia, with all processing in the EU and no third-country transfers.
    • Typeform (occasional user surveys)—based in Spain, with all processing in the EU.
    • Amplitude (anonymised product analytics)—based in the US, with processing in the US under Standard Contractual Clauses and in compliance with the GDPR
    • Fly.io (hosting for our collaboration infrastructure)—based in the US, with all workloads pinned to EU regions under Standard Contractual Clauses.
    • Vercel (frontend hosting)—based in the US, with storage in EU regions under Standard Contractual Clauses.
    • WorkOS (authentication and identity)—based in the US, with processing in the US under Standard Contractual Clauses and in compliance with the GDPR.
    • Mailgun, operated by Sinch (transactional and authentication email)—based in the US, with processing in the US under Standard Contractual Clauses and in compliance with the GDPR.
    • Sentry (application error monitoring)—based in the US, with processing in the US under Standard Contractual Clauses and in compliance with the GDPR.
    • Stream (chat and messaging infrastructure)—based in the US, with EU data residency (Dublin) under Standard Contractual Clauses.
    • MagicBell (in-app notifications)—based in the US, with EU data residency enabled under Standard Contractual Clauses.
  • We update this list as we change providers; you can email privacy@ellipsus.com for the latest.
  • Legal requirements. We may disclose your personal information if required to do so by law or in response to valid legal requests, such as court orders or government regulations.
  • Business transfers. In the (unlikely) event we're involved in a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. Before making any changes, we will notify you via email or through a prominent notice on our website, to give you ample opportunity to update, transfer, export, or delete your data.

No unauthorized sequels here!

International transfers of personal information

The personal information we collect is stored and / or processed in Ireland, France, the United States, and where we or our partners, affiliates, and third-party providers maintain facilities. Specifically, billing data is processed by Stripe in Ireland and the United States, and product analytics are processed in the United States.

When we transfer your personal information outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission, supplemented by additional safeguards where appropriate. You can request a copy of the safeguards in place by emailing privacy@ellipsus.com.

Security of your personal information

We take reasonable measures to protect your personal information from unauthorized access, use, or disclosure. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Data retention

In general, we retain your personal data for as long as you have a registered Ellipsus account—except where the law requires us to keep it longer.

Information you can directly delete

While using Ellipsus, you can delete your documents as well as any content you've created in any document.

Note that if you delete your account, we will retain and display existing content (i.e., drafts, comments, and chat messages) you've contributed to documents shared with you; however, the content will no longer be tied to your account or display name.

Anonymity: the writer’s invisibility cloak.

Information retained until your account is deleted

We keep some data while you have a registered account. This includes:

  • Your account details (e.g., email, display name);
  • Information about how you've previously used Ellipsus;
  • Feedback you've previously shared (e.g., support logs and feature requests).

Billing and tax records (paid users)

Once you've made a payment, German tax law (§147 AO) and equivalent rules in other jurisdictions require us to retain invoices and related accounting records for 10 years, even if you delete your account. After account deletion, this data is segregated and used only to meet our legal obligations—not for marketing, analytics, or any other purpose. After the retention period expires, it's permanently deleted.

It's currently not possible to delete your Ellipsus account from within the product. If you'd like to delete your account and all data, please email privacy@ellipsus.com.

Children's privacy

We are not targeting Ellipsus directly at children under the age of 13, and we don't knowingly collect personal information about children under 13.

Your rights

You have certain rights regarding your personal information under applicable data protection laws, including:

  • Right to access. You can request a copy of the personal information we hold about you.
  • Right to rectification. You can update or correct your personal information if it is inaccurate or incomplete.
  • Right to erasure. You can request the deletion of your personal information in certain circumstances.

The ultimate plot twist—erasure.

  • Right to portability. You can request a machine-readable export of the personal information you've provided to us, including your writing.
  • Right to object. You can object to the processing of your personal information for direct marketing purposes or based on legitimate interests.

If you have any questions about these rights or wish to exercise control over your information, please reach out to privacy@ellipsus.com. You also have the right to lodge a complaint with a supervisory authority—for users in Germany, that's the Berlin Beauftragte für Datenschutz und Informationsfreiheit.

Changes to our Privacy Policy

Occasionally, we'll need to update our Privacy Policy to reflect updates to our business processes or other changes. When we do, we'll indicate when it was changed. When we make significant changes—or when required—we'll email you or highlight changes within the app.

We’ll keep you in the loop.

Contact us

You can email us at privacy@ellipsus.com with any questions about this Privacy Policy or how we process your information.

No bots, just humans.

Get started–write away.

Sign up—it’s free

“More than any other single invention, writing has transformed human consciousness.”

Walter J. Ong
Jägerstraße 54-55 10117 Berlin Germany