Legal

Privacy Policy

Effective June 1, 2026

Calamus ("we," "us") provides AI-powered thought leadership content as a subscription service for businesses. This policy explains what data we collect, how we use it, and the choices you have.

What We Collect

When you start with Calamus, we collect and store:

• Account information — name, email address, company name, job title, and industry
• Intake responses — audience details, topics, tone preferences, competitor information, and reference content URLs you provide through our intake form
• Writing samples and reference content — articles, blog posts, or other content you share for voice profiling
• Payment information — processed and stored by Stripe. We do not store credit card numbers on our servers.
• Google Drive access — if you choose Google Docs delivery, we request OAuth access with the drive.file scope, which limits us to files Calamus creates. We cannot read or modify your other Drive files.
• Usage data — article requests, delivery history, and revision feedback

How We Use Your Data

• Build your voice profile — analyzing your writing samples and intake responses to match your tone, vocabulary, and style
• Produce articles — researching topics, drafting content, and running quality checks
• Deliver content — creating Google Docs in your specified Drive folder or sending via email
• Manage your subscription — tracking content allowances, billing, and account status
• Improve the service — using anonymized, aggregated process data (not your content) to improve our writing methodology

Data Storage & Security

All data is stored in Supabase, a hosted PostgreSQL platform with SOC 2 Type II compliance. Data is encrypted at rest using AES-256 encryption.

OAuth tokens and sensitive credentials are stored using Supabase Vault with additional encryption and access controls beyond standard database storage.

Third-Party Services

We share data only with the following services to operate Calamus:

• Supabase — database and credential storage
• Stripe — payment processing. Stripe's privacy policy applies to payment data.
• Google — Drive delivery via OAuth (drive.file scope only)
• AI model providers — article generation and content processing. No personally identifiable information is sent. Providers receive only topic parameters, style preferences, and anonymized voice guidance needed to generate articles.
• Resend — transactional email delivery (delivery notifications)

Data Retention

Your data remains active for the duration of your subscription. If you cancel, we retain your data for 30 days to allow for reactivation.

After 30 days — or immediately upon request — we permanently delete all account data, including voice profiles, intake responses, OAuth tokens, and delivery history.

Your Rights

At any time, you can:

• Request a data export — we'll provide a complete copy of all data associated with your account
• Request deletion — we'll permanently remove all your data within 30 days, or sooner upon request
• Revoke Google access — email us to disconnect Google Drive, or revoke access directly via your Google Account permissions
• Cancel your subscription — email us anytime to cancel; effective at the end of your billing period

To exercise any of these rights, email steven@usecalamus.com.

Cookies

We use Google Analytics to understand how visitors use our website (which pages are viewed, general traffic patterns). Google Analytics sets first-party cookies and collects standard usage data; we do not use advertising cookies or sell your data to third parties. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.

Changes to This Policy

If we make meaningful changes, we'll update the date at the top of this page. For significant changes affecting how we handle your data, we'll notify you via email.

Contact

Questions about this policy? Reach us at steven@usecalamus.com.

Calamus is operated by Steven Emch, based in Indiana, United States.