VelvetQuill
Login

Privacy Policy

How we handle your data and our content guidelines.

Privacy Policy and Content Policy

Effective Date: February 2026 Last Updated: February 2026

This policy describes how New Arc Consulting LLC ("we," "us," "our") collects, uses, stores, and protects your information when you use Velvet Quill at velvetquill.ai (the "Service"). It also describes our content rules and safety protocols.

By using the Service, you agree to the practices described in this policy. If you do not agree, do not use the Service.

Part 1: Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Google OAuth users: Your name and email address as provided by Google. We receive this information through Google's authentication service. We do not receive or store your Google password.
  • Email/password users: Your email address and a cryptographic hash of your password. We never store your password in plain text.
  • Display name: The name you choose to display within the Service, which you can change at any time.

1.2 Content You Create

When you use the Service, we store:

  • Protagonist profiles: Names, gender, pronouns, physical descriptions, personality traits, and portrait images you create or upload.
  • Character profiles: Names, species, gender, personality settings, physical descriptions, occupations, hobbies, and portrait images.
  • Adventure configurations: Your selected tropes, settings, spice levels, kink preferences, and hard limits.
  • Story data: System prompts, opening messages, intimacy progression data, world state, and relationship state generated for your adventures.
  • Messages: The text you type during story interactions and the AI-generated responses you receive.
  • Lorebook entries: Facts and details extracted from your story conversations for narrative continuity.

This content is necessary to provide the Service. Without it, we cannot generate or continue your stories.

1.3 Information Collected Automatically

  • Session cookies: We use cookies to maintain your login session. Our session cookies expire after 30 days. We do not use advertising cookies or third-party tracking cookies.
  • Local storage: The Service uses browser local storage (via Zustand) to maintain UI state such as your current wizard progress and reader settings. This data stays on your device and is not transmitted to our servers.
  • Analytics: We use Umami, a privacy-focused analytics tool, to collect anonymous usage data in production. Umami does not use cookies, does not collect personal information, and does not track individual users across sessions. We use this data to understand aggregate usage patterns (e.g., which pages are visited, general traffic volume).

1.4 Information We Do Not Collect

  • We do not collect your physical address, phone number, or payment information (no payment system exists during early access).
  • We do not collect biometric data.
  • We do not use fingerprinting or cross-site tracking.

2. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service: Processing your messages through AI models to generate story content, maintaining your characters and stories, and keeping your account functional.
  • Authentication: Verifying your identity when you log in and maintaining your session.
  • AI content generation: Sending your messages and story context to third-party AI model providers to generate narrative responses. See Section 3 for details.
  • Service improvement: Using anonymous, aggregated analytics to understand usage patterns and improve the Service.

We do not sell your personal information. We do not use your stories or messages to train AI models. We do not serve advertisements.

3. How Your Data Flows Through Third-Party Services

Velvet Quill relies on several third-party services to operate. Here is exactly how your data moves through each:

3.1 AI Model Providers (via OpenRouter)

When you send a message in a story, here is what happens:

  1. Your message, along with story context (system prompt, recent conversation history, world state), is sent from our server to OpenRouter, an AI routing service.
  2. OpenRouter forwards your request to the selected AI model provider (e.g., DeepSeek, Grok, or other models available through OpenRouter).
  3. The AI model generates a response, which is returned through OpenRouter to our server, and then to you.

OpenRouter's data practices: OpenRouter does not store prompts or responses by default. They retain request metadata (timestamps, token counts) for operational purposes. We do not opt in to prompt logging on our OpenRouter account. For full details, see OpenRouter's privacy documentation.

Downstream model providers: Each AI model provider has its own data retention and training policies. OpenRouter publishes provider-level policies and offers filtering to avoid providers that train on user data. We configure our account to avoid providers that use submitted data for training where possible, but we cannot guarantee the practices of every downstream provider for every request.

What this means for you: Your story messages pass through OpenRouter and an AI model provider each time you send a message. We take reasonable steps to ensure these services do not retain or train on your content, but we do not control their systems.

3.2 Supabase (Database and Authentication)

  • Authentication: Your login credentials are managed by Supabase Auth. If you use Google OAuth, the OAuth flow is handled between your browser, Google, and Supabase. We receive a session token.
  • Database: All your account data, characters, stories, and messages are stored in a PostgreSQL database hosted by Supabase on AWS infrastructure in the United States.
  • File storage: Character and protagonist portrait images are stored in Supabase Storage. Images you upload or generate through the Service are stored in cloud storage buckets.
  • Encryption: Data is encrypted in transit (TLS) and at rest per Supabase's infrastructure defaults.

3.3 Fly.io (Application Hosting)

Our application server runs on Fly.io infrastructure. Fly.io processes your HTTP requests but does not persistently store your application data. Server logs may temporarily contain request metadata (IP addresses, timestamps, URLs) per Fly.io's standard practices.

3.4 Umami (Analytics)

Umami is a privacy-focused, cookie-free analytics tool. It collects anonymous page view data (pages visited, referrer, browser type, country) without identifying individual users. No personal information is collected or stored by Umami.

4. Data Retention

  • Active accounts: Your data is retained for as long as your account is active.
  • Account deletion: You can delete your account at any time from your account settings. When you delete your account, your profile, characters, protagonists, stories, messages, and lorebook entries are permanently deleted from our database. Portrait images stored in cloud storage are also scheduled for deletion, though cleanup of storage files may take additional time to process. Some data may persist in automated backups for a limited period (typically up to 30 days) before being purged.
  • Guest sessions: Data from unclaimed guest sessions may be deleted at our discretion.
  • Backups: We maintain database backups for disaster recovery. Backup data is overwritten on a rolling basis.

5. Data Security

We implement the following security measures:

  • Passwords are cryptographically hashed before storage (never stored in plain text).
  • All data transmission between your browser and our servers uses TLS encryption.
  • Database access is restricted to authenticated application connections.
  • Session cookies use the SameSite attribute to mitigate cross-site request risks.
  • AI API keys and database credentials are stored as environment variables on the server, never exposed to the client.

No system is perfectly secure. We cannot guarantee absolute security of your data. If we become aware of a security breach that affects your personal information, we will notify affected users as required by applicable law.

6. Your Rights

6.1 Access and Export

You can view all your data within the Service (your characters, stories, messages). The Service includes a JSON export feature that allows you to download your conversation data.

6.2 Deletion

You can delete individual stories, characters, and protagonists from within the Service. You can delete your entire account from your account settings, which removes all associated data.

6.3 Correction

You can update your display name from your account settings. You can edit your characters and protagonists at any time.

6.4 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion. To exercise these rights, contact us at support@velvetquill.ai. We will respond within 45 days.

7. Children's Privacy

Velvet Quill is strictly for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete that information and terminate the associated account as quickly as possible. If you believe a minor is using our Service, please contact us at support@velvetquill.ai.

8. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will update the "Last Updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Part 2: Content Policy

9. Content Rules

Velvet Quill is an adult fiction platform. We permit a wide range of fictional content, including explicit romantic and sexual themes, within clearly defined boundaries. The following rules apply to all content created, requested, or generated through the Service.

9.1 Permitted Content

You may create and engage with fictional stories that include:

  • Romantic and sexual content between consenting adult characters
  • Dark romance themes (power dynamics, morally complex characters, enemies-to-lovers, etc.)
  • Fantasy violence within a narrative context
  • Mature language and themes
  • Exploration of complex emotional and psychological dynamics

The spice level and hard limits you configure in the Adventure Wizard represent your boundaries. Our AI systems will respect these preferences to the best of their ability.

9.2 Prohibited Content

The following content is absolutely prohibited, regardless of context or fictional framing:

  • Sexual content involving minors. Any sexual or romantic content involving characters who are, appear to be, or are implied to be under 18 years old. This includes fictional minors, "aged up" canonically minor characters, and scenarios designed to sexualize youth (e.g., school settings used as a pretext for sexual content involving minors).
  • Real people in sexual scenarios. Content depicting real, identifiable individuals in sexual or defamatory situations without their consent.
  • Content promoting real-world harm. Material designed to instruct, encourage, or facilitate actual violence, illegal activity, or exploitation.
  • Non-consensual content presented approvingly. While dark romance may explore complex power dynamics as a narrative device, content that exists solely to glorify, celebrate, or provide instruction for real-world sexual violence is prohibited.

9.3 Enforcement

Our AI systems include behavioral constraints designed to prevent generation of prohibited content. These constraints are built into the narrative engine and cannot be disabled by users.

If you encounter prohibited content generated by the AI despite these safeguards, we encourage you to report it to support@velvetquill.ai. No content moderation system is perfect, and user reports help us improve.

Users who deliberately and repeatedly attempt to circumvent content safeguards to generate prohibited material will have their accounts terminated.

10. Safety Protocols

In compliance with California Senate Bill 243 (Companion Chatbot Safety), we maintain the following safety protocols:

10.1 AI Disclosure

Velvet Quill clearly discloses that all characters and narrative content are generated by artificial intelligence. You are interacting with AI, not with a human. AI characters are fictional constructs and do not have feelings, consciousness, or independent existence.

10.2 Suitability Disclosure

Velvet Quill may not be suitable for all audiences, including minors. This disclosure is present in our Terms of Service, on our platform, and here in this policy.

10.3 Self-Harm and Crisis Prevention

Our AI systems include safeguards designed to prevent the generation of content that promotes, encourages, or provides instructions for self-harm, suicidal ideation, or suicide. If themes of self-harm or suicidal ideation arise during a story interaction, the AI is instructed to not engage with or encourage those themes and to redirect the conversation.

If you or someone you know is in crisis:

Velvet Quill is an entertainment platform. It is not a substitute for professional mental health support. If you are experiencing emotional distress, please reach out to a qualified professional or one of the resources listed above.

11. Contact

For questions about this policy, to exercise your privacy rights, or to report content concerns, contact us at:

New Arc Consulting LLC Email: support@velvetquill.ai