Privacy Policy
Last updated: June 2026
Neku ("we", "our", or "us") is operated by [Neku], based in Greece. This policy explains what personal data we collect, why we collect it, and what rights you have over it. As an EU-based service, we comply with the General Data Protection Regulation (GDPR).
1. Who We Are
Neku is an AI-powered writing companion available at neku.io. We help writers develop their work without generating prose on their behalf.
For any privacy-related questions, contact us at: hi@neku.io
2. What Data We Collect
Data you provide through signup
When you create an account via Google, we receive and store:
- Your full name
- Your email address
We do not store your Google profile photo.
Data you create in the app
- The text content of your stories and notes
- Your storyboard diagrams
- Your Companion interaction history — including highlighted text, the type of prompt used, and the AI's response
Subscription data
If you subscribe to a paid plan, we store your subscription status, plan type, and billing period via our payment provider LemonSqueezy. We do not store payment card details — these are handled entirely by LemonSqueezy.
Technical data
- Authentication cookies — session and refresh tokens from Supabase, and state tokens from Google OAuth during login. These are strictly necessary for the service to function.
- User preferences — stored in your browser's localStorage (not cookies). These never leave your device unless you are logged in.
- Anonymised usage analytics and product events — collected via Vercel Analytics. No personal information is included and no cookies are used.
3. Why We Collect It
| Data | Purpose | Legal Basis |
|---|---|---|
| Name and email | Account creation and identification | Contract |
| Stories and notes | Providing the writing service | Contract |
| Companion history | Showing your AI interaction history | Contract |
| Auth cookies | Keeping you logged in securely | Contract (strictly necessary) |
| Subscription data | Managing your plan and billing | Contract |
| Anonymised analytics | Understanding how the app is used | Legitimate interest |
4. Who We Share Your Data With
We use the following third-party services to operate Neku. Each acts as a data processor on our behalf:
- Supabase — database and authentication infrastructure. Supabase Privacy Policy
- Anthropic — AI processing for the Companion feature. When you use the Companion, the text you highlight is sent to Anthropic's API. Anthropic Privacy Policy
- Vercel — hosting and deployment. Vercel Privacy Policy
- Google — authentication via Google OAuth. Google Privacy Policy
- LemonSqueezy — payment processing for paid plans. LemonSqueezy Privacy Policy
- Resend — transactional email delivery (e.g. account notifications). Your email address is shared with Resend solely for this purpose. Resend Privacy Policy
We do not sell your data. We do not use your data for advertising.
5. AI Processing
The Companion feature sends portions of your writing to Anthropic's API (Claude) to generate responses. We send only the text you explicitly highlight, up to a maximum of 2,000 characters per interaction. We do not send your full profile or account details to Anthropic.
Anthropic does not use data sent via the API to train its models. Your writing remains yours and is not used to improve any AI system.
6. International Data Transfers
Some of our third-party processors are based outside the European Union, including in the United States (Anthropic, Vercel, LemonSqueezy, and Resend). We select processors that maintain appropriate safeguards for international data transfers in accordance with GDPR, such as Standard Contractual Clauses (SCCs). For details on the safeguards each processor applies, refer to their respective privacy policies linked in Section 4.
7. Cookies
We use only strictly necessary cookies:
| Cookie | Purpose | Provider |
|---|---|---|
| Supabase session token | Keeps you authenticated | Supabase |
| Supabase refresh token | Renews your session | Supabase |
| Google OAuth state token | Secures the login flow |
We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required.
8. Your Rights Under GDPR
As an EU resident, you have the right to:
- Access — request a copy of the personal data we hold about you
- Portability — export your data at any time from your account settings
- Deletion — permanently delete your account and all associated data from your account settings
- Correction — update your name at any time from your account settings
- Restriction — request that we limit how we use your data
- Object — object to our use of your data for legitimate interest purposes
To exercise any right not available in the app directly, contact us at hi@neku.io. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority. In Greece, this is the Hellenic Data Protection Authority (HDPA).
9. Data Retention
We keep your personal data for as long as your account is active. When you delete your account:
- Your name, email, stories, notes, and Companion history are permanently deleted
- Anonymised billing records are retained as required for accounting purposes
10. Data Security
We use industry-standard measures to protect your data, including encrypted connections (HTTPS), row-level security on our database, and server-side-only access for sensitive operations. In the event of a data breach that affects your rights, we will notify the relevant authority within 72 hours and inform you without undue delay.
11. Children
Neku is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to This Policy
We may update this policy from time to time. When we do, we will update the date at the top of this page. For significant changes, we will notify you by email.