Stylograph Privacy Policy

Last Updated: February 23, 2026

Effective Date: February 23, 2026

Stylograph, Inc. (“Stylograph,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at stylograph.ai (the “Website”), use our AI-powered handwritten note platform and related services (the “Service”), or otherwise interact with us.

This Privacy Policy should be read together with our Terms of Service at stylograph.ai/terms.

By using the Website or the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Who This Policy Applies To

Stylograph interacts with several categories of individuals. The information we collect and how we use it varies depending on your relationship with us.

Customers are the organizations or individuals that contract with Stylograph for handwritten note services. Customers provide us with account information, payment details, and Recipient Data.

Senders are the individuals whose handwriting is captured and digitized. Senders provide us with Handwriting Data through a template-based process.

Recipients are the individuals to whom handwritten notes are addressed and delivered. Stylograph receives information about Recipients from Customers, not directly from Recipients themselves.

Website Visitors are individuals who browse stylograph.ai without necessarily using the Service.

Job Applicants are individuals who apply for positions at Stylograph.

This Privacy Policy describes Stylograph’s practices when we act as the party that determines how and why personal information is processed (a “Controller”). When Stylograph processes Recipient Data on behalf of a Customer, we act as a service provider or processor. In that capacity, our handling of Recipient Data is governed by our agreement with the applicable Customer, not this Privacy Policy. If you are a Recipient with questions about how your information is being used, please contact the organization that sent you the note.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: When you create an account, we collect your name, email address, phone number, organization name, job title, and login credentials.

Payment Information: When you purchase the Service, we collect billing information. Payment card details are processed by our third-party payment processor (currently Stripe) and are not stored on Stylograph’s systems.

Recipient Data: Customers provide us with information about the individuals to whom notes will be sent, including names, mailing addresses, and contextual information used for note personalization (such as interests, milestones, or relationship context). Recipient Data is provided by Customers and processed by Stylograph solely to provide the Service.

Handwriting Data: Senders provide handwriting samples through a template-based process. We collect the completed handwriting template, which is processed into a digital font file. Handwriting Data includes the original scanned templates, the digital font files, and rendered note images. See Section 5 for detailed provisions.

Note Content: Customers provide or approve the text, messaging, and personalization elements contained in notes generated through the Service.

Communications: When you contact us by email, phone, or through the Website, we collect the contents of those communications along with any contact information you provide.

Feedback and Surveys: If you respond to our surveys or provide feedback about the Service, we collect the information you share.

2.2 Information Collected Automatically

Device and Browser Information: When you visit the Website, we automatically collect information about your device and browser, including device type, operating system, browser type and version, screen resolution, and language preferences.

Usage Data: We collect information about how you interact with the Website and the Service, including pages viewed, features used, links clicked, time spent on pages, and referring URLs.

Log Data: Our servers automatically record information from your browser, including your IP address, access times, and the pages you requested.

Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity. See Section 7 for details.

Location Information: We may derive your approximate location from your IP address. We do not collect precise geolocation data.

2.3 Information from Other Sources

Business Partners and Referrals: We may receive your contact information from business partners, referral sources, or publicly available sources in connection with our marketing and sales activities.

Third-Party Services: If you interact with us through a third-party platform or integration (such as a CRM system connected to the Service), we may receive information about you from that platform in accordance with its privacy settings and policies.

Publicly Available Information: We may collect business contact information from publicly available sources such as LinkedIn, company websites, or industry directories for our sales and marketing purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Processing Handwriting Data into digital fonts, generating personalized note content using AI, rendering and fulfilling handwritten notes, managing Customer accounts, and processing payments.

AI Processing and Personalization: Using artificial intelligence and machine learning to generate personalized note content with emotional tone adaptation. Our AI processes Customer-provided context and Recipient Data to create notes tailored to each Recipient. See Section 6 for details on AI-specific practices.

Improving the Service: Analyzing usage patterns, troubleshooting technical issues, testing new features, and developing new products and services. We may use anonymized and aggregated data for research, analytics, and benchmarking purposes.

Communications: Responding to your inquiries and support requests, sending transactional messages (such as order confirmations and service updates), and providing information about the Service.

Marketing: Sending promotional communications about Stylograph’s products, services, events, and industry news that we believe may interest you. You may opt out of marketing communications at any time (see Section 8).

Security and Fraud Prevention: Detecting, investigating, and preventing unauthorized access, abuse, fraud, and other illegal activities. Protecting the rights, property, and safety of Stylograph, our Customers, and others.

Legal Compliance: Complying with applicable laws, regulations, legal processes, and governmental requests. Enforcing our Terms of Service and other agreements.

Business Operations: Managing our business, including financial reporting, auditing, insurance, and corporate transactions such as mergers, acquisitions, or asset sales.

Anonymous and Aggregated Data: We may create anonymous or aggregated information from the data we collect by removing information that identifies you personally. We reserve the right to use and disclose anonymous and aggregated information for any lawful purpose, including to analyze service usage patterns, improve our AI models, develop pricing, and publish industry benchmarks. This anonymous and aggregated data is not subject to the restrictions of this Privacy Policy.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

Service Providers: We share information with third-party vendors who help us provide the Service. These include print and mail fulfillment partners (such as Click2Mail), cloud hosting providers, payment processors (such as Stripe), analytics services, and email delivery platforms. Our service providers are contractually required to use your information only to provide services to us and are bound by data protection obligations.

At Your Direction: We share information where you have directed us to, such as when a Customer provides Recipient Data for the purpose of sending notes.

Professional Advisors: We may share information with our lawyers, accountants, auditors, and insurers as necessary for the professional services they provide.

Business Transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as a business asset. If such a transaction occurs, the acquiring entity’s use of your information will remain subject to this Privacy Policy.

Legal Requirements: We may disclose information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, court order, or legal process; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of the Service; (d) protect Stylograph’s rights, property, or safety; or (e) respond to a government request.

With Consent: We may share your information with other parties when you give us explicit consent to do so.

Anonymous and Aggregated Data: We may share anonymous and aggregated information that does not identify you with third parties for any lawful purpose, including industry analysis, demographic profiling, and marketing.

5. Handwriting Data

Handwriting Data is central to Stylograph’s service and occupies a unique position in our data practices. This section supplements the Handwriting Data Provisions in Section 6 of our Terms of Service.

5.1 What We Collect

When a Sender completes a handwriting template, we collect the completed template (typically a scanned image of handwritten characters including uppercase letters, lowercase letters, numbers, and common punctuation). We process this template into a custom digital font file. We also retain rendered note images produced using the font.

5.2 How We Use Handwriting Data

Handwriting Data is used exclusively to: (a) generate a digital font replicating the Sender’s handwriting; (b) render personalized notes on behalf of the Sender or the Sender’s Customer; and (c) improve the quality and accuracy of the Sender’s font rendering.

We do not sell, lease, trade, or otherwise transfer Handwriting Data to third parties for purposes unrelated to the Service. We do not use a Sender’s handwriting font to provide services to any other customer without the Sender’s explicit written consent.

5.3 Third-Party Sharing

We share Handwriting Data with service providers only as necessary to provide the Service (for example, print fulfillment partners that need font files to produce physical notes). These providers are bound by contractual data protection obligations.

5.4 Security

Handwriting Data is stored on encrypted systems with access restricted to authorized Stylograph personnel. Access is logged and subject to periodic review. For information about our security practices, see Section 11.

5.5 Retention

We retain Handwriting Data for the duration of the active service relationship plus two (2) years. After the retention period, Handwriting Data is permanently and irrecoverably deleted using secure disposal methods. If a Sender requests deletion before the retention period ends, we honor that request within thirty (30) days (see Section 8.2).

5.6 Sender Rights

Senders may exercise the following rights regarding their Handwriting Data at any time by contacting us at [insert contact email]:

(a) Access: Request a copy of the Handwriting Data we hold.

(b) Deletion: Request permanent deletion of the handwriting template, font file, and rendered images. Deletion is completed within thirty (30) days of a verified request and will result in discontinuation of handwriting services for that Sender.

(c) Portability: Request an export of the digital font file in a standard format.

5.7 Biometric Classification

Stylograph has evaluated the applicability of biometric privacy laws to Handwriting Data. Under the Illinois Biometric Information Privacy Act (740 ILCS 14/10), “writing samples” and “written signatures” are explicitly excluded from the definition of “biometric identifiers.” Handwriting templates collected by Stylograph are writing samples under the plain statutory language. Stylograph does not collect biometric identifiers as defined under BIPA or similar state laws. For our full analysis, see our Biometric Law Analysis documentation.

6. Artificial Intelligence and Machine Learning

AI is core to Stylograph’s service. This section explains how we use AI and machine learning in connection with the data we collect.

6.1 What Our AI Does

Stylograph uses AI and machine learning to: (a) generate personalized note content based on Customer-provided context and Recipient Data; (b) adapt the emotional tone of notes to match the intended relationship between Sender and Recipient; (c) optimize the rendering quality of handwriting fonts; and (d) improve the overall quality and effectiveness of the Service.

6.2 Data Used for AI Processing

When generating notes for a specific Customer, our AI processes the following inputs: Recipient Data provided by the Customer, contextual information and prompts provided by the Customer, and the Sender’s digital font file. AI Output (the generated note content) is owned by the Customer as set forth in the Terms of Service.

6.3 Training and Model Improvement

We may use anonymized and aggregated data derived from the Service to improve our AI models. This includes patterns in note generation, tone calibration, and engagement metrics. We do not use individually identifiable Customer Content, Recipient Data, or Handwriting Data for model training purposes without the Customer’s explicit written consent. We do not permit our third-party AI service providers to use Customer data to train their models.

6.4 Automated Decision-Making

Stylograph’s AI generates draft note content, but Customers are responsible for reviewing and approving all notes before fulfillment (unless they have authorized automated workflows). No fully automated decisions with legal or similarly significant effects are made about any individual based solely on AI processing.

7. Cookies and Tracking Technologies

We use cookies and similar technologies on the Website to collect information about your browsing activity.

7.1 Types of Cookies We Use

Essential Cookies: Required for the Website to function properly. These cannot be disabled without affecting Website functionality. Examples include authentication cookies and security cookies.

Analytics Cookies: Help us understand how visitors interact with the Website by collecting information about pages visited, time spent, and navigation patterns. We currently use Webflow’s built-in analytics. We may add additional analytics tools (such as Google Analytics) in the future.

Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

Marketing Cookies: Used to track visitors across websites to enable the display of relevant advertising. We may use these in the future for interest-based advertising purposes.

7.2 Your Cookie Choices

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only first-party cookies, or notify you when a cookie is being set. Please note that disabling cookies may affect the functionality of the Website.

If we implement marketing or third-party analytics cookies in the future, we will provide a cookie management tool that allows you to selectively accept or decline non-essential cookies.

7.3 Do Not Track

Some browsers transmit “Do Not Track” (DNT) signals to websites. There is currently no industry standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we will revise this practice if a standard is established. We do recognize and honor Global Privacy Control (GPC) signals where required by applicable law.

8. Your Rights and Choices

Depending on where you reside, you may have certain rights regarding your personal information. Stylograph respects these rights and provides the following options to all users, regardless of location.

8.1 General Rights

(a) Access: You may request a copy of the personal information we hold about you.

(b) Correction: You may request that we correct inaccurate or incomplete information.

(c) Deletion: You may request that we delete your personal information, subject to certain exceptions (such as legal retention obligations or ongoing contractual requirements).

(d) Portability: Where technically feasible, you may request a copy of your data in a structured, commonly used, machine-readable format.

(e) Objection: You may object to certain processing of your personal information, including processing for direct marketing purposes.

(f) Restriction: You may request that we temporarily restrict the processing of your personal information while we address a concern you have raised.

To exercise any of these rights, please contact us at [insert contact email]. We will respond to verified requests within thirty (30) days. If we need additional time, we will notify you of the reason and the expected response date. We do not charge a fee for processing reasonable requests.

8.2 Handwriting Data Rights

Senders have additional rights specific to Handwriting Data as described in Section 5.6 above and in Section 6.6 of the Terms of Service.

8.3 Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by: (a) clicking the “unsubscribe” link in any marketing email; (b) contacting us at [insert contact email]; or (c) adjusting your account preferences if a user dashboard is available.

Even after opting out of marketing communications, you will continue to receive transactional messages related to your account and the Service (such as order confirmations, service updates, and security alerts).

8.4 Account Deletion

You may request deletion of your account and associated personal information by contacting us at [insert contact email]. Upon receiving a verified account deletion request, we will delete or anonymize your personal information within thirty (30) days, except for information we are required to retain for legal, regulatory, or contractual purposes.

9. State-Specific Privacy Rights

Residents of certain U.S. states have additional privacy rights under their respective state laws. This section provides supplemental information for residents of those states.

9.1 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide you with additional rights regarding your personal information, including the right to know, delete, correct, and opt out of the sale or sharing of personal information.

Sale of Personal Information: Stylograph does not sell personal information as defined under the CCPA.

Sharing for Targeted Advertising: If Stylograph begins sharing personal information for cross-context behavioral advertising purposes, we will provide a “Do Not Sell or Share My Personal Information” link on the Website and honor opt-out requests.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent’s authority.

To exercise your rights, contact us at [insert contact email].

9.2 Virginia, Colorado, Connecticut, and Other State Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy laws may have similar rights, including rights to access, correct, delete, and obtain a copy of personal information, as well as the right to opt out of targeted advertising, sales, and certain profiling.

To exercise these rights, contact us at [insert contact email]. If we deny your request, you may have the right to appeal. To appeal, respond to our denial communication or contact us directly, and we will respond within the timeframe required by applicable law.

9.3 Data We Process on Behalf of Customers

When Stylograph processes Recipient Data on behalf of a Customer (for example, mailing addresses of note recipients), the Customer is the controller of that data. If you are a Recipient and wish to exercise your privacy rights regarding information a Customer has shared with us, please contact the organization that sent you the note. We will cooperate with the Customer to fulfill any valid data subject request.

10. Children’s Privacy

Stylograph’s Website and account registration are intended for individuals aged 18 and older. We do not knowingly collect personal information directly from children under the age of 13 as defined by the Children’s Online Privacy Protection Act (COPPA), or under the age of 16 for California residents.

Recipient Data provided by Customers may include information about minors (for example, high school athletic recruits in the college athletics recruiting vertical). In these cases, the Customer is responsible for ensuring that the collection and sharing of such data complies with all applicable laws, including FERPA and any state minor-data-protection requirements. Stylograph processes this data solely on the Customer’s instructions as described in Section 2.

If we discover that we have collected personal information directly from a child under 13 without parental consent, we will promptly delete that information. If you believe a child’s information has been submitted to us, please contact us at [insert contact email].

11. Data Security

Stylograph takes the security of your information seriously and implements technical, organizational, and physical safeguards to protect it.

Our security measures include, but are not limited to: encryption of data in transit using TLS and at rest using industry-standard encryption methods, access controls limiting data access to authorized personnel, regular access reviews and security logging, secure software development practices, vendor security assessments for service providers who handle personal information, and incident response procedures for detecting and responding to data breaches.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

As Stylograph achieves compliance certifications (such as SOC 2 Type I or Type II), this section and our security documentation will be updated to reflect current certifications.

12. Data Retention

We retain your personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

General retention guidelines:

Account Information: Retained for the duration of your account plus two (2) years after account closure or termination.

Handwriting Data: Retained for the duration of the active service relationship plus two (2) years, consistent with Section 6.5 of the Terms of Service.

Recipient Data: Retained for the duration of the Customer relationship plus the period specified in our Data Retention and Disposal Policy. Customers may request deletion of Recipient Data upon termination of the Service.

Payment Records: Retained for seven (7) years for tax, accounting, and legal compliance purposes.

Website Analytics and Log Data: Retained for up to twenty-four (24) months.

Marketing Communications Records: Retained until you opt out, plus any additional period required to process the opt-out request.

Job Applicant Data: Retained for two (2) years after the conclusion of the hiring process, unless you are hired or request earlier deletion.

After the applicable retention period, personal information is permanently and irrecoverably deleted or anonymized using secure disposal methods.

13. International Data Transfers

Stylograph is based in the United States and processes data in the United States. If you are located outside the United States and provide information to us, your information will be transferred to, stored, and processed in the United States.

Some of our service providers may store or process data in locations outside the United States. We take steps to ensure that these providers maintain appropriate safeguards for the protection of personal information, including through contractual data protection obligations.

If we expand our services to individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, we will implement appropriate transfer mechanisms as required by applicable law, such as Standard Contractual Clauses.

14. Third-Party Links and Services

The Website and Service may contain links to third-party websites, services, or integrations. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with Stylograph.

Our current third-party service providers include, but are not limited to:

• Print and Mail Fulfillment: Click2Mail (or successor fulfillment partners)
• Payment Processing: Stripe
• Handwriting Capture: Calligraphr (template generation)
• Website Hosting: Webflow
• Cloud Infrastructure and Data Storage: [To be specified]
• Analytics: Webflow Analytics (additional providers may be added)

We may update this list from time to time as our service providers change. For the most current list, contact us at [insert contact email].

15. Data Breach Notification

In the event of a data breach affecting your personal information, Stylograph will:

(a) Investigate and contain the breach in accordance with our Incident Response Plan.

(b) Notify affected individuals as required by applicable law. Where specific notification timelines are required by state law (such as Pennsylvania’s breach notification statute, 73 P.S. § 2303), we will comply with the most stringent applicable requirement.

(c) Notify relevant regulatory authorities as required by law. For breaches affecting 500 or more Pennsylvania residents, notification to the Pennsylvania Attorney General is required.

(d) Cooperate with affected Customers to coordinate notification where Stylograph is acting as a processor of Customer data.

Notification will include a description of the nature of the breach, the types of information involved, the steps we are taking to address the breach, and recommendations for affected individuals.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

If we make material changes, we will notify you by: (a) updating the “Last Updated” date at the top of this page; (b) posting a notice on the Website; and (c) where practicable, sending notice to the email address associated with your account at least thirty (30) days before the changes take effect.

Your continued use of the Website or Service after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms. If you do not agree with the revised Privacy Policy, please discontinue use of the Website and Service and contact us to discuss your options.

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about our privacy practices, please contact us:

Stylograph, Inc.

Email: help@stylograph.ai

Phone: (412) 453-6418‬

We aim to respond to all inquiries within thirty (30) days.

‍