At Slima, Inc. ("Slima," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes our practices regarding the collection, use, storage, and disclosure of information when you use our services.
Privacy at a Glance
No AI Training
Your creative content is never used to train AI models.
End-to-End Security
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Right to Delete
Request complete data deletion at any time.
Information We Collect
We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.
Account Information
- Email address (required for account creation and communication)
- Display name (optional, used for personalization)
- Password (stored using industry-standard bcrypt hashing)
- Payment information (processed securely by Stripe; we do not store full card numbers)
User Content
- Your manuscripts, stories, notes, and other creative works
- Project structure, folder organization, and file metadata
- Your preferences, themes, and customization settings
Automatically Collected Data
- Anonymous usage statistics and interaction patterns
- Feature usage frequency and preferences
- Device type, operating system, browser type, and version
- Server logs including IP addresses, timestamps, and referring URLs
How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, maintain, and improve the Service and its features
- To analyze usage patterns and optimize user experience and Service performance
- To process your content through AI features for real-time analysis and suggestions (processed temporarily, not retained)
- To send you technical notices, security alerts, support messages, and administrative communications
- To detect, prevent, and address fraud, abuse, security issues, and technical problems
- To comply with legal obligations and enforce our Terms of Service
AI and Your Content
We do not use your creative content to train, develop, or improve any artificial intelligence or machine learning models. Your stories, characters, and creative works remain private.
When you use AI-powered features (such as writing assistance or beta reader analysis), your content is temporarily transmitted to our AI service providers solely to generate the requested analysis or suggestions. This processing occurs in real-time and the content is not stored by AI providers after the response is generated.
We currently use Google Gemini and xAI Grok as AI service providers. All content transmitted to these services is encrypted using TLS 1.3 during transmission. These providers are contractually obligated to process your data only as instructed and to maintain appropriate security measures.
AI processing logs (which do not contain your actual content) may be retained for up to 30 days for debugging and service improvement purposes.
Data Storage and Security
We implement industry-standard security measures to protect your personal information. Your data is stored in secure, professionally managed cloud infrastructure:
| Infrastructure | Location |
|---|---|
| Application Servers | Fly.io (Japan, United States) |
| File Storage | Cloudflare R2 (Global CDN) |
| Database | Neon (United States) |
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We conduct regular security assessments and maintain SOC 2 Type II compliant infrastructure through our hosting providers.
Our Progressive Web App (PWA) may store data locally on your device for offline functionality. This local data is subject to your device's security measures.
Third-Party Services
We engage trusted third-party service providers to help us operate and improve the Service. These providers are contractually obligated to protect your information and use it only for the purposes we specify:
| Service Provider | Purpose |
|---|---|
| Stripe | Secure payment processing and subscription management |
| Google Gemini | AI-powered writing assistance and analysis features |
| Grok (xAI) | AI-powered writing assistance and analysis features |
| ElevenLabs | Text-to-speech and voice synthesis capabilities |
| Cloudflare | Global content delivery, DDoS protection, and file storage |
| Fly.io | Application hosting and server infrastructure |
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:
- 1 Active Accounts: Your data is retained for as long as your account remains active and you continue to use the Service.
- 2 Account Deletion: Upon account deletion, we will delete or anonymize your personal data within 30 days, except as required by law.
- 3 Backup Systems: Encrypted backups may retain your data for up to 90 days after deletion for disaster recovery purposes.
- 4 Legal Obligations: We may retain certain information as required by applicable tax, legal, or regulatory requirements.
Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws (including GDPR, CCPA, and others):
Right to Access
Request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data, subject to certain legal exceptions and retention requirements.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format (JSON, CSV).
Right to Object
Object to processing of your personal data for certain purposes, including direct marketing.
Right to Restriction
Request that we limit the processing of your personal data under certain circumstances.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.
Children's Privacy
The Service is not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately at [email protected].
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and Japan, where our servers and service providers are located. These countries may have data protection laws that differ from those in your country.
When we transfer personal data internationally, we implement appropriate safeguards to protect your information, including standard contractual clauses approved by relevant data protection authorities, and ensure that recipients provide adequate protection for your data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where required by law, by sending you an email or providing notice through the Service. Your continued use of the Service after such notice constitutes acceptance of the updated Privacy Policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Data Protection Officer:
Slima, Inc.
10F, Unit 6, No. 28 Wanfang StWenshan District, Taipei City 116
Taiwan
Taiwan Subsidiary
牧本科技股份有限公司Taiwan
This Privacy Policy was last updated on January 23, 2026. We encourage you to review this policy periodically for any changes.