← Back to the study

Privacy Policy

Effective April 23, 2026Last updated April 24, 2026v1.1

Typewryte (the “Website”) is operated by Authentikeyed AI, Inc. (“Authentikeyed AI,” “we,” or “us”). This policy explains what the Website stores on your device, what typing data we receive, why we collect it, and the choices you have. The Website does not require an account, does not identify you, and does not sell or share your data with third parties for their own use.

The short version

  • No accounts, no logins, no profiles.
  • No persistent identifiers. We do not tag you with a tracking ID.
  • Typing data — what you type and how you type it — is sent to our servers and used to train a single non-LLM machine-learning model that distinguishes original writing from text copy-typed from another source.
  • This is a time-limited data collection project. Once we have gathered enough data to train the model, we will stop collecting typing data.
  • We do not log your IP address.
  • No third-party cookies, analytics SDKs, or advertising pixels.
  • We do not sell your data.

What we store on your device

Terms-of-Use acceptance cookie

When you accept the Terms of Use, we set a first-party cookie that records that acceptance so the Website does not prompt you again on every visit. The cookie contains only an acceptance flag, a timestamp, and a version identifier for the Terms. It is strictly necessary to provide the service you have requested, and under the ePrivacy Directive it does not require separate consent. The cookie lifetime is one year.

Reading progress in local storage

As you read or type through a book or speech, the Website stores your progress in your browser’s local storage so you can pick up where you left off. This information lives on your device only; it is never transmitted to our servers and we do not have a copy. Clearing your browser data will reset your progress.

What we do not use

We do not set third-party cookies. We do not load analytics SDKs or advertising trackers. We do not fingerprint your device. We do not use a persistent identifier to link one of your sessions to another.

What we receive on our servers

When you type on the Website, each typing session transmits keystrokes, timing between keystrokes, accuracy, and — for fixed-prompt modes (reading, typing reference) — the prompt text you are typing. In free-writing mode, only the keystroke timings are transmitted; the text you compose stays on your device in local storage and is not sent to us. Sessions are received by our servers without a stable identifier that we control and without your IP address, which we do not log.

We are honest about a limit of this approach: typing rhythm is distinctive enough that, in principle, patterns across sessions could narrow the set of people a session might belong to. We take steps to keep that risk low — not logging IP, not storing a cross-session identifier, not combining session data with other information — so that individual sessions remain, in practice, pseudonymous rather than directly identifying.

About keystroke dynamics

Keystroke timing data can in some contexts be used as a behavioral biometric to identify individuals. We do not use it for that purpose. We do not build biometric templates, do not attempt to identify users, do not match typing patterns across sessions, and do not use the data for authentication. Our model aggregates data across many users to describe copy-typing behavior in general, not to recognize any specific person.

Why we collect it

Typing data is used to train a single proprietary, non-LLM machine-learning model whose purpose is to distinguish writing composed originally by a person from text being copy-typed from another source. That model is the foundation of Authentikeyed AI’s main product, which attributes human effort to written work (the “Stamp”).

Different modes of the Website contribute different kinds of examples to the training set: reading and typing-reference modes generate examples of copy-typing, while free-writing mode generates examples of original composition. In free-writing mode, only the keystroke timings are transmitted to our servers — the text you actually compose is held in your browser’s local storage and never leaves your device. This means we receive information about the rhythm of your typing in free-writing mode, but not the content of what you wrote.

This is a time-limited research and development project. We are collecting data for the specific, narrow purpose of training this one model. Once we have gathered sufficient data, we will stop collecting typing sessions. We will not use the data to build user profiles, identify individuals, or train unrelated models. If we ever want to use the data for a materially different purpose, we will update this policy and make the change clear before the new use begins.

We may also use aggregated session data to understand how the Website is being used and to keep it secure.

Legal bases (for visitors in the EEA and UK)

  • Strictly necessary storage — the Terms-acceptance cookie and the local-storage progress are necessary to provide a service you have requested (ePrivacy Directive).
  • Legitimate interests — we rely on our legitimate interest in developing the copy-typing detection model described above for the processing of typing session data. Because sessions are collected without a stable identifier and without your IP, and because collection is time-limited to the training of a single defined model, the impact on any individual is minimal. We have documented this assessment internally and can provide a summary on request. You may object to this processing using the contact details below.

How long we keep it

Raw typing session data is retained only for as long as needed to train the model, and in any case no longer than three (3) years from the date of the session. Once the model has been trained and we have determined the raw data is no longer needed, it will be deleted or further aggregated so that it can no longer be associated with the originating session.

The trained model itself contains only aggregate statistical patterns learned across many sessions and cannot be used to reconstruct or identify individual typing sessions.

Sharing

We do not sell your data. We do not share it with third parties for their own marketing or advertising purposes. We use hosting and infrastructure providers who process data on our behalf under confidentiality and data protection terms. We may disclose data to legal or regulatory authorities where required by law.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or object to the processing of personal data we hold about you, and rights under the GDPR, UK GDPR, CCPA/CPRA, and similar laws.

An honest caveat: because we do not retain an identifier we can trace back to you, we generally cannot locate a specific session in our records and cannot honor access or deletion requests at the session level. For the same reason, the data we hold cannot be used to identify, contact, or track you. If you believe we are holding data about you and would like to exercise a right, please contact us and we will do our best to help. If we genuinely cannot identify the data, we will explain why.

You can stop contributing data at any time by leaving the Website.

California privacy rights

California residents have rights under the CCPA and CPRA to know, access, delete, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by those laws, and we do not collect the categories of “sensitive personal information” defined by the CPRA. Because of the standardization issues with the signal, we do not currently respond to Do-Not-Track headers. You may exercise your rights by contacting us at the address below.

Children

The Website is not directed to children under sixteen, and we do not knowingly collect information from them. If you believe a child under sixteen has used the Website, please contact us and we will take reasonable steps to address it.

Changes to this policy

We may update this policy from time to time. If the changes are material — in particular, any change to the purposes for which typing data is used — we will post a notice on the Website before the change takes effect. Your continued use of the Website after a change becomes effective constitutes acceptance of the revised policy. The version and effective date at the top of this page reflect the current version.

Contact

Authentikeyed AI, Inc.
945 Taraval St #1255, San Francisco, CA 94116
privacy@okhuman.com

Typewryte by Authentikeyed AIPrivacy Policy v1.1 · effective April 23, 2026