Legal information

GDPR

Last updated: 22.5.2026

This GDPR information page explains how Linearscript handles personal data in accordance with the EU General Data Protection Regulation (GDPR).

Linearscript is currently provided as a test-use web application for planning, writing and managing screenplays.

1. Controller

The controller of personal data is:

T:mi Puhakka Joonas Aleksi

Business ID: 2950337-3

Finland

Contact email:

info@linearscript.com

For privacy-related requests, please contact:

info@linearscript.com

2. What personal data we process

Linearscript may process the following personal data:

Account data:

• username
• email address, if provided
• password hash
• account creation date
• selected language
• user role, such as user or admin

Project data:

• project names
• screenplay text and scene data
• timeline data
• scene notes
• uploaded attachments connected to notes
• imported screenplay content
• collaborators and access permissions
• access requests to projects
• project activity metadata, such as updated time

Feedback data:

• feedback message
• user account connected to the feedback
• submission time
• technical metadata needed to process the feedback

Password reset data:

• reset token
• reset token expiry time
• email address used for password recovery

Technical and security data:

• session data
• CSRF tokens
• limited server logs
• browser/user agent information, where needed for security or debugging
• IP address, where recorded by the hosting environment or server logs
• error and diagnostic information, where needed for troubleshooting or security

3. Why we process personal data

We process personal data for the following purposes:

To provide the service:

• creating and managing user accounts
• allowing users to create, edit and save screenplay projects
• enabling collaboration between users
• saving timeline, scene, note and export settings
• processing PDF imports and exports

To protect accounts and projects:

• user authentication
• password reset
• CSRF protection
• project access control
• preventing unauthorized access
• investigating suspected misuse or security incidents

To support collaboration:

• managing project collaborators
• handling access requests
• showing project presence or scene locks where applicable

To improve and maintain the service:

• receiving feedback
• debugging technical problems
• improving usability during test use
• maintaining service reliability

To comply with legal obligations:

• responding to data subject requests
• maintaining necessary records related to the service
• responding to lawful requests from authorities where required

4. Legal bases for processing

The legal bases for processing personal data are:

Contract or steps before entering into a contract:

• when we provide Linearscript account and project features to the user
• when we save, load, edit, import, export or share project content as requested by the user

Legitimate interest:

• maintaining service security
• preventing misuse
• debugging and improving the service
• handling feedback
• managing access requests
• protecting the service, users and legal rights

Consent:

• where a specific optional feature requires consent, such as optional communications, analytics, marketing features or non-essential cookies if introduced in the future

Legal obligation:

• where we are required to retain or process information under applicable law

5. Screenplay and project content

Users are responsible for the content they create, import or upload to Linearscript.

This may include:

• screenplay text
• character names
• story notes
• imported PDF content
• uploaded files
• private project material
• personal data about real individuals, if the user chooses to include it

Linearscript does not claim ownership of user-created screenplay content.

Project content is processed only to provide the service, save the user’s work, enable collaboration and provide related features such as export, notes, PDF import and timeline tools.

Users should avoid uploading unnecessary sensitive personal data about real individuals. If users include personal data about third parties in screenplay content, notes, attachments, imported PDFs or other project content, they are responsible for ensuring that they have the right or lawful basis to do so.

6. Data storage

Linearscript currently uses file-based storage instead of a SQL database.

This means that user and project data may be stored in structured files on the server, such as JSON files and uploaded attachment files.

The storage method may change in the future, including possible migration to an SQL database. If the storage method changes, the purpose of processing remains the same unless users are informed otherwise.

During test use, data structures may be changed, migrated, restructured or reset where necessary for development, security, maintenance or technical reasons. Where reasonable, Linearscript aims to give advance notice, but this may not always be possible.

7. Who can access the data

Personal data and project data may be accessed by:

• the user who owns the account
• project collaborators who have been granted access
• the service administrator, where necessary for maintenance, support, security, debugging or legal compliance
• hosting or technical service providers where technically necessary to run the service

Project owners control who they invite or approve as collaborators.

8. Data sharing

We do not sell users’ personal data.

We may share or make data available only when necessary for:

• hosting and operating the service
• sending password reset emails
• complying with legal obligations
• protecting the service, users or legal rights
• investigating misuse or security incidents
• using trusted technical service providers needed to operate the service

Service providers may include hosting providers, email delivery providers, backup providers, security or monitoring tools and, if paid features are introduced, payment providers. These providers may process personal data only as necessary to provide their services to Linearscript and, where required, under appropriate data processing terms.

9. International transfers

The service is intended to be operated primarily for users in the EU/EEA.

If technical service providers outside the EU/EEA are used in the future, appropriate safeguards will be used where required by GDPR. Such safeguards may include an adequacy decision, standard contractual clauses or another lawful transfer mechanism.

10. Data retention

We keep personal data only as long as necessary for the purposes described in this document.

Typical retention periods:

Account data:

• kept while the account exists

Project data:

• kept while the project exists or until the user deletes it

Feedback:

• kept as long as needed to review, respond to and improve the service

Password reset tokens:

• kept only for a limited time and expire automatically

Server logs:

• typically kept only as long as necessary for security, troubleshooting, maintenance or legal reasons, according to the hosting provider’s or server configuration

Backups:

• deleted data may remain in backups for a limited time before being overwritten

If a specific retention period cannot be stated in advance, the retention period is determined based on the purpose of the data, account status, project status, legal obligations, security needs and whether the data is needed to establish, exercise or defend legal claims.

11. Automated decision-making

Linearscript does not currently use automated decision-making or profiling that produces legal or similarly significant effects for users.

12. Your rights under GDPR

Depending on the situation, you may have the right to:

• request information about how your personal data is processed
• access your personal data
• correct inaccurate or incomplete data
• request deletion of your personal data
• request restriction of processing
• object to processing based on legitimate interest
• request data portability
• withdraw consent where processing is based on consent
• lodge a complaint with a data protection authority

To use your rights, contact:

info@linearscript.com

We may need to verify your identity before fulfilling a request.

13. Deleting account or project data

You may request deletion of your account or personal data by contacting:

info@linearscript.com

Project owners may delete their own projects through the service where this feature is available.

If a project has collaborators, deletion by the owner may remove access to that project for all collaborators. Project content shared with collaborators may remain visible to them until the project itself is deleted or access is removed, depending on how the service stores and displays collaboration data.

14. Data breaches and security incidents

If we become aware of a personal data breach that is likely to result in a risk to users’ rights and freedoms, we will handle notifications in accordance with applicable data protection law.

15. Security

We use technical and organizational measures to protect personal data, such as:

• password hashing
• login sessions
• CSRF protection
• project access control
• file access restrictions
• role-based admin access
• limited access to server-side data
• upload restrictions where applicable
• reasonable administrative access controls

No online service can be guaranteed to be completely secure, but we aim to protect data using reasonable measures appropriate for the nature of the service.

16. Children

Linearscript is not intended for children under the age of 16.

If we become aware that a child has provided personal data without appropriate permission, we may delete the account and related data.

17. Organizational use

If Linearscript is used by an organization to process personal data on behalf of that organization, a separate data processing agreement may be required.

18. Changes to this GDPR information

We may update this page when the service, legal requirements or data processing practices change.

The latest version will be available on this page.

19. Supervisory authority

If you believe your data protection rights have been violated, you may contact the Finnish Data Protection Ombudsman or your local EU/EEA data protection authority.

Finnish supervisory authority:

Office of the Data Protection Ombudsman