Privacy is paramount on Novelitist. Not only generally, as repeatedly stated in our User Agreement, but paying attention to the specific needs of our writers. Writers, like most artists, are often very private people when it comes to their craft, and wary about their work becoming public before the time comes. We strive to address their privacy needs in full.

How we protect your data

We and our partners (cloud providers, payment processors, etc.) are using industry-standard security and privacy practices.

All traffic from your devices to our servers and back is encrypted using HTTPS (always look for the lock icon 🔒 in your browser’s address bar to ensure your connection is encrypted; various browsers may have a different visual indicator).

In addition to protecting your data in transit, we also secure your data-at-rest: our databases are secured with access control, plus an additional layer of encryption. Even if malicious actors somehow obtain the data, they would still have to decrypt it.

Absolute privacy

In addition to the above, Novelitist offers what we call absolute privacy, i.e., the possibility to encrypt your books locally, on your devices, using passwords that only you know and that never leave your device.

This ensures that not even our authorized staff (database administrators, other employees with elevated system privileges) can ever read your books while you write them, until you decide to publish.

This is a unique benefit that you won’t get with most cloud storage, and certainly with none of the book authoring solutions out there, to our knowledge. In most cases, even if your data is encrypted by the service, encryption is also managed by the service, which means the service also has the keys to decrypt your data for you, and therefore can see it in unencrypted form if they wanted to.

Unless you are given the opportunity to encrypt and decrypt your data exclusively on your devices, with a password that never leaves your device (and therefore only you know), there is no guarantee that the maintenance staff can’t see it, even without malicious intent.

Read all about the Novelitist absolute privacy feature in this very user guide.

Limited third-party online tools

We limit the use of third-party online tools, such as spell checking services, to ensure your data stays within Novelitist. That’s why we use in-house spell checking, instead of sending your text to a third-party service for review.

You can opt to use such services yourself, as browser add-ons, for example. We may, in the future, employ some such services, if that helps our users’ writing experience, but it will be clearly marked as a potential privacy breach, on a per case basis.

No advertising

By rejecting all forms of targeted advertising on Novelitist assets (main website, web application, etc.), we are shielding our writers from any nefarious trackers and data harvesters, for your peace of mind — and ours.

Your part

As much as we strive to protect your data, you must be part of this effort, lest it’s all in vain. The truth is that us humans are the weakest link in the security chain.

Use strong passwords

Choose strong passwords for your account and book encryption. Ideally, you’d use a passphrase, which is just a password, but longer and easier for you to remember. Remember that your protection is only as strong as your password is.

Never share your Novelitist passwords with anyone

Your account password and your book encryption passwords should never be shared with anyone else, ever.

Novelitist staff or our partners will never ask for your account or encryption passwords, via any means. If that happens, don’t share the password, and please contact us immediately with the incident details. You may be the target of phishing or other bad behavior.

Third-party browser add-ons/extensions

Be careful about the third-party browser add-ons/extensions you install, and any other tools running on your device that can access your Novelitist application and the content displayed in it. There is nothing we can do to stop malicious software running on your device from reading or altering your data, if you gave it access to do so.