Authentication
- WriterzRoom uses NextAuth v5 with Google OAuth for user authentication
- Sessions are JWT-based with server-side validation on every protected request
- All workspace access is scoped to the authenticated session — no cross-user data access
- Publishing platform credentials are encrypted at rest using Google Cloud Secret Manager
Infrastructure
- Backend deployed on Google Cloud Run — containerized, auto-scaling, managed
- Database hosted on Google Cloud SQL (PostgreSQL) with VPC-isolated connectivity
- No direct public database access — all queries go through the application layer
- TLS enforced on all API and frontend traffic
Content and Data
- Generated content is stored in your workspace and scoped to your account
- Content is not used for model training
- Publishing credentials are stored encrypted and never transmitted in plaintext
- API keys are stored in Secret Manager, not in application config or environment variables
Responsible Use
- Review content before publishing — human oversight is part of responsible AI use
- Protect your account credentials — WriterzRoom support will never ask for your password
- Apply domain-appropriate disclaimers — especially for Healthcare, Fintech, and Legal content
- Use the platform for lawful purposes consistent with the Terms of Service
WriterzRoom is not a HIPAA Business Associate by default. If your use case requires HIPAA compliance, contact support before using the platform for protected health information.