Direct answer guide

Privacy and security for connected writing

Learn what the app displays, what it stores, and how OAuth protects owner-scoped book data.

Direct answer

Direct answer

BookWriter app cards never show manuscript excerpts or internal AI diagnostics. OAuth scopes separate reading, writing, and publishing; every protected call validates the token’s issuer, audience, expiry, and scopes before accessing owner-scoped data.

Visible in cards

Book title, chapter position, accepted counts, goal progress, version/status labels, allowance counters, and safe BookWriter links may appear.

Never visible in cards

Manuscript excerpts, private prompts, model routing, provider names, token usage, cost, raw diagnostics, prompt hashes, credentials, and production identifiers are excluded.

Data boundaries

The conversation receives only the bounded context needed for the requested task. Authenticated BookWriter editors and owner-scoped resources remain the place to inspect full book content.

Connection security

The app uses OAuth authorization code flow with PKCE S256 and a protected-resource audience. Reconnect prompts include the required scope without disclosing private state.

Frequently asked

Do screenshots contain customer writing?

No. Product and reviewer evidence use neutral synthetic titles and compact status only.

Keep going

Continue the connected writing workflow.

Canonical URL: https://www.bookwriter.vip/mcp/guide/privacy-and-security · Updated July 15, 2026