Inkline

Effective March 2026

Privacy Policy

This Privacy Policy explains what data Inkline collects, why we collect it, how we use it, and your rights regarding your personal information.

1. Data We Collect

Account information: email address, display name, username, and password (stored as a one-way hash — we never store your password in plain text). Content: writing submissions, feedback reviews, comments, check-ins, goals, and other content you create on the platform. Audit trail data: IP addresses and user-agent strings are recorded alongside content versions to support the content provenance system. This data is used solely for audit trail integrity and security. Usage data: basic interaction metrics to improve the service (page views, feature usage).

2. Why We Collect It

Service operation: to provide, maintain, and improve Inkline. Content provenance: to maintain a verifiable audit trail of when content was created and modified, and by whom. Security: to protect against abuse, detect fraud, and enforce our terms. Communication: to send you transactional emails (verification, password reset) and optional digest emails you can control in your settings.

3. Data Retention

Your account data is retained as long as your account is active. You can request deletion at any time. When you delete your account, personal information is removed. Content version records are anonymised (author identity removed) but the cryptographic hash chain is preserved to maintain audit trail integrity for other users who may have interacted with your content. Session data expires automatically after 7 days of inactivity.

4. Third-Party Processors

We use the following third-party services to operate Inkline: • Resend — transactional email delivery • PostgreSQL hosting provider — database infrastructure (encrypted at rest) We do not sell, rent, or share your personal data with advertisers or data brokers. We will never monetise your content or personal information.

5. Your Rights

You have the right to: • Access your personal data and download your content • Rectify inaccurate personal information • Delete your account and personal data • Object to processing of your data • Data portability — export your content in a standard format To exercise these rights, contact us through the in-app feedback system or via the email listed in our contact information. We will respond within 30 days.

6. Cookies

Inkline uses a single session cookie (session_token) that is essential for authentication. It is HTTP-only, secure in production, and contains no tracking information. We do not use advertising cookies, analytics cookies, or any third-party tracking technologies.

7. Data Security

We implement industry-standard security measures: • Passwords are hashed with Argon2id (one-way, not reversible) • Database connections use TLS encryption in production • The database uses encryption at rest • Private vault content uses application-level AES-256-GCM encryption • Session tokens are cryptographically random and expire automatically No system is perfectly secure. We cannot guarantee absolute security but we take reasonable measures to protect your data.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The effective date at the top of this page indicates when this policy was last revised.

This document is provided for informational purposes and should be reviewed by a qualified attorney before relying on it.