Privacy Policy

Effective date: May 2, 2026 · Last updated: May 2, 2026

This Privacy Policy explains how InkSpaceX ("InkSpaceX", "we", "our", or "us") collects, uses, stores, shares, and protects information when you use the InkSpaceX mobile application, website, and related services (collectively, the "Service"). It also describes the choices you have and how you can exercise your rights.

Plain-language summary. We collect only what we need to run InkSpaceX: your account details, the writing and images you create, basic usage signals, and crash diagnostics. We do not sell your personal data, we do not show third-party ads, and we do not track you across other apps or websites. You own the content you create. You can export or delete your account and your data at any time from inside the app or by emailing privacy@inkspacex.com.

1. Who we are (Data Controller)

The data controller for personal information processed under this Policy is:

Legal entity: InkSpaceX Pvt. Ltd.
Registered office: Juhu Versova Link Road, Mumbai, Maharashtra, India
Privacy queries / data-subject requests: privacy@inkspacex.com
General support: support@inkspacex.com
Legal / DMCA notices: legal@inkspacex.com
Web: https://www.inkspacex.com

2. Scope

This Policy applies to all users of the InkSpaceX mobile app (Android and iOS), the InkSpaceX web app, and our APIs. It does not apply to third-party websites or services that we link to but do not operate (for example, Google's sign-in pages). When you use those services, their own privacy policies govern.

3. Information we collect

We collect only the categories listed below. We do not collect contacts, calendar data, SMS, call logs, precise location, browsing history outside our app, biometrics, or financial-account information.

3.1 Information you provide

Account information. When you sign up with email and password, we collect your email address, a password (stored as a salted bcrypt hash — we never store your plaintext password), and your display name. If you sign in with Google, we receive your name, email address, and profile picture URL from Google's OAuth response. We never receive your Google password.
Profile information. Optional profile photo, bio, and preferences you set inside the app.
Content you create ("Your Content"). The writing, drafts, comments, canvas layouts, bookshelves, bookmarks, highlights, annotations, version history, and images you upload or create through the Service.
Direct messages. Messages and any images you send through the in-app chat. These are stored on our servers so the recipient can receive them and so the conversation can sync across your devices. They are not end-to-end encrypted at this time; please do not use the chat to share information you would not want stored on a server.
Communications with us. If you email support, send a DMCA notice, or otherwise contact us, we keep that correspondence so we can respond and keep a record of the issue.
Personal-dictionary submissions. When you tap "Add to dictionary" on a word the spell-checker underlined, we send only that single word to our backend so it can be queued for review by our editorial team. The submission contains the word, your account ID, and a timestamp — nothing else from your draft, no surrounding sentence, and no other text from your story. Submitted words are never automatically used as a spell-check dictionary; an admin must run an AI-assisted review pass that filters out typos, profanity, slurs, and personal-information patterns before any word is added to the global dictionary that ships to other users. If you do not want a word to be sent at all, simply do not tap "Add to dictionary" — the local underline will return on the next scan, but no copy of the word leaves your device.

3.2 Information collected automatically

Authentication tokens. When you sign in we issue a short-lived access token and a refresh token. These are stored on your device's secure storage (Android Keystore / iOS Keychain on native; localStorage on web) and sent with your API requests.
Reading and engagement signals. Reading progress (which story, which section, scroll position), which stories you opened, liked, bookmarked, or shared, and feed preferences. We use these to sync your reading position across devices and to power personalised recommendations.
Product analytics (first-party, self-hosted). Anonymous behavioural events (for example: screen viewed, book opened, publish tapped) tied to a per-install client_id (a random UUID generated on first launch and stored locally) and a session_id that rolls every 30 minutes of inactivity. These events do not include the contents of your writing, your messages, or your password. After you sign in, the client_id is associated with your account so your pre-login funnel stays connected to your post-login activity. The events are written by code we wrote and sent only to our own backend on Azure (Central India). The app does not embed Firebase Analytics, Google Analytics, Mixpanel, Amplitude, PostHog, AppsFlyer, Adjust, or any other third-party analytics SDK.
Device and technical data. App version, operating system family and version, device model, screen size, language/locale, time zone, and IP address (used transiently to route the request and to detect abuse — not retained as a tracking signal).
Crash and diagnostic logs (first-party, self-hosted). When the app hits an unhandled error, we may upload a stack trace, the error message, and the build/version to our own backend. We strip authentication tokens and request bodies before upload. The app does not embed Firebase Crashlytics, Sentry, Bugsnag, or any other third-party crash-reporting SDK.
Cookies (web only). The web app uses strictly necessary, first-party cookies / localStorage entries for sign-in, session continuity, and remembering UI preferences (theme, sidebar collapsed). We do not use advertising cookies or third-party tracking pixels.

3.3 Information from third parties

Google Sign-In (optional). If you choose to sign in with Google, Google sends us your name, email address, profile picture URL, and a unique Google account ID. We use these only to create or unlock your InkSpaceX account. We do not request access to your Google Drive, Gmail, contacts, calendar, or any other Google service.

4. Permissions we request and why

The app declares only the minimum permissions necessary to function. Each one is requested in context, and you can deny or revoke any of them in your operating system settings.

Permission	Why InkSpaceX needs it	What happens if you deny it
`INTERNET` (Android, declared in manifest)	Required to talk to our backend so that we can sign you in, sync your stories, deliver the public feed, send and receive messages, and run AI assist.	The app cannot function offline-only beyond reading items already downloaded for offline use.
`POST_NOTIFICATIONS` (Android 13+) / Notification permission (iOS)	To show OS-level notifications when someone likes, comments on, or replies to your story, when someone follows you, or when you receive a chat message. Asked the first time a notification is about to be delivered.	You will not receive system tray / lock-screen notifications. The in-app bell still works.
Photo selection (Android Photo Picker / iOS PHPicker)	To let you pick a profile picture, a book cover, a canvas image, or a chat attachment. We use the system photo picker so we never request broad gallery or storage permission — you choose individual images and only those are shared with the app.	You will not be able to set a custom profile photo, cover image, or send image attachments. All other features work.
Network state (implicit, via `connectivity_plus`)	To detect when you go offline so we can show the offline banner and queue your edits in an outbox until connectivity returns.	You may see stale offline banners or unsynced state.

InkSpaceX does not request: camera, microphone, precise location, contacts, SMS, call logs, calendar, accessibility services, device admin, package usage, accounts list, or background location. If a future feature ever requires a new permission, we will update this Policy and ask you in-app before requesting it.

5. How we use your information (purposes & legal bases)

Purpose	Categories used	Legal basis (GDPR)
Create and authenticate your account; keep you signed in across devices.	Account info, authentication tokens.	Performance of the contract (Art. 6(1)(b)).
Store, sync, and back up your content; resolve sync conflicts; offer version history.	Your Content, device info.	Performance of the contract.
Operate the public feed, social features (likes, comments, following, sharing) and direct messages.	Your Content, profile info, engagement signals, messages.	Performance of the contract.
Personalise the feed and recommendations.	Engagement signals, content embeddings (numeric vectors derived from text — see §7).	Legitimate interests (Art. 6(1)(f)) in offering a useful product; you can opt out by disabling personalised recommendations in Feed Preferences.
Send service notifications (replies, messages, follows, security events).	Account info, engagement signals.	Performance of the contract / legitimate interests.
Detect, prevent, and respond to abuse, fraud, spam, and security incidents.	Account info, IP address, device info, content reports.	Legitimate interests; legal obligation where applicable.
Diagnose crashes and improve quality.	Crash logs, device info, anonymous analytics.	Legitimate interests.
Comply with legal obligations and enforce our Terms.	As required by the relevant law or process.	Legal obligation (Art. 6(1)(c)).

6. Sharing of information

We do not sell your personal information and we do not "share" it for cross-context behavioural advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). We disclose information only in the limited situations below.

6.1 With other users

Anything you publish to the public feed (stories, profile name, profile picture, bio) is visible to other authenticated users of InkSpaceX.
Comments, likes, and follows are visible to the relevant audience (the author, the other user, your followers).
Direct messages are visible to the recipient and to any operator support staff with limited break-glass access for abuse / safety investigations (logged and audited).
You can unpublish a story, delete a comment, unfollow a user, or block a user at any time from inside the app.

6.2 With service providers ("processors")

We rely on a small number of vetted infrastructure providers to run the Service. They process data only on our instructions and under written data-processing terms.

Provider	What they do for us	Where data is processed
Microsoft Azure — primary cloud hosting (Linux VM running PostgreSQL, S3-compatible object storage, FastAPI, and Caddy).	Hosts the database, object storage, and API. Stores your account, content (writing, images, canvas layouts), messages, reading signals, analytics events, and crash logs.	Azure region Central India (Pune). If we ever migrate to a different region we will notify you in-app or by email at least 30 days in advance and update this Policy.
Microsoft Azure — Azure OpenAI Service.	Powers the optional AI assist features: writing suggestions, summarisation, recommendations, and spell-check. See §7.	Azure OpenAI deployment configured for our tenant. Per Microsoft's enterprise terms, your prompts and completions are not used to train OpenAI's foundation models.
Google LLC — Google Sign-In (only if you choose it).	Verifies your Google identity and returns your name, email address, and profile-picture URL to us.	Per Google's infrastructure (global).
Google LLC — Firebase Cloud Messaging (FCM v1) for Android push notifications.	Delivers OS-level push notifications (likes, comments, follows, chat messages) to your Android device when the app is in the background or closed. We send Google a device push token (registered via the FCM SDK on the device) and the notification payload (title, body, deep-link target). We do not send the contents of your stories or your messages — only a short notification body.	Google's global infrastructure.
Apple Inc. — Apple Push Notification service (APNs) for iOS push notifications.	Same purpose as FCM, for iOS devices. We send Apple a device push token and the notification payload.	Apple's global infrastructure.
Google Fonts (CDN — web only).	Serves font files to the web app. The browser fetches fonts directly from Google's CDN, which receives the request IP and user-agent.	Google CDN (global).

What is not in this list — and why. InkSpaceX does not embed any third-party analytics or crash-reporting SDK in the mobile or web build (no Firebase Analytics, Google Analytics, Crashlytics, Sentry, Mixpanel, Amplitude, Meta SDK, AppsFlyer, Adjust, Branch, or similar). The product analytics described in §3.2 and the crash logs described in §3.2 are sent only to our own backend running on Azure (Central India). No third party sees those events.

6.3 Legal, safety, and corporate transactions

Legal process. We may disclose information if required by a valid legal process (e.g., subpoena, court order) or to comply with applicable law. Where allowed, we will notify you first.
Safety. We may disclose information when we believe in good faith that it is necessary to prevent imminent harm, to investigate fraud or security incidents, or to protect the rights, property, or safety of InkSpaceX, our users, or the public.
Business transfers. If InkSpaceX is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (in-app or by email) if the new owner intends to materially change how your data is handled, and you will have the opportunity to delete your account before any such change takes effect.

7. AI features (generative AI)

Some optional features inside InkSpaceX use generative AI to assist your writing — for example, suggesting a continuation, rewriting a passage, summarising a chapter, generating tag suggestions, or scoring spelling. When you invoke one of these features:

The relevant excerpt of your text (and, where applicable, a short surrounding context) is sent from our backend to Microsoft's Azure OpenAI Service.
We do not send your email address, password, or other identifying account fields to the model provider.
Per Microsoft's Azure OpenAI terms, your prompts and completions are not used to train OpenAI's foundation models.
Embeddings (numeric vectors derived from text — used for "more like this" and recommendations) are computed in the same way and stored alongside the source content in our database.
AI suggestions can be wrong or inappropriate. Treat them as a draft, not as fact, and review before publishing.
You can avoid sending content to the AI provider by simply not invoking the AI features.

8. Data retention

Account data & content. Retained for as long as your account is active.
Account deletion. When you delete your account (see §9), we erase your account, profile, draft and unpublished content, bookmarks, reading progress, follows, blocks, direct messages, and engagement data from production systems within 30 days. Encrypted, time-limited backups are purged on their normal rotation, no longer than 90 days after deletion.
Published content. If you only delete a single post, copies cached by other users (e.g., offline downloads on someone else's device) are removed on their next sync but cannot be retracted from a device that is permanently offline. Other users' replies and quoted snippets that exist as part of the public conversation may persist in anonymised form.
Logs and analytics. Crash logs and anonymous product analytics are retained for up to 13 months, then deleted or fully aggregated.
Personal-dictionary submissions. The raw user-and-word rows in our dictionary_submissions table are kept until they have been reviewed (rejected or accepted) by an admin, plus a 12-month audit window to defend the curation pipeline against bias-and-safety complaints. After that window, your account ID is unlinked from the row — the word remains in our review history in fully anonymous form so we can track classifier accuracy, but it can no longer be tied back to you. The merged global dictionary itself contains no user identifiers.
Legal retention. We may retain a minimal record longer where law requires (e.g., tax records for paid plans, abuse-investigation evidence, or to defend legal claims).

9. Your rights and choices

You have the following rights, regardless of where you live, and we will honour them globally:

Access. Get a copy of the personal information we hold about you.
Correction. Fix inaccurate data — most fields you can edit yourself in Profile → Edit profile.
Deletion. Delete your account and associated data.
Export / portability. Receive a machine-readable export of your stories, comments, and bookmarks.
Object / restrict. Object to processing based on legitimate interests (e.g., personalised recommendations) — turn it off in Settings → Feed Preferences, or email us.
Withdraw consent. Where we rely on consent (e.g., notifications), you can withdraw it at any time in your OS settings or in-app.
Lodge a complaint. If you are in the EEA, UK, or Switzerland, you may complain to your local supervisory authority. We would appreciate the chance to address your concern first — privacy@inkspacex.com.

9.1 How to delete your account and data

You can request deletion in either of two ways. Both result in the same outcome described in §8.

In-app: open Profile → Settings → Account → Delete account. You will be asked to confirm.
By email: write to privacy@inkspacex.com from the email address on your account, with the subject line "Delete my account". We will verify and process the request within 30 days.

You can also delete your account from the web at https://www.inkspacex.com/account/delete without re-installing the app.

9.2 California residents (CCPA/CPRA)

If you are a California resident, you have the right to know, the right to delete, the right to correct, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioural advertising, so there is nothing to opt out of, but you can still exercise the other rights through §9.1. We will not discriminate against you for exercising your rights.

9.3 EEA / UK residents (GDPR)

The legal bases on which we process data are listed in §5. You have the rights of access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority. Our EU/UK representative can be contacted at privacy@inkspacex.com.

9.4 India residents (DPDP Act, 2023)

If you are in India, you have the right to access, correct, complete, update, and erase your personal data, and to nominate another individual to exercise these rights in case of your death or incapacity. Contact our Grievance Officer at privacy@inkspacex.com.

10. International data transfers

Our primary infrastructure is hosted on Microsoft Azure in the Central India (Pune) region. Some processors operate global networks, which means parts of your data may be transferred to and processed in countries other than your own:

Google Sign-In, Firebase Cloud Messaging, and Google Fonts — Google's global infrastructure (including the United States).
Apple Push Notification service — Apple's global infrastructure (including the United States).
Azure OpenAI Service — within the Azure tenant region we configure (Microsoft data-center).

Where these transfers leave the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or the EU–US / UK–US Data Privacy Framework, as applicable. For users in India, transfers are made consistently with the cross-border-transfer rules of the Digital Personal Data Protection Act, 2023.

11. Security

We take security seriously. The technical and organisational measures we use include:

TLS 1.2+ (HTTPS) for all traffic between the app and our servers.
Bcrypt password hashing — we never store plaintext passwords.
Short-lived JWT access tokens with refresh-token rotation; tokens stored in OS-level secure storage on native platforms.
Per-user data sandboxing on the device (offline outbox is keyed per user; one user's queued operations cannot be drained under another user's auth).
Encryption at rest for the database and object store, where the underlying provider supports it.
Owner-only access controls on private content, enforced server-side.
Time-limited, encrypted backups; rotated on a schedule.
Restricted, audited employee access; principle of least privilege.

No system is perfectly secure. If we ever discover a personal-data breach affecting you, we will notify you and the relevant authorities as required by applicable law.

12. Children's privacy

InkSpaceX is not directed to children under 13 (or, in the EEA / UK, under 16 where local law sets that as the digital-age threshold). We do not knowingly collect personal information from children below those ages. If we learn that we have inadvertently collected personal information from a child below the applicable threshold, we will delete it and terminate the account. If you believe a child has provided us with information, please email privacy@inkspacex.com and we will act promptly.

InkSpaceX is not a "child-directed" app under the U.S. Children's Online Privacy Protection Act (COPPA) and is not designed to be appealing primarily to children.

13. Notifications

OS-level notifications are off by default. The first time we are about to deliver one, the operating system will ask for your consent (Android 13+ uses POST_NOTIFICATIONS; iOS uses the standard notification prompt). You can change your mind at any time in your device settings or under Settings → Notifications in the app. Disabling notifications has no other effect on the Service.

14. Cookies and similar technologies (web)

The web app uses only strictly necessary, first-party storage:

localStorage entries for your auth tokens, theme preference, and last-opened editor state.
A short-lived OAuth state cookie to protect the Google sign-in flow against CSRF.

We do not use third-party advertising cookies, fingerprinting, session-replay scripts, or cross-site tracking pixels. The web app does not show consent banners because it does not operate any non-essential trackers; if that ever changes, we will post a banner and seek your consent first.

15. Do Not Track

The Service does not change behaviour based on the browser-level "Do Not Track" signal because it does not track you in the first place. We honour Global Privacy Control (GPC) signals where they apply.

16. Third-party links

Stories on InkSpaceX may contain hyperlinks to third-party websites. Clicking those links takes you outside the Service; we are not responsible for the content or privacy practices of those websites.

17. Changes to this Policy

We may update this Policy as the Service evolves. If we make a material change, we will notify you by an in-app banner or by email at least 30 days before it takes effect, and we will update the "Last updated" date at the top. Continued use of the Service after the effective date means you accept the updated Policy. If you don't, you can delete your account at any time under §9.1.

18. Contact us

Questions, requests, or concerns about this Policy or our handling of your information:

InkSpaceX — Privacy
Email: privacy@inkspacex.com
Web: https://www.inkspacex.com