Inkroy — Privacy Policy

Effective Date: May 30, 2026 Last Updated: June 8, 2026

1. Introduction

This Privacy Policy explains how Inkroy (the "Service," "we," "us," or "our") collects, uses, shares, retains, and protects information when you use our mobile application and related services.

By using Inkroy, you agree to the collection and use of information in accordance with this Policy. If you do not agree, do not use the Service.

This Policy is incorporated into our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.

2. Who We Are and How to Reach Us

Inkroy is operated by the individual or entity identified in the Apple App Store / Google Play Store listing.

General contact: support@inkroy.com
Privacy contact: privacy@inkroy.com
Data deletion requests: privacy@inkroy.com (or use Settings → Delete account in the app, which removes most data immediately and automatically)

3. Information We Collect

3.1 Information You Provide Directly

Account information. When you sign in with Apple or Google, we receive your provider-issued user ID, your email address (which may be a private-relay address if you choose Apple's "Hide My Email"), and — when made available by the provider on your first sign-in — your name and profile photo.
Onboarding answers. Pain points you select, niche you create in, your approximate follower tier, your editing goal, and your self-reported edit experience.
Video Edits. Video files you upload from your device's photo library or camera roll for AI analysis. We refer to these as "User Content."
Display name edits and other in-app inputs. You may rename analyses; we store the renamed string.
Support correspondence. Messages, emails, and screenshots you send us.

3.2 Information We Generate

Derived media artifacts. From your uploaded Edit, we extract: video metadata (duration, dimensions, codec, frame rate), scene-change timestamps, ten keyframe thumbnails, and audio tracks (one for transcription, one for music identification).
AI-generated outputs. Per-category scores, a composite score, tier, technique tags, story-beat analysis, narrative insights, transcription text, recognized music metadata.
Pipeline operational data. Processing status, stage durations, error codes, and (where applicable) per-agent processing costs for our internal accounting.

3.3 Information We Collect Automatically

Device identifiers. A device identifier (device_id) generated by the app and stored on your device, used to correlate anonymous-session activity with your eventual signed-in account.
Subscription state. Plan tier (Pro / Max), billing period start/end, status (active / canceled / expired / grace_period / paused), mirrored from RevenueCat. We do not receive your payment card details — those stay with Apple.
Crash and diagnostic reports. When enabled in a future release, anonymized stack traces and breadcrumb event sequences for debugging purposes.
Product analytics. When enabled in a future release, anonymized event metrics (which screens were viewed, taps on key buttons, funnel completion) for product improvement.

3.4 Information We Do Not Collect

We do not collect your contacts.
We do not collect your precise location.
We do not access your camera roll beyond the specific video you select via the system picker.
We do not collect health data, financial account data, or sensitive personal information beyond what's described above.

4. How We Use Information

We use the information we collect to:

Provide the Service. Run our multi-agent AI pipeline on your uploaded Edit, generate scores and feedback, surface results in the app, and produce share cards you initiate.
Operate your account. Authenticate you, store your preferences, track your subscription status, manage your credit balance, and enable account recovery.
Improve the Service. Aggregate anonymized usage patterns to improve scoring accuracy, fix bugs, and prioritize new features.
Communicate with you. Send transactional messages (analysis completion notifications, subscription receipts, security alerts) and respond to your support requests.
Comply with law. Respond to lawful legal process, enforce our Terms, and protect against fraud, abuse, and security threats.

4.1 AI Processing — Important Disclosure

Your uploaded Edits are processed by both our own systems and third-party AI providers (see Section 6). Specifically:

Keyframe images extracted from your Edit are sent to Google AI (Gemini 2.5 Flash) for visual analysis.
The audio track from your Edit is sent to OpenAI (Whisper) for speech transcription.
A short audio sample is sent to RapidAPI Shazam Core for music identification.
Per-agent text inputs (the extracted metadata and observations) are sent to Anthropic (Claude Sonnet 4.6) for technique classification, insight generation, and quality control.

These providers act as our subprocessors. By their published API terms, none of them use your inputs to train their models. See Section 6 for details.

4.2 What We Do Not Use Your Data For

We do not sell your personal information.
We do not use your User Content to train any AI model (ours or third parties').
We do not share your User Content with advertisers or marketers.
We do not use your Edits to populate any public-facing gallery, feed, or showcase without your explicit per-Edit consent.

5. Legal Bases for Processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing your information include:

Contract. Processing necessary to provide the Service you've subscribed to.
Consent. Where you've given explicit consent (e.g., for optional analytics or notifications you've opted into).
Legitimate interests. Improving the Service, preventing fraud and abuse, securing our systems — balanced against your rights.
Legal obligation. Complying with applicable law.

You may withdraw consent at any time where consent is the basis. See Section 8 (Your Rights).

6. Subprocessors and Sharing

We share information with the following categories of third parties:

6.1 Service Providers (Subprocessors)

Provider	Role	Data Shared	Provider's Privacy Page
Apple, Inc.	App distribution, Sign in with Apple, in-app purchases	Account identifier, purchase records	`apple.com/legal/privacy/`
Google LLC	Sign in with Google, Gemini AI vision analysis	Account identifier (sign-in); keyframe images (Gemini)	`policies.google.com/privacy`
Anthropic, PBC	Claude AI for text generation (technique classification, insights, QC)	Pipeline metadata, observation strings, scoring inputs	`anthropic.com/legal/privacy`
OpenAI, L.L.C.	Whisper API for audio transcription	Audio track extracted from your Edit	`openai.com/policies/privacy-policy`
RapidAPI / Tipsters Shazam Core	Music identification	Short audio sample (~30s, MP3)	`rapidapi.com/legal/privacy-policy`
Modal Labs, Inc.	Containerized compute for FFmpeg media extraction	Your Edit (transiently, deleted within seconds)	`modal.com/legal/privacy`
Supabase, Inc.	Database, authentication, file storage backend	Account record, analyses, transient storage of your Edit	`supabase.com/privacy`
RevenueCat, Inc.	Subscription state management	Account identifier, subscription events	`revenuecat.com/privacy`
Expo / EAS	App build and over-the-air update infrastructure	No User Content — only build artifacts	`expo.dev/privacy`
Inngest, Inc.	Pipeline orchestration	Pipeline event metadata (not your video content)	`inngest.com/privacy`
Sentry, Inc. (when enabled)	Crash and error reporting	Anonymized stack traces, breadcrumb metadata	`sentry.io/privacy`
PostHog, Inc. (when enabled)	Product analytics	Anonymized event metrics	`posthog.com/privacy`

Each subprocessor is contractually limited to processing your data only on our instructions and only for the purpose listed above.

6.2 Legal and Safety Disclosures

We may disclose information if we reasonably believe it is necessary to:

Comply with a lawful subpoena, court order, or other legal process;
Enforce our Terms of Service;
Protect the rights, property, or safety of Inkroy, our users, or the public;
Investigate and prevent fraud, security incidents, or abuse.

6.3 Business Transfers

If Inkroy is involved in a merger, acquisition, financing, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you (e.g., via email and/or a prominent notice in the app) of any change in ownership or material change in use of your information.

7. Data Retention

Our retention model is designed to minimize what we keep:

Data Type	Retention
Original uploaded video file (mp4/mov)	Deleted from our servers after processing — within minutes when an analysis succeeds, and within two hours in every case (including failed or canceled analyses). Not retained.
Extracted audio (WAV / MP3)	Deleted from our servers within two hours of processing. Not retained.
Keyframe thumbnails (JPEG)	Cached on your device and removed from our servers once your device has downloaded them. Any not downloaded are automatically purged from our servers within 7 days. The on-device cache can be wiped anytime via Settings → Clear all analyses, which also deletes any remaining server-side copies.
Analysis row in database	Persistent until you delete it (Settings → Clear all analyses) or delete your account (Settings → Delete account).
Account record	Persistent until you delete your account.
Subscription event log	Retained for a reasonable period (typically 24 months) for tax, audit, and dispute purposes.
Server logs	Retained for up to 30 days for operational and security purposes, then automatically purged.
Crash and analytics events (when enabled)	Retained per the provider's defaults (typically 30 days for crash data, 12 months for analytics).

When you delete your account, we permanently delete your account record, all analyses, your credit balance, your subscription record (server-side), and your stored profile information. Backup snapshots may retain residual data for up to 30 additional days before being overwritten.

8. Your Rights and Choices

Depending on where you live, you have some or all of the following rights:

Access. Request a copy of the personal information we hold about you.
Correction. Request correction of inaccurate information.
Deletion. Request deletion of your account and associated data. You can do this immediately via Settings → Delete account within the app.
Portability. Receive a structured, machine-readable export of your information.
Objection / Restriction. Object to or restrict certain processing of your information.
Withdraw consent. Withdraw consent where processing is based on consent.
Opt-out of "sale" or "sharing" of personal information. (We do not sell or share personal information for cross-context behavioral advertising. See Section 11.)
Lodge a complaint with a data protection authority in your jurisdiction.

To exercise any of these rights, email us at privacy@inkroy.com. We will respond within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before fulfilling certain requests.

We will not discriminate against you for exercising your rights.

9. Children's Privacy

Inkroy is intended for users age 13 and older. We do not knowingly collect personal information from anyone under 13.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, contact us at privacy@inkroy.com and we will delete it.

For users between 13 and 17, we recommend parental review of these documents before use.

10. Security

We use industry-standard technical and organizational measures to protect your information:

All connections to our servers use HTTPS / TLS encryption.
User data is stored in Supabase's managed Postgres database with row-level security policies that prevent users from reading or modifying other users' data.
API keys, secrets, and credentials are stored in encrypted secret managers, not in source code.
Communication between backend services uses HMAC-signed requests where applicable.
We restrict employee and contractor access to user data on a need-to-know basis.

No system is perfectly secure. We cannot guarantee absolute security of your information.

11. California-Specific Disclosures (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA") gives you specific rights regarding your personal information.

Categories of personal information collected: identifiers (account ID, email, device ID), commercial information (subscription status), internet or other network activity (anonymized analytics), audio and visual information (your uploaded Edits, transiently), inferences drawn from the above (AI-generated scores and feedback). See Section 3 for details.
Sources: directly from you, from your device, from Apple/Google (for sign-in), from RevenueCat (for subscription state).
Business purposes: providing the Service, security, debugging, complying with legal obligations, accounting, paying vendors. See Section 4.
Categories disclosed to service providers: see Section 6.1.

Right to know, delete, correct. You have the right to request access, deletion, or correction of your personal information. Email privacy@inkroy.com.

No sale or sharing. We do not sell your personal information for monetary consideration, and we do not share your personal information for cross-context behavioral advertising. Therefore, we do not currently honor "Do Not Sell or Share" requests because there is nothing to opt out of. If this changes, we will update this Policy.

Sensitive personal information. We do not collect or use "sensitive personal information" as defined by CPRA except as needed to provide the Service you've requested (e.g., account credentials for authentication).

Retention. See Section 7.

Non-discrimination. We will not deny, charge different prices for, or provide a different level of service if you exercise your CCPA rights.

Authorized agents. If you use an authorized agent to make a request on your behalf, we may require verification of the agent's authority.

12. International Data Transfers

Inkroy is operated primarily from the United States, and our subprocessors are based in the United States and other jurisdictions. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries that may have different data protection laws than your country.

For users in the EEA or UK, where we transfer personal data outside those regions, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses, adequacy decisions) where required by law.

13. Cookies and Tracking

The Inkroy mobile app does not use browser cookies (it is a native app, not a web app). Our companion landing site at inkroy.com may use minimal first-party cookies for essential site functionality (e.g., session management) and basic analytics; the landing site does not currently use third-party advertising or tracking cookies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service and update the "Last Updated" date at the top of this document. We encourage you to review this Policy periodically.

Your continued use of the Service after a change becomes effective constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, complaints, or requests regarding this Privacy Policy or our handling of your information:

Email: privacy@inkroy.com
General support: support@inkroy.com

For users in the EU/EEA: you have the right to lodge a complaint with the data protection authority in the EU member state where you reside or where the alleged infringement took place.