Privacy Policy

Last updated: March 27, 2026

InkCloak ("we", "us", "our") operates the inkcloak.com website. This page explains what data we collect, how we use it, and your rights under GDPR and similar regulations.

1. What We Collect

  • Account data (email, name) when you sign up via Google or Telegram OAuth
  • Payment data processed by Stripe — we never see or store your card number
  • Basic usage analytics (page views, feature usage) for product improvement
  • Server logs (IP address, user agent) retained for 30 days for security

2. How We Use Your Data

  • To provide and maintain the service
  • To process payments and manage subscriptions
  • To send transactional emails (account, billing)
  • To improve the product based on aggregate usage patterns

We do not sell, share, or use your data for advertising. We do not train AI models on your data.

3. Detection (Client-Side)

Detection runs entirely in your browser. Your text is never sent to our servers. The detection engine loads as a JavaScript module and processes text locally on your device. No text content is transmitted, logged, or stored during detection.

4. Humanization (Server-Side via Groq/OpenRouter)

For humanization, text is sent to Groq API (or OpenRouter as fallback) for processing and immediately discarded. We do not store your text. Text is transmitted over encrypted HTTPS, processed by the LLM provider, and the result is returned to you. Neither we nor the LLM provider retain your text after the request completes.

We do not sell, share, or use your text for training AI models.

5. Cookies

We use essential cookies for authentication and session management. We may use a privacy-focused analytics tool (such as Plausible or Umami) that does not use cookies and does not track individual users across sites.

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion
  • Server logs: retained for 30 days
  • Payment records: retained as required by tax law (typically 7 years)
  • Text content: not retained (detection is client-side; humanization text is discarded immediately)

7. Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict processing of your data
  • Withdraw consent at any time

You can delete your account and all associated data from Settings at any time.

8. Third-Party Services

  • Supabase — authentication and database (EU data center)
  • Stripe — payment processing (PCI DSS Level 1 compliant)
  • Groq / OpenRouter — LLM API for humanization (text not retained)

9. Contact

For privacy questions or data requests, email us at privacy@inkcloak.com.