Privacy Policy

Last updated: April 16, 2025

Overview

Inkury Pty Ltd ("we", "us", "our") operates the Inkury document editing platform. This Privacy Policy explains what data we collect, why we collect it, and how we protect it. We believe in being direct: we collect the minimum data needed to provide the Service, and we do not sell your data to anyone.

1. Data we collect

Account information

When you create an account, we collect your name, email address, and password (stored as a salted hash). If you subscribe to a paid plan, we collect billing information through our payment processor (Stripe). We do not store credit card numbers on our servers.

Document content

Documents you create are stored locally on your device first. When you use sync features, encrypted copies are transmitted to our servers. We access document content only to provide the Service (sync, collaboration, search) and never for advertising or profiling.

Usage data

We collect anonymous usage metrics to improve the Service: pages visited, features used, error reports, and performance measurements. We do not track which documents you open or what you write in them.

2. How we use your data

Provide, maintain, and improve the Service
Process payments and manage subscriptions
Send transactional emails (account verification, password resets, billing)
Respond to support requests
Detect and prevent fraud or abuse
Comply with legal obligations

We do not use your data for advertising. We do not sell your data. We do not share your document content with third parties except as needed to provide the Service (for example, our hosting provider stores encrypted data on our behalf).

3. Data storage and security

Documents are encrypted at rest (AES-256) and in transit (TLS 1.3). Our servers are hosted in Australia by default, with optional data residency in the US and EU for Enterprise customers. We conduct regular security audits and maintain access controls that limit which team members can access production systems.

4. Third-party services

We use the following third-party services:

Stripe -- payment processing
Postmark -- transactional email delivery
Sentry -- error tracking (no document content is sent)

Each third-party service processes only the minimum data required for its function. We have data processing agreements with each provider.

5. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. We do not use third-party analytics services that place cookies on your browser.

6. Your rights

You have the right to:

Access your personal data
Export all your data at any time
Correct inaccurate personal data
Delete your account and all associated data
Object to data processing where we rely on legitimate interest

To exercise any of these rights, email privacy@inkury.com. We will respond within 30 days.

7. Data retention

We retain your account data for as long as your account is active. When you delete your account, we remove your personal data and document content from our servers within 30 days. We may retain anonymised usage data indefinitely for product improvement.

8. Children

Inkury is not intended for children under 16. We do not knowingly collect data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 14 days before they take effect.

10. Contact

For privacy-related questions or requests, contact us at privacy@inkury.com.

Inkury Pty Ltd, Sydney, Australia.