Privacy Policy

Effective Date: December 11, 2025

1. Introduction

This Privacy Policy explains how Inkwren collects, uses, and protects personal data.

"Inkwren," "we," or "us" refers to Inkwren LLC, a Colorado company.

Contact: privacy@inkwren.com

2. Personal Data We Collect

2.1 Account Information

  • Name
  • Email address
  • Password hash
  • Email verification status

2.2 Organization & Workspace Data

  • Organization names and tiers
  • Workspace names and settings
  • Membership and role assignments

2.3 Catalog Data You Enter

  • Stories, publications, contracts
  • Contributor information and pen names
  • Series, genres, tags
  • Submission records
  • Images (covers, logos)
  • Notes and metadata

2.4 Technical Data

  • IP address
  • Browser and device information
  • Authentication and access logs
  • Usage metrics

3. Cookies

We use only essential cookies required for authentication.

Cookie Name Purpose Type
session Authenticates your user session Essential

Inkwren does not set analytics cookies. Product analytics are collected server-side.

4. How We Use Data

We use personal data to:

  • Provide and secure the Service
  • Authenticate users
  • Manage organizations and workspaces
  • Store and display Your Content
  • Send transactional emails
  • Improve reliability and usability
  • Prevent fraud and abuse
  • Comply with legal obligations

We do not sell personal data.

5. Legal Bases (GDPR)

For EU/UK users, processing is based on:

  • Contract
  • Legitimate interests
  • Consent (where applicable)
  • Legal obligations

6. Third-Party Processors

We use the following processors:

  • Linode — hosting and managed PostgreSQL
  • Postmark — transactional email
  • AWS SES (Sendy) — marketing email
  • PostHog — server-side analytics
  • Stripe — payment processing

Processors operate under data protection agreements.

International Data Transfers

Personal data may be processed or stored outside your country of residence, including in the United States.

Where required under GDPR or other applicable laws, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms to protect international data transfers.

7. Data Retention

If you delete your account:

  • Most personal data is removed from active systems within 30 days
  • Database backups may retain data for up to 7 days
  • Billing and legal records are retained as required by law (typically 7 years)

You may export your data at any time using the Service's built-in export features before account deletion.

8. Your Rights (EU/UK)

You may request to:

  • Access your data
  • Correct inaccuracies
  • Delete data
  • Restrict or object to processing
  • Port your data
  • Withdraw consent

Email privacy@inkwren.com to exercise these rights.

We will respond to verified requests within 30 days, or sooner where required by applicable law.

9. Analytics & Opt-Out

Inkwren uses server-side analytics via PostHog.

If you wish to opt out of analytics processing, contact privacy@inkwren.com, and we will disable analytics for your account.

10. Security

We implement reasonable technical and organizational measures, including:

  • HTTPS encryption
  • Secure password hashing
  • Role-based access controls
  • Database and file access protections

No system is perfectly secure.

11. Children's Privacy

Inkwren is not intended for users under 18. We do not knowingly collect data from minors.

12. Automated Decision-Making

We do not use automated decision-making or profiling with legal or significant effects.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated.

14. Data Protection Officer

We do not currently designate a Data Protection Officer under GDPR, as we are not required to do so based on the nature and scale of our processing activities.

For all privacy-related inquiries, please contact privacy@inkwren.com.

15. Contact

Privacy questions: privacy@inkwren.com
Legal notices: legal@inkwren.com

← Back to Legal