Skip to main content
Inkline
← Back to home

Privacy Policy

Last updated: March 4, 2026

Notice: This document is a draft and should be reviewed by a qualified attorney before being relied upon as a legally binding privacy policy.

1. Introduction

Inkline ("we," "us," or "our") operates the Inkline platform located at https://inkline-docs.vercel.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a secure hash; we never store plaintext passwords)
  • Company name (optional)
  • Company logo (optional, uploaded to secure storage)

2.2 Proposal Content

When you create proposals, we store:

  • Proposal text, sections, and formatting
  • Line items, pricing, and payment terms
  • Client information you include in proposals (name, company, email)
  • Any files or images you upload as part of a proposal

2.3 Digital Signature Data

When a proposal recipient signs a proposal, we collect:

  • The signature image (drawn or typed)
  • The signer's name
  • The signer's IP address
  • The timestamp of the signing event
  • Selected line items at the time of signing

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVV codes, or other sensitive payment card data on our servers. We do store:

  • Stripe session identifiers
  • Payment amounts and currency
  • Payment status (pending, completed, failed)
  • Transaction timestamps

2.5 Usage and Technical Data

We automatically collect certain technical information when you use the Service, including:

  • Browser type and version
  • Operating system
  • IP address
  • Pages visited and actions taken within the Service
  • Date and time of access
  • Referring URL

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your proposals, signatures, and payments
  • Generate AI-powered proposal content based on your inputs
  • Send transactional emails (proposal notifications, payment confirmations)
  • Authenticate your identity and protect your account
  • Respond to your support requests and inquiries
  • Improve the Service, including analyzing usage patterns and fixing bugs
  • Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services

We rely on trusted third-party service providers to operate the Service. Each provider has access only to the data necessary to perform its function:

4.1 Supabase (Database, Authentication, and File Storage)

Supabase provides our database infrastructure, user authentication, and file storage. All account data, proposal content, and uploaded files are stored in Supabase's managed PostgreSQL database and object storage. Supabase processes your email address and password hash for authentication purposes.

Supabase Privacy Policy

4.2 Stripe (Payment Processing)

Stripe processes all payments made through the Service. When you or a proposal recipient makes a payment, Stripe collects and processes payment card information directly. We never receive or store full card numbers. Stripe is PCI-DSS Level 1 certified.

Stripe Privacy Policy

4.3 OpenAI (AI Proposal Generation)

When you use the AI proposal generation feature, the information you provide (such as project descriptions, client details, and scope of work) is sent to OpenAI's API to generate proposal content. We send only the data necessary for content generation. OpenAI's API data usage policy states that data sent via the API is not used to train their models.

OpenAI Privacy Policy

4.4 Google Workspace (Email Delivery)

We use Google's SMTP service (Gmail) to deliver transactional emails on our behalf, including proposal notifications, verification codes, and payment confirmations. Google processes recipient email addresses and email content necessary for delivery.

Google Privacy Policy

4.5 Vercel (Hosting and Analytics)

Vercel hosts the Service and may collect basic analytics data including page views, performance metrics, and geographic distribution of traffic. This data is used to ensure the reliability and performance of the Service.

Vercel Privacy Policy

5. Cookies and Local Storage

The Service uses cookies and browser local storage for the following purposes:

  • Authentication cookies: To keep you signed in and maintain your session. These are essential for the Service to function and cannot be disabled.
  • Local storage: To store user preferences such as sidebar state and interface settings. This data remains on your device and is not transmitted to our servers.

We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active. Deleted within 30 days of account termination unless legally required to retain.
  • Proposal content: Retained while your account is active. You may delete individual proposals at any time.
  • Signature data: Retained as long as the associated proposal exists, as signatures serve as a record of agreement.
  • Payment records: Retained for a minimum of 7 years to comply with financial record-keeping requirements.
  • Usage logs: Retained for up to 90 days for security and debugging purposes, then automatically purged.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Export: Request a machine-readable copy of your data (data portability).
  • Restriction: Request that we limit the processing of your personal data in certain circumstances.
  • Objection: Object to our processing of your personal data for certain purposes.

To exercise any of these rights, please contact us at support@inkline-docs.vercel.app. We will respond to your request within 30 days.

8. Data Security

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of data at rest in our database
  • Row-level security (RLS) policies ensuring users can only access their own data
  • Secure password hashing using industry-standard algorithms
  • Regular security updates and dependency audits
  • Access controls limiting employee access to production data

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 18, please contact us immediately at support@inkline-docs.vercel.app.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States, where our service providers operate. These countries may have different data protection laws than your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers maintain infrastructure.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@inkline-docs.vercel.app