Your story stays yours.

Read it your way. Plain English, or the full legal version.

Last updated: May 2026

The short version

If you only read one section of any privacy policy ever, let it be this one.

Your novel lives on your device. Inkspire is local-first. We don't need a copy of your manuscript to function.
Cloud sync is opt-in. If you enable it, encrypted copies of your projects pass through our servers so your other devices and collaborators can read them.
We never train AI on your writing. When you use Rose AI, your request is sent to OpenAI's API with their no-training policy enforced. Your text is never used as training data — not by us, not by them.
We don't track you. No Google Analytics. No Facebook pixels. No third-party trackers on the homepage or inside the app.
We collect the bare minimum. Account: email and a random UUID. Payments: handled by Stripe — we never see your card. Crash reports: opt-in, anonymized.
We never sell your data. Not to advertisers, not to data brokers, not to anyone. There's nothing to sell because we don't collect it.
You can leave anytime. Export everything as EPUB, PDF, DOCX, HTML or Markdown. Delete your account and we wipe your data from our servers within 30 days.
Questions? Ask a human. privacy@inkspire.sh goes to one of the two devs. You'll get a real reply.

1. Who we are

Inkspire ("we", "us", "our") is a writing application operated by Inkspire HB, a Swedish trading partnership. Our contact address is hello@inkspire.sh. For privacy-specific matters, write to privacy@inkspire.sh.

This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and equivalent local laws.

2. Data we collect

2.1 Account data

When you create an Inkspire account we store: a randomly generated UUID, an email address (optional, for password recovery and collaboration invites), a hashed password, your preferred language, and the date your account was created.

2.2 Project data (sync)

If you opt into cloud sync, copies of your projects (documents, folders, metadata, version snapshots, comments) are stored on our servers so your other devices and authorized collaborators can read them. Cloud sync can be disabled at any time in the app settings.

2.3 Payment data

All payments are processed by Stripe. We receive a transaction ID, the amount paid, the currency, and the last four digits of your card. We never receive your full card number or CVV.

2.4 AI usage data

When you use Rose AI features, the prompt you submit and a small amount of contextual data (such as the active chapter) are sent to OpenAI through their API. We retain a counter of how many AI requests you have made for billing and abuse-prevention purposes; we do not retain the content of those requests.

2.5 Diagnostic data

If you opt in, anonymized crash reports may be sent to our error-reporting service. Reports never contain manuscript content.

3. Legal basis & purposes

We process your data on the following lawful bases under Article 6 GDPR: (a) performance of a contract for account, payment and sync data necessary to deliver the service; (b) legitimate interest for fraud prevention and aggregate, anonymized service-improvement statistics; (c) consent for optional features such as diagnostic reporting and marketing emails.

4. Sharing & subprocessors

We use the following subprocessors: Stripe (payments, EU/US), OpenAI (AI features, US — no-training agreement in place), Hetzner (server hosting, EU), Cloudflare (CDN and DDoS protection, global). We do not share your data with advertisers, data brokers, or any other third party for marketing purposes.

5. International transfers

Most of our infrastructure is in the European Union. Transfers to OpenAI and Stripe US entities are protected by Standard Contractual Clauses approved by the European Commission.

6. Retention

Account and synced project data is retained for as long as your account is active. When you delete your account, all associated personal data is removed from our production systems within 30 days and from backups within 90 days. Anonymized billing records may be retained for up to 7 years to comply with Swedish accounting law.

7. Your rights

You have the right to access, rectify, erase, restrict processing of, and port your personal data. You can exercise most of these rights directly inside the app (Settings → Account). For anything else, write to privacy@inkspire.sh. You also have the right to lodge a complaint with your local data protection authority — in Sweden, the Integritetsskyddsmyndigheten (IMY).

8. Cookies & tracking

The Inkspire website (inkspire.sh) sets a single first-party cookie to remember your preferred language. It does not use any third-party analytics, advertising or tracking cookies. The Inkspire application does not use cookies at all.

9. Children

Inkspire is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, please email privacy@inkspire.sh and we will delete it.

10. Changes

We may update this policy. If we make material changes, we will notify you by email (where you have provided one) and inside the application at least 30 days before the changes take effect. Continued use of Inkspire after that constitutes acceptance.

11. Contact

For any privacy-related question or to exercise your rights: privacy@inkspire.sh.

← back to inkspire.sh