Privacy Policy
Last updated: March 10, 2026
1. Introduction
InkStantAI ("we," "us," or "our") operates the website inkstantai.com and provides AI-powered book generation services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws worldwide.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Data Controller
InkStantAI is the data controller responsible for your personal data. For any privacy-related inquiries, you can contact us at:
- Email: privacy@inkstantai.com
- Website: inkstantai.com
3. Information We Collect
3.1 Account Information
When you create an account, we collect:
- Name β your full name as provided during registration or via Google OAuth
- Email address β used for account access, communication, and notifications
- Password β stored as a cryptographic hash (we never store plain-text passwords)
- Profile picture β if you sign in with Google OAuth, we receive your Google profile image
3.2 Authentication Data (Google OAuth)
If you choose to sign in with Google, we receive the following from Google:
- Your Google account ID
- Name and email address associated with your Google account
- Profile picture URL
We do not receive or store your Google password, contacts, calendar, or any other Google data beyond what is listed above.
3.3 Payment Information
Payment processing is handled entirely by Stripe, Inc. When you subscribe to a paid plan, Stripe collects and processes your payment card details. We never see, store, or have access to your full credit card number. We only receive from Stripe:
- Stripe customer ID (an anonymous identifier)
- Subscription status and plan tier
- Payment history (amounts, dates, success/failure status)
- Last four digits of your card (for display purposes only)
3.4 Content You Provide
When you use our book generation service, we collect:
- Book topics β the subjects you submit for book generation
- Generation preferences β language, page count, tone, target audience, and other options you select
- Generated content β the AI-produced manuscripts, cover images, and KDP metadata we create for you
3.5 Usage and Technical Data
We automatically collect certain information when you access our Service:
- IP address and approximate geographic location
- Browser type and version, operating system
- Pages visited, features used, and time spent on the Service
- Referring website or source
- Device identifiers
3.6 Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. These include essential cookies for authentication and session management, and optional cookies for analytics and preferences (with your consent).
4. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process your book generation requests via AI APIs | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send transactional emails (receipts, password resets) | Contract performance |
| Improve and optimize the Service | Legitimate interest |
| Analyze usage patterns and performance | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Send marketing communications | Consent |
| Set analytics cookies | Consent |
| Comply with legal obligations | Legal obligation |
5. AI Processing and Third-Party AI Services
Our Service uses third-party artificial intelligence APIs to generate book content. When you submit a topic for book generation:
- Your topic and generation preferences are sent to Anthropic (Claude API) for research, outlining, writing, and editing
- Your topic may be sent to OpenAI (GPT Image API) for cover image generation
- These AI providers process your input to generate content and return it to our servers
Important disclosures:
- Your inputs are not used to train Anthropic's or OpenAI's models. Both providers have data processing agreements that prohibit using API inputs for model training.
- All generated content is AI-produced. While we strive for quality, AI outputs may contain inaccuracies and should be reviewed before publication.
- Generated content is stored on our servers and associated with your account until you delete it or close your account.
- We do not share your inputs or generated content with any party other than the AI providers necessary to generate your books.
6. Third-Party Service Providers
We use the following third-party services that may process your personal data:
| Provider | Data Shared | Purpose |
|---|---|---|
| Stripe | Email, payment tokens | Payment processing |
| Google OAuth | Auth tokens, profile data | Single sign-on |
| Anthropic (Claude) | Book topics, prompts | AI content generation |
| OpenAI | Cover generation prompts | AI cover image generation |
| Google Analytics | IP, device info, page views | Usage analytics (with consent) |
We maintain Data Processing Agreements (DPAs) with all third-party providers as required by GDPR Article 28.
7. Data Retention
We retain your personal data for the following periods:
- Account data β retained for the duration of your account, plus 90 days after deletion
- Generated books and content β retained while your account is active; deleted 30 days after account closure
- Payment records β retained for 7 years for tax and legal compliance
- Usage analytics β anonymized after 26 months
- Cookie consent records β retained for 5 years for audit compliance
- Support correspondence β retained for 3 years after resolution
8. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, where our AI service providers are based. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) for transfers from the EU/EEA
- EU-US Data Privacy Framework certification (where applicable)
- Binding Corporate Rules or equivalent safeguards
9. Your Rights
9.1 Rights Under GDPR (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you have the following rights:
- Right of access β request a copy of the personal data we hold about you
- Right to rectification β request correction of inaccurate or incomplete data
- Right to erasure β request deletion of your personal data ("right to be forgotten")
- Right to restrict processing β request that we limit how we use your data
- Right to data portability β receive your data in a structured, machine-readable format
- Right to object β object to processing based on legitimate interests
- Right to withdraw consent β withdraw consent for processing based on consent at any time
- Right to lodge a complaint β file a complaint with your local data protection authority
9.2 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the following rights:
- Right to know β what personal information we collect, use, disclose, and sell
- Right to delete β request deletion of your personal information
- Right to correct β request correction of inaccurate personal information
- Right to opt out β opt out of the sale or sharing of your personal information
- Right to non-discrimination β you will not be discriminated against for exercising your rights
We do not sell your personal information. To exercise any of these rights, email privacy@inkstantai.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure password hashing using industry-standard algorithms
- Regular security assessments and monitoring
- Access controls and principle of least privilege
- Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options headers
While we take reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.
11. Children's Privacy
Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us at privacy@inkstantai.com, and we will promptly delete such information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we will provide additional notice via email or an in-app notification. We encourage you to review this policy periodically.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@inkstantai.com
- Website: inkstantai.com
For EU-specific inquiries, you may also contact your local Data Protection Authority.