Privacy Policy for InkHeart

Effective Date: November 22, 2025
Last Updated: November 26, 2025

Introduction

Welcome to InkHeart ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how InkHeart Entertainment collects, uses, discloses, and safeguards your information when you use our mobile application.

By using InkHeart, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our application.

Information We Collect

1. Information You Provide Directly

Account Information via OAuth:

When you sign in with Google: We collect your email address, name, and profile picture from your Google account
When you sign in with Apple: We collect your email address (or private relay email) and name from your Apple ID
We do not store passwords; authentication is handled securely by Google and Apple

Reading Preferences and Activity:

Books you read and add to your library
Chapters you unlock (via coins or subscription)
Reading progress and bookmarks
Reading history and session duration

Payment and Subscription Information:

Purchase history (subscriptions and coin bundles)
Transaction IDs and receipts
Subscription status and renewal dates
Payment processing is handled entirely by Apple App Store and Google Play Store
We do not store your credit card numbers, bank account information, or full payment details

Support Communications:

When you contact us for support via contact@inkheart.app, we collect your email address and the content of your messages

2. Information Collected Automatically

Device Information:

Device type and model
Operating system and version (iOS/Android)
Unique device identifiers
Mobile network information
App version

Usage Data:

App features accessed
Reading sessions and time spent reading
Screen views and navigation patterns
In-app actions and interactions
App crashes and performance data

Analytics and Diagnostics:

Error logs and crash reports (via Sentry)
Performance metrics
Feature usage statistics

Push Notification Tokens:

Device tokens for sending push notifications about new chapters, subscription updates, and reading reminders

3. Anonymous Usage

You can use InkHeart without creating an account. In this case:

We create an anonymous session tied to your device
Reading progress is stored locally on your device
You cannot sync data across devices or make purchases
Limited features are available

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery:

Providing access to reading content
Managing subscriptions and processing purchases
Unlocking chapters with coins
Syncing reading progress across your devices
Maintaining your reading library

Personalization:

Recommending books based on your reading history and preferences
Customizing your reading experience
Suggesting new content you might enjoy

Payment Processing:

Processing subscription payments and coin purchases
Managing billing cycles and automatic renewals
Preventing fraud and unauthorized transactions
Providing purchase history and receipts

Communication:

Sending push notifications about new chapters and book updates
Notifying you about subscription renewals and payment issues
Responding to support inquiries
Sending important service announcements

Improvement and Development:

Analyzing usage patterns to improve app functionality
Identifying and fixing bugs and performance issues
Developing new features based on user behavior
Conducting A/B testing for feature optimization

Legal Compliance and Safety:

Complying with legal obligations and regulations
Enforcing our Terms of Service
Protecting against fraud, abuse, and security threats
Responding to legal requests from authorities

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data under the following legal bases:

Contract Performance: Processing necessary to provide InkHeart services you've requested
Consent: When you provide explicit consent (e.g., marketing communications, analytics)
Legitimate Interests: Improving our services, preventing fraud, ensuring security
Legal Obligation: Complying with applicable laws and regulations

Data Storage and Security

Where We Store Data

Supabase (Primary Database):

Our backend infrastructure is hosted on Supabase (https://supabase.com)
Supabase uses Amazon Web Services (AWS) data centers
Data is primarily stored in the United States
Backups are maintained in multiple geographic regions for redundancy

Data Location:
Your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

End-to-end encryption in transit using HTTPS/TLS 1.2+
Encryption at rest for sensitive data
Row-Level Security (RLS) policies on all database tables
Secure token-based authentication (OAuth 2.0)
Regular security vulnerability scans

Administrative Safeguards:

Limited employee access to personal data (need-to-know basis)
Regular security training for team members
Incident response procedures
Regular security audits and penetration testing

Physical Safeguards:

Our service providers (Supabase/AWS) maintain SOC 2 Type II compliance
Physical security controls at data center facilities
Environmental controls and monitoring

Important Notice: No method of transmission over the internet or electronic storage is 100% secure. While we implement reasonable security measures, we cannot guarantee absolute security. You use our service at your own risk.

Third-Party Services

InkHeart integrates with the following third-party services. Please review their privacy policies to understand how they handle your data:

Supabase (Database & Backend)

Purpose: Data storage, user authentication, real-time sync, edge functions
Data Shared: All user data, reading progress, purchase records
Privacy Policy: https://supabase.com/privacy
Location: United States (AWS)

Sentry (Error Monitoring)

Purpose: Crash reporting, error tracking, performance monitoring
Data Collected: Error logs, stack traces, device type/model, OS version, app state at time of crash
Data NOT Collected: IP addresses, cookies, or other personally identifiable information (PII collection is disabled)
Privacy Policy: https://sentry.io/privacy/
Data Retention: 90 days

Google Sign-In (OAuth Provider)

Purpose: User authentication
Data Shared: Email address, name, profile picture
Privacy Policy: https://policies.google.com/privacy
What Google Receives: App usage when you sign in via Google

Apple Sign-In (OAuth Provider)

Purpose: User authentication
Data Shared: Email address (or private relay), name
Privacy Policy: https://www.apple.com/legal/privacy/
What Apple Receives: App usage when you sign in via Apple

Apple App Store (Payment Processing)

Purpose: Processing in-app purchases and subscriptions (iOS)
Data Shared: Purchase information, transaction details
Privacy Policy: https://www.apple.com/legal/privacy/
We Receive: Transaction receipts, subscription status

Google Play Store (Payment Processing)

Purpose: Processing in-app purchases and subscriptions (Android)
Data Shared: Purchase information, transaction details
Privacy Policy: https://policies.google.com/privacy
We Receive: Transaction receipts, subscription status

Expo Push Notification Service

Purpose: Delivering push notifications
Data Shared: Device tokens, notification content
Privacy Policy: https://expo.dev/privacy

Advertising and Tracking

InkHeart does NOT track you for advertising purposes.

We do not collect Apple's IDFA (Identifier for Advertisers)
We do not collect Google's Advertising ID (GAID)
We do not share your data with advertising networks
We do not share your data with data brokers
We do not use your data for targeted advertising
We do not link your data with third-party data for advertising

Our analytics are used solely to improve the app experience and are stored in our own database (Supabase), not shared with third parties for advertising.

Cookies and Tracking Technologies

InkHeart does not use traditional web cookies, but we do use similar technologies:

Local Storage:

Stores reading progress, preferences, and settings on your device
Cached book covers and content for offline access
Remains on device until app is uninstalled or cache is cleared

Session Tokens:

Securely maintains your logged-in state
Automatically expires after period of inactivity
Revoked when you sign out

Device Identifiers:

We generate a random unique identifier (UUID) for your device
This is NOT Apple's IDFA or Google's Advertising ID
Used for purchase restoration, fraud prevention, and analytics
Not shared with any third parties for advertising purposes
Reset when you delete the app and reinstall

Your Privacy Rights

Depending on your location, you have various rights regarding your personal information:

Universal Rights (All Users)

Access: Request a copy of your personal data we hold
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data
Portability: Receive your data in a machine-readable format (JSON)
Opt-Out: Unsubscribe from marketing communications and push notifications

Additional Rights for EU/EEA/UK Users (GDPR)

Right to Restrict Processing: Limit how we process your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
Right to Lodge a Complaint: File a complaint with your data protection authority
Right to Information: Receive detailed information about how we process your data

Additional Rights for California Residents (CCPA/CPRA)

Right to Know: What personal information we collect and how it's used
Right to Delete: Request deletion of your personal information
Right to Opt-Out of Sale: We do not sell your personal information
Right to Non-Discrimination: We won't discriminate against you for exercising your rights
Right to Correct: Request correction of inaccurate personal information

How to Exercise Your Rights

To exercise any of these rights:

Email: Send a request to contact@inkheart.app
In-App: Settings → Account → Privacy & Data
Subject Line: Include "Privacy Request: [Your Request Type]"

What We Need From You:

Your registered email address
Specific request details
Verification of your identity (for security purposes)

Response Time:

We will respond within 30 days (GDPR/CCPA standard)
Complex requests may take up to 60 days (we'll notify you of any extension)
We'll confirm receipt of your request within 3 business days

Account Deletion

To permanently delete your account:

Go to Settings → Account → Delete Account
Or email contact@inkheart.app with "Delete My Account" in the subject line

What Happens When You Delete:

Personal information deleted within 30 days
Reading history and progress permanently removed
Active subscriptions will continue until the end of the billing period (must be cancelled separately in App Store/Play Store)
Coin balances forfeited (no refunds)
Some data retained in backups for up to 90 days
Anonymized usage data may be retained for analytics
Transaction records retained for 7 years (legal/tax requirements)

Cannot Be Undone: Account deletion is permanent and irreversible.

Children's Privacy

InkHeart is rated 12+ and is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from a child under 13, please contact us immediately at contact@inkheart.app. We will promptly delete such information.

Age Rating Details:

Rated 12+ for mild suggestive themes
May contain infrequent/mild romantic content
Mild fantasy/horror elements

Subscriptions and In-App Purchases

How Subscriptions Work

Available Plans:

Weekly Membership: $19.99/week (first week introductory price: $9.99)
Monthly Membership: $39.99/month
Yearly Membership: $199.99/year

Subscription Benefits:

Unlimited access to all books and chapters
Ad-free reading experience
Early access to new releases
Sync across all your devices

Coin Purchases (One-Time)

Available Bundles:

200 Coins: $4.99
450 Coins: $9.99
1000 Coins: $19.99
3000 Coins: $49.99

Coin Usage:

Unlock individual chapters (prices vary by chapter)
Coins do not expire
No refunds for unused coins

Subscription Management

Billing:

Handled entirely by Apple App Store (iOS) or Google Play Store (Android)
Payment method on file with your Apple/Google account

Automatic Renewal:

Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current period
You will be charged within 24 hours prior to the end of the current period
Subscription period extends by the renewal period upon successful payment

Cancellation:

Cancel anytime through your App Store or Play Store account settings
Access continues until the end of the current billing period
No partial refunds for unused time

To Cancel:

iOS: Settings → [Your Name] → Subscriptions → InkHeart → Cancel Subscription
Android: Play Store → Menu → Subscriptions → InkHeart → Cancel Subscription

Refunds

Refund requests are handled by Apple or Google according to their respective policies
We do not have access to process refunds directly
Apple Refunds: reportaproblem.apple.com
Google Refunds: play.google.com/store/account/subscriptions
Contact us at contact@inkheart.app for assistance with refund requests

Data Retention

We retain your information for different periods depending on the type of data:

Active Accounts:

Account information: Until account deletion
Reading progress: Until account deletion
Purchase history: 7 years (legal requirement)
Support communications: 3 years

Deleted Accounts:

Personal data: Deleted within 30 days
Backup retention: Up to 90 days
Transaction records: 7 years (tax/legal compliance)
Anonymized analytics: Indefinitely

Inactive Accounts:

Accounts with no activity for 3+ years may be deleted after email notification

International Data Transfers

InkHeart operates globally, and your information may be transferred to and processed in countries other than your country of residence, including the United States.

For EU/EEA/UK Users:

We use Standard Contractual Clauses (SCCs) approved by the European Commission
Our service providers are required to implement appropriate safeguards
Your data is protected by GDPR-equivalent safeguards when transferred outside the EU/EEA

For Users in Other Regions:

Data may be transferred to the United States and other countries where our service providers operate
We ensure appropriate safeguards are in place for international transfers

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

Posting the updated policy in the app
Updating the "Last Updated" date at the top
In-app notification for significant changes
Email notification to registered users (for material changes)

Your Continued Use:
Your continued use of InkHeart after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, please stop using the app and delete your account.

Review Regularly:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information We Collect:

Identifiers (email, device ID)
Commercial information (purchase history)
Internet activity (app usage, reading history)
Inferences (reading preferences, book recommendations)

We Do Not Sell Personal Information:
InkHeart does not sell, rent, or share your personal information for monetary or other valuable consideration.

Shine the Light Law:
California residents may request information about disclosures to third parties for direct marketing purposes (we do not make such disclosures).

Contact for California Privacy Rights:
Email: contact@inkheart.app
Subject: California Privacy Rights Request

Virginia, Colorado, Connecticut, and Utah Residents

Residents of Virginia, Colorado, Connecticut, and Utah have similar rights under state privacy laws. Contact us at contact@inkheart.app to exercise your rights.

Contact Information

General Inquiries:
Email: contact@inkheart.app
Response Time: Within 2 business days

Privacy-Specific Inquiries:
Email: contact@inkheart.app
Subject: Privacy Inquiry

Data Protection Officer (EU/EEA):
Email: contact@inkheart.app
Subject: DPO - GDPR Inquiry

Company Information:
InkHeart Entertainment
Email: contact@inkheart.app

Mailing Address:
For written correspondence, please email us first at contact@inkheart.app and we will provide our current mailing address.

In-App Support:
Settings → Help & Support → Contact Us

Consent and Agreement

By downloading, installing, or using InkHeart, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with this Privacy Policy, you must not use InkHeart. Your continued use of the app following the posting of changes to this Privacy Policy will be deemed your acceptance of those changes.