Privacy policy
Last updated: 2026-07-05
Inkproof ("we", "us") is a study-feedback service operated from Switzerland. This policy explains what personal data we process, why, and what rights you have. It is written to comply with the Swiss Federal Act on Data Protection (nFADP) and to follow GDPR hygiene for users in the EU/EEA.
What we process
- Account data — your email address, locale, and login timestamps. We use passwordless magic-link sign-in, so we never store a password.
- Study content you upload — course materials (PDFs) and photos or scans of your own work, plus the machine transcripts, search indexes, feedback documents, and progress records derived from them. This content can reveal which institution or course you attend; treat your uploads accordingly.
- Usage and billing data — plan, usage meters (pages ingested, feedback jobs), and payment state. Card details are handled by Stripe and never touch our servers.
- Technical logs — IP addresses and request metadata for security, rate-limiting, and abuse prevention. Logs contain no study content.
Why we process it (legal bases)
- To provide the service you signed up for (contract performance): storing your corpus, generating transcripts and feedback, tracking your progress.
- To bill you (contract performance, legal obligations).
- To secure the service (legitimate interest): rate limits, abuse detection, audit trail.
Where it goes (subprocessors and transfers)
We use a small number of subprocessors listed on the
subprocessors page. Some of them (AI providers, payment)
process data in the United States. Transfers to the US rely on the EU Standard
Contractual Clauses (SCCs) and the Swiss addendum thereto, as incorporated in
each provider's data-processing agreement. Our OCR provider (Mathpix) is
configured with improve_mathpix=false, so your documents are not used to
train their models.
We do not sell personal data. We do not use advertising trackers.
Cookies
We use only strictly necessary cookies: a signed session cookie for sign-in and, if you choose "remember me", a login cookie that lasts up to 14 days. We set no analytics, advertising, or third-party cookies, which is why there is no cookie consent banner.
Retention
- Your content stays as long as your account exists.
- If you delete your account, it is locked immediately and all data — database rows and stored files — is permanently purged within 30 days.
- Backups roll off within 30 days of deletion.
- Operational logs are kept at most 90 days.
Your rights
You can, at any time and self-service from Settings:
- Export all your data (originals, transcripts, feedback PDFs, and your event history) as a zip archive.
- Delete your account and all associated data.
Under the nFADP (and GDPR where it applies) you also have the right to rectification, restriction, and to lodge a complaint with the Swiss FDPIC or your local supervisory authority. For anything this page does not cover, email privacy@inkproof.io.
Changes
We will announce material changes to this policy by email to registered users at least 14 days before they take effect.