Privacy Policy
Effective Date: April 19, 2026
RedInkAI ("we," "our," "us") respects your privacy. This policy explains how we collect, use, store, and protect your information when you use redinkai.com and related services (the "Service").
1. Data Controller
RedInkAI is operated by RedInkAI Studio. For privacy inquiries, contact our Data Protection Officer:
Email: redinkaistudio@redinkai.com
2. Information We Collect
- •Account information: Name, email address, and hashed password (we never store plaintext passwords)
- •User content: Your writing, manuscripts, Story Bible entries, and creative work
- •AI interaction data: Guidance prompts, AI responses, and InkTrail logs (these form your authorship record)
- •Payment information: Processed securely by Stripe. We do not store credit card numbers
- •Usage data: Pages visited, features used, timestamps, and session data
- •Device and technical data: IP address, browser type, and operating system (via Google Analytics)
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following legal bases:
- •Contract performance: To provide the Service you signed up for (account, editor, guidance, InkTrail)
- •Legitimate interest: To improve the Service, prevent fraud, and ensure security
- •Consent: For marketing communications and optional analytics (you may withdraw consent at any time)
- •Legal obligation: To comply with applicable laws and regulations
4. How We Use Your Information
- •Provide, maintain, and improve the writing guidance service
- •Process payments and manage subscriptions via Stripe
- •Maintain InkTrail logs for authorship traceability and attestation
- •Generate Cognitive Audit Reports and attestation documents
- •Send transactional emails (password resets, account notifications)
- •Analyze usage patterns to improve features (aggregated, non-identifying)
5. Data Sharing and Sub-processors
We do not sell your personal data. We never have and never will.
We share data only with the following service providers, each bound by data processing agreements:
- •OpenAI (GPT-5.2): Processes your guidance prompts and manuscript excerpts to generate AI responses. OpenAI does not use API data to train models.
- •Stripe: Processes payment transactions. Stripe is PCI DSS Level 1 compliant.
- •MongoDB Atlas: Hosts our database infrastructure. Data encrypted at rest and in transit.
- •Resend: Delivers transactional emails (password resets, account notifications only).
- •Google Analytics: Collects anonymized usage data. You may opt out using browser extensions or cookie settings.
6. International Data Transfers
Your data may be processed in the United States, where our infrastructure providers operate. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and our sub-processors' compliance frameworks to ensure adequate protection.
7. Data Retention
We retain your data for as long as your account is active, plus the following periods after account deletion:
- •Account data: Deleted within 30 days of a verified deletion request
- •InkTrail and attestation records: Retained for 7 years after last activity (these serve as legal evidence of authorship and may be needed for disputes)
- •Payment records: Retained for 7 years as required by tax and financial regulations
- •Security logs: Retained for 1 year for fraud detection and incident response
- •Aggregated analytics: Retained indefinitely (non-identifying)
8. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
- •Access (GDPR Art. 15 / CCPA): Request a copy of all personal data we hold about you
- •Rectification (GDPR Art. 16): Correct inaccurate personal data
- •Erasure (GDPR Art. 17 / CCPA): Request deletion of your account and personal data. We will respond within 30 days. Note: InkTrail records tied to active attestations may be retained per Section 7.
- •Data portability (GDPR Art. 20): Receive your data in a structured, machine-readable format (JSON/CSV export)
- •Restriction (GDPR Art. 18): Request that we limit how we process your data
- •Objection (GDPR Art. 21): Object to processing based on legitimate interest
- •Withdraw consent: Where processing is based on consent, you may withdraw at any time
To exercise any of these rights, contact us at redinkaistudio@redinkai.com. We will respond within 30 days.
9. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- •Right to know: What personal information we collect, use, and disclose
- •Right to delete: Request deletion of your personal information
- •Right to opt out of sale: We do not sell personal information. No opt-out is necessary.
- •Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
To make a verifiable consumer request, email redinkaistudio@redinkai.com with the subject line "CCPA Request."
10. Cookies and Tracking Technologies
We use the following tracking technologies:
- •Essential cookies: Authentication tokens stored in browser localStorage (required for the Service to function)
- •Google Analytics (GA4): Collects anonymized page views and usage patterns. You can opt out using the Google Analytics Opt-out Browser Add-on.
We do not use advertising cookies or third-party tracking pixels.
11. AI Use and Governance
- •RedInkAI uses OpenAI's GPT-5.2 to provide writing guidance, not to generate content on your behalf
- •AI outputs are cognitive scaffolding: they surface questions, identify gaps, and structure thinking. They do not produce declarative content.
- •Every AI interaction is logged in your InkTrail with source labeling ("human" vs. "ai"), hash-chaining for tamper evidence, and adoption tracking
- •You decide what to adopt, dismiss, or ignore. The AI does not make decisions for you.
- •We do not use your content to train AI models. Your writing stays yours.
- •The AI will not generate specific academic citations. Verified sources are available through the Sources tab (Semantic Scholar / CrossRef with DOI verification).
- •Each guidance interaction records the exact system prompt version used (SHA-256 hash), enabling full reconstructability of any AI response.
12. Data Security
- •All data transmitted over HTTPS (TLS 1.2+)
- •Passwords hashed with bcrypt (never stored in plaintext)
- •InkTrail events secured with SHA-256 hash chains (tamper-evident)
- •Session closure creates an immutable integrity hash over the entire trail
- •Failed login attempts and security events logged for anomaly detection
- •Admin actions recorded in a separate audit log
No method of transmission over the Internet is 100% secure. We implement reasonable safeguards but cannot guarantee absolute security.
13. Children's Privacy
RedInkAI is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. Continued use of the Service after changes constitutes acceptance.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a data concern:
redinkaistudio@redinkai.comRelated Documents: