Privacy Policy

Our Privacy Commitment: Your Data Stays With You

At InkFiction, your privacy is our foundation. Your journal entries are stored exclusively in your personal iCloud account using Apple's CloudKit - we never store your journal content on InkFiction servers. Access to your journal is protected by Face ID and Touch ID, ensuring only you can read your entries. This privacy policy explains our security model and what limited data we do collect.

Security Architecture

How InkFiction Protects Your Privacy

InkFiction uses a privacy-first architecture that keeps your data under your control:

• iCloud Storage: All journal entries are stored in your personal iCloud account via Apple's CloudKit, not on our servers
• Biometric Protection: Face ID and Touch ID protect access to the app - only you can unlock your journal
• Apple ID Authentication: Your identity is verified through your Apple ID, eliminating the need for separate passwords
• Device Sync: Seamless synchronization across your iPhone, iPad, and Mac via your iCloud account
• Apple Encryption: iCloud provides enterprise-grade encryption for data at rest and in transit

What This Means for You

• Your Data, Your Cloud: Journal entries are stored in YOUR iCloud account, not on InkFiction servers
• No Server Access: We have no ability to read, access, or retrieve your journal content
• Apple Security: Your data benefits from Apple's industry-leading security practices
• Multi-Device Access: Access your journal on any device signed into your Apple ID
• Account Recovery: If you lose access to your Apple ID, use Apple's account recovery process

Important Security Note

⚠️ Your journal is protected by your Apple ID and biometric authentication. If you lose access to your Apple ID, you'll need to use Apple's account recovery process. InkFiction cannot recover your journal data as we don't store it on our servers.

1. Information We Collect

1.1 Information You Provide

• Apple ID: We use your Apple ID for authentication via iCloud - we don't store your email or password
• Journal Content (Stored in iCloud): Your journal text, moods, tags, and persona data are stored in your personal iCloud account via CloudKit. InkFiction servers never receive or store this content. AI-generated visuals are also stored in your iCloud account
• Persona: Your single persona with attributes and avatar styles - stored in your iCloud
• Preferences: Theme selections, notification settings, and app configurations

1.2 Information Automatically Collected

• Device Information: iOS version, device model (for optimization and support purposes)
• Usage Analytics: App usage patterns, feature interactions (may include anonymized metrics)
• Website Analytics: For our marketing website, we use Vercel Analytics and Speed Insights to collect anonymized page views, performance metrics, and user interactions. This data is privacy-friendly and does not use cookies or track personal information.
• Authentication Tokens: Secure session tokens for maintaining your login

1.3 Information We Do NOT Collect

• Precise location data
• Contacts or photos from your device (unless you explicitly share them)
• Advertising identifiers for ad targeting
• Biometric data (Face ID/Touch ID authentication is handled by iOS, not our servers)

2. How We Use Your Information

• Provide Core Features: Enable journaling, mood tracking, and persona management via your iCloud account
• AI Visual Generation: Process mood descriptors through AI models to generate personalized visual art and avatars
• AI Writing Assistance: When you use AI writing features, your text is sent to third-party AI services to provide writing suggestions and enhancements
• Improve the App: Analyze anonymized usage patterns and crash reports to improve features and fix bugs
• Send Notifications: Deliver daily prompts, reminders, and app updates (only if you enable notifications)
• Customer Support: Respond to your inquiries and troubleshoot technical issues

3. AI Processing and Third-Party Services

3.1 AI Visual Generation

InkFiction uses AI to generate personalized visual art and avatars:

• Mood-Based Generation: When you request visual generation, the app analyzes your entry's emotional tone and creates anonymized mood descriptors
• Avatar Styles: Your persona can be rendered in 5 different avatar styles (Artistic, Cartoon, Minimalist, Watercolor, Sketch)
• AI Processing: Visual generation requests are processed through our secure backend which connects to AI services
• No Identifiers: AI services receive mood descriptors and persona attributes, not your actual journal text or personal information

3.2 AI Writing Assistance

When you use AI writing features, your selected text is sent to third-party AI services through our secure backend. This allows us to provide intelligent writing suggestions without exposing API keys in the app.

• Only text you actively request AI assistance for is sent to the API
• Third-party AI provider privacy policies apply to data they process
• We recommend reviewing our AI providers' data handling practices

3.3 Important Note About AI Services

Please be aware that when using AI features, your journal content may be transmitted to third-party AI providers. While we use secure connections, you should avoid using AI features for extremely sensitive content if you have privacy concerns.

4. Data Storage and Security

4.1 iCloud-Based Storage

InkFiction stores all your journal data in your personal iCloud account using Apple's CloudKit:

• Your iCloud, Your Data: All journal entries, moods, tags, and persona data are stored in your private CloudKit container within your iCloud account
• No InkFiction Servers: We do not operate database servers that store your journal content - your data never touches our infrastructure
• Apple Encryption: iCloud provides encryption for data at rest and in transit
• Multi-Device Sync: Access your journal seamlessly across iPhone, iPad, and Mac
• Apple Compliance: iCloud maintains SOC 2 Type II, ISO 27001, and other security certifications

What this means: Your journal data is stored with Apple, not with InkFiction. We have no access to read, modify, or retrieve your journal entries.

4.2 Data Security Measures

• Biometric Authentication: Face ID and Touch ID protect access to the app
• Apple ID: Your identity is verified through your Apple ID
• Transport Security: All AI API calls use HTTPS encryption
• Regular Updates: We keep our app and backend workers up-to-date with security patches

4.3 Data Retention

• Active Accounts: Data is retained in your iCloud as long as you use the app
• Deleted Entries: When you delete a journal entry, it is removed from your iCloud
• App Deletion: Uninstalling the app does not delete your iCloud data - you can manage iCloud storage through iOS Settings
• iCloud Backups: Your journal data may be included in your iCloud backups, managed through your Apple ID settings

5. Data Sharing and Third Parties

5.1 We Do NOT Sell Your Data

We will never sell your personal information or journal content to advertisers or data brokers.

5.2 Third-Party Services We Use

• Apple iCloud/CloudKit: Journal data storage and sync (see Apple's privacy policy)
• Third-Party AI Services: AI writing assistance and visual generation (processed through secure cloud infrastructure)
• Vercel Analytics: Privacy-friendly website analytics for our marketing pages (no cookies, GDPR-compliant, see Vercel's privacy policy)
• Apple: App distribution via App Store and TestFlight

5.3 Legal Requirements

We may disclose your information if required by law (e.g., court order, subpoena) or to protect our rights, safety, or the safety of others. We will attempt to notify you unless legally prohibited from doing so.

6. Your Privacy Rights

You have the right to:

• Access Your Data: View all your journal entries and account information within the app
• Export Your Data: Request a copy of all your data in a portable format (contact support)
• Delete Your Data: Delete individual journal entries or your entire account (Settings > Account > Delete Account)
• Control AI Usage: Choose whether to use AI features that send data to third parties
• Manage Notifications: Control all app notifications through iOS Settings

7. GDPR & CCPA Compliance

7.1 For EU Users (GDPR)

If you are in the European Economic Area, you have rights under GDPR including:

• Right to access your personal data
• Right to data portability (export your data)
• Right to rectification (correct your information)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to automated decision-making

To exercise these rights, contact us at privacy@inkfiction.app.

7.2 For California Users (CCPA)

California residents have the right to:

• Know what personal information is collected and how it's used
• Request deletion of personal information
• Opt-out of data sales (we don't sell data)
• Non-discrimination for exercising CCPA rights

8. Children's Privacy

InkFiction is not intended for users under 13 years old. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@inkfiction.app.

9. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or in-app notification. Continued use of the app after changes indicates your acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding your privacy:

• Privacy Inquiries: privacy@inkfiction.app
• General Support: support@inkfiction.app
• Data Protection Officer: Available upon request for GDPR inquiries