Privacy Policy

InkPal collects minimal data necessary to operate the service:

• License keys issued upon purchase or activation
• Usage metrics such as tool invocation counts, error rates, and feature adoption (aggregated and anonymous)
• Email address provided during registration or purchase
• Payment information processed securely through our payment provider (Razorpay) — we do not store card details

We do not collect, transmit, or store your source code, project files, or any content processed by the MCP tools. All code analysis runs locally on your machine.

We use the collected data to:

• Validate your license and provision the correct feature tier
• Monitor service health and improve tool reliability
• Send transactional emails (license delivery, renewal reminders)
• Generate aggregate analytics to guide product development

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your data is stored securely using industry-standard practices:

• License and account data is stored in Supabase (PostgreSQL) with row-level security policies
• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Servers are hosted on Railway and Supabase infrastructure within secure data centers
• We retain account data for the duration of your subscription plus 30 days after cancellation

InkPal integrates with the following third-party services:

• Razorpay — payment processing and subscription management
• Supabase — database and authentication infrastructure
• Railway — application hosting
• GitHub — optional integration for code workflows

Each provider operates under their own privacy policy. We share only the minimum data required for each integration to function.

The InkPal website uses minimal cookies:

• Essential cookies for session management and authentication
• Analytics cookies (optional) to understand site usage patterns

We do not use advertising cookies or third-party tracking pixels. You can disable non-essential cookies through your browser settings.

If you are located in the EU (GDPR) or California (CCPA), you have the right to:

• Access your personal data we hold
• Correct inaccurate personal data
• Delete your personal data ("right to be forgotten")
• Export your data in a portable format
• Opt out of non-essential data processing

To exercise any of these rights, contact us at privacy@inkpal.ai. We respond to all requests within 30 days.

We implement multiple layers of security:

• HMAC signature verification on all webhook payloads
• CORS restrictions to approved origins only
• Rate limiting and request body size limits
• HSTS headers enforced on all endpoints
• Path traversal and injection sanitization
• Regular security audits and dependency updates

If you discover a security vulnerability, please report it to security@inkpal.ai.

For privacy-related questions or requests:

• Email: privacy@inkpal.ai
• Company: Upgrow Softwares LLP
• Location: India

We will respond to all inquiries within 30 business days.