Privacy Policy

1. Who we are

InkRobin (“we”, “us”) operates the e-signature platform at inkrobin.com. For questions about this policy or your data, contact us at hello@inkrobin.com.

2. What data we collect

Account data

Name and email address when you create an account. Billing information (processed by Stripe; we do not store card numbers).

Document data

Documents you upload are stored encrypted. We store document metadata (name, creation date, status) and the audit trail events recorded during signing (timestamps, IP addresses, signer emails, document hashes).

Usage data

Standard server logs including IP address, browser type, pages visited, and timestamps. We use this to operate and improve the Service.

Signer data

When a recipient signs a document, we record their name (as entered), email address, IP address, browser user-agent, and the timestamp of their signature. This data forms the audit trail and is disclosed to the document sender as part of the Certificate of Completion.

3. How we use your data

• To provide the Service: process and store documents, facilitate signing, deliver signed copies
• To generate audit trails that establish the legal validity of signatures
• To process payments via Stripe
• To send transactional emails (signing requests, completion notifications, billing receipts)
• To operate and improve the platform (usage analytics, error monitoring)
• To comply with legal obligations

We do not read document content for any purpose other than rendering it for signing. We do not sell personal data to third parties. We do not use document content to train AI models.

4. Legal bases (GDPR)

Where the GDPR applies, we process personal data on the following bases: contract performance (operating the Service you signed up for), legitimate interests (security, fraud prevention, improving the Service), legal obligation (complying with applicable law), and consent (where requested for specific communications).

5. Data sharing

We share data only with:

• Supabase: database and authentication infrastructure
• Stripe: payment processing
• Vercel: frontend hosting
• Sentry: error monitoring (anonymised stack traces)
• Law enforcement or regulators, when required by applicable law

All processors are contractually required to handle data in accordance with applicable data protection law.

6. Data retention

We retain documents and audit trails for as long as your account is active, plus a reasonable period thereafter. You can delete a document from your account at any time. Deletion removes the file and its audit trail. Account data is retained for the duration of your account and deleted within 90 days of account closure on request.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal data. To exercise these rights, email hello@inkrobin.com. We will respond within 30 days.

Note: audit trail data attached to a signed document may not be deletable where doing so would undermine the integrity of a legally executed document. We will advise you if this applies to a specific request.

8. Security

Documents are stored encrypted at rest. All data in transit uses TLS. Access to production systems is limited to authorised personnel. We use Supabase Row-Level Security to ensure users can only access their own data.

9. Cookies

We use essential cookies for authentication (session management). We do not use tracking cookies or advertising cookies. Analytics, if any, are privacy-preserving and do not use persistent cross-site tracking.

10. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to registered users before they take effect. The current version is always at inkrobin.com/privacy.

12. Contact

Privacy questions or requests: hello@inkrobin.com.