Privacy Policy

Effective Date: April 2, 2026

Spiffai ("we," "us," or "our") operates Inkbreaker (the "Platform"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Platform, and describes your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy legislation.

1. Data Controller

Spiffai is the data controller of your personal data. For data protection inquiries, please contact us at support@spiffai.com.

2. Data We Collect

We collect the following categories of personal data: account data (your name, email address, and profile picture provided through OAuth sign-in via Google or Discord); profile data (your chosen pen name/username); user content (posts, comments, replies, and other content you create); interaction data (sparkles, notification preferences, and content you interact with); preference data (display settings including theme, font size, and notification preferences); technical data (IP address, browser type, device type, operating system, and session tokens); and usage data (pages visited, features used, and timestamps of activity).

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds: (a) Contract performance — to provide and maintain your account and the Platform services; (b) Legitimate interests — to improve the Platform, ensure security, and prevent fraud; (c) Legal obligations — to comply with applicable laws; and (d) Consent — where you have provided explicit consent, which you may withdraw at any time by contacting us.

4. How We Use Your Data

We use your personal data to: create and manage your account; display your content and profile to other users; deliver notifications about activity related to your content; personalize your experience on the Platform; improve Platform features and performance; ensure the security and integrity of the Platform; enforce our Terms and Conditions; and comply with our legal obligations.

5. Third-Party Authentication Providers

We use Google and Discord as OAuth providers for authentication. When you sign in via these providers, we receive limited profile information (name, email, profile picture) as authorized by you. We do not receive your passwords. These providers process your data under their own privacy policies. We are not responsible for the privacy practices of these providers.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with: (a) service providers acting as data processors on our behalf who assist in operating the Platform, subject to appropriate data processing agreements; (b) law enforcement or government authorities when required by law or to protect rights, property, or safety; (c) a successor entity in the event of a merger, acquisition, or sale of assets, with prior notice to you; or (d) other parties with your explicit consent.

7. International Data Transfers

If you are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in countries outside the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by applicable law. User-generated content you have posted may remain visible to other users until you delete it prior to requesting account deletion.

9. Cookies and Tracking

We use strictly necessary session cookies to authenticate your session and maintain your preferences. We do not use third-party advertising cookies or behavioral tracking technologies. You can manage cookie settings through your browser, though disabling necessary cookies may affect Platform functionality.

10. Your Rights

Depending on your jurisdiction, you may have the following rights: the right to access a copy of your personal data; the right to rectification of inaccurate or incomplete data; the right to erasure ("right to be forgotten"), subject to legal retention obligations; the right to restrict processing; the right to data portability in a structured, machine-readable format; the right to object to processing based on legitimate interests; the right to withdraw consent at any time; and the right to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at support@spiffai.com. We will respond within 30 days.

11. CCPA Rights (California Residents)

If you are a California resident, you have the right to: know what personal information we collect, use, disclose, and sell; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); and be free from discrimination for exercising your rights. To submit a CCPA request, contact us at support@spiffai.com.

12. Children's Privacy

The Platform is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will promptly delete it. If you believe we have collected data from a child under 13, please contact us immediately at support@spiffai.com.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission, secure authentication, and access controls. However, no method of transmission over the Internet is completely secure and we cannot guarantee absolute security.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and, where required by law, by sending you an email notification. The effective date at the top of this policy indicates when it was last revised. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

15. Contact and Data Protection Inquiries

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us at support@spiffai.com. We are committed to resolving any concerns promptly and transparently.