Skip to main content

Privacy Policy

Effective Date: June 13, 2026

Spiffai LLC ("we," "us," or "our") operates Inkbreaker (the "Platform"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Platform, and describes your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy legislation.


1. Data Controller

Spiffai is the data controller of your personal data. For data protection inquiries, please contact us at support@spiffai.com.

2. Data We Collect

We collect the following categories of personal data: account data (your name, email address, and profile picture provided through email sign-up or OAuth sign-in via Google or Discord); profile data (your chosen pen name/username); user content (pieces, drafts, comments, replies, feedback, and images you create or upload); image and media data (images you upload, which are stored with our content-delivery provider, together with related metadata such as file type and size); interaction data (sparkles, notification preferences, and content you interact with); preference data (display settings including theme, font size, and notification preferences); subscription and payment metadata (your plan, subscription status, and billing identifiers; full payment card details are handled by our payment provider and are not stored by us); technical data (such as IP address, browser type, device type, and operating system, which may be processed by our hosting, analytics, and error-monitoring providers, together with session tokens used to keep you signed in); usage data (pages visited, features used, and timestamps of activity, collected through our own activity records and, where you have consented, through our analytics provider); and, if you choose to import content from a connected third-party service, the content of the file you select for that import.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds: (a) Contract performance: to provide and maintain your account and the Platform services; (b) Legitimate interests: to improve the Platform, ensure security, and prevent fraud; (c) Legal obligations: to comply with applicable laws; and (d) Consent: where you have provided explicit consent, which you may withdraw at any time by contacting us.

4. How We Use Your Data

We use your personal data to: create and manage your account; display your content and profile to other users; deliver notifications about activity related to your content; personalize your experience on the Platform; process subscriptions and payments; improve Platform features and performance; ensure the security and integrity of the Platform; enforce our Terms and Conditions; and comply with our legal obligations.

5. AI and Automated Processing

Inkbreaker does not use artificial intelligence to create or analyze your writing. Our writing-analysis features, such as Prose Grade, use a deterministic scoring engine rather than a machine-learning or generative AI model. When you use these tools while signed in, the work you submit and the results it produces are saved to your account (for example, in your notebook and submission history) so you can return to them; this content stays under your control and can be deleted by you. If you try a writing-analysis feature without an account, such as a public demo, the text you enter is processed only to show you a result and is not saved to an account. We do not use any third-party AI service, including for content moderation. Your content is never sent to an external AI provider. Moderation uses deterministic, rule-based filters that run on our own servers plus human review: content may be screened by an automated filter, and anything it flags is queued for a person to review. You may ask us to have a moderation decision reviewed by a person by contacting support@spiffai.com. We never use your writing or images to train any AI model, and we do not authorize third parties to do so.

6. Authentication Providers

We support email-and-password sign-in and OAuth sign-in via Google and Discord. When you sign in through Google or Discord, we receive limited profile information (name, email, profile picture) as authorized by you; we do not receive your social-account passwords. When you sign in with email and password, your password is stored only in a securely hashed form. These third-party providers process your data under their own privacy policies, and we are not responsible for their privacy practices.

7. Service Providers and Sub-processors

We rely on a limited set of trusted third-party providers to operate the Platform, each acting as a data processor under appropriate data-processing terms and using your data only to provide their service to us. These currently include: cloud hosting and our application platform; a managed database provider; a content-delivery and image-storage provider; an email-delivery provider for account and notification emails; a payment provider that acts as merchant of record for subscriptions; a content-moderation provider used to screen flagged content; a product-analytics provider used, with your consent, to understand how the Platform is used; error-monitoring and performance-monitoring providers used to keep the Platform reliable and secure; a rate-limiting and security provider; a background-job provider that runs scheduled tasks such as digests; a real-time collaboration provider for co-editing; a GIF-search provider that receives the search terms you type when you look for a GIF; a book-information provider used to look up book details and cover images for reading lists; and the authentication providers described above. We do not sell your personal data to anyone.

8. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with: (a) service providers acting as data processors on our behalf who assist in operating the Platform, subject to appropriate data processing agreements; (b) law enforcement or government authorities when required by law or to protect rights, property, or safety; (c) a successor entity in the event of a merger, acquisition, or sale of assets, with prior notice to you; or (d) other parties with your explicit consent.

9. Payment Information

Paid subscriptions are processed by our third-party payment provider, which acts as the merchant of record. When you subscribe, your payment card and billing details are collected and processed directly by that provider under its own privacy policy. We do not receive or store your full payment card number. We retain limited billing metadata, such as your subscription status, plan, and the provider's transaction or customer identifiers, to manage your subscription and access.

10. International Data Transfers

If you are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in countries outside the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data.

11. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by applicable law. User-generated content you have posted, including uploaded images, may remain visible to other users until you delete it prior to requesting account deletion. Limited records may be retained longer where necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required by law, within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk to you, we will also notify affected users without undue delay.

13. Cookies and Tracking

We use a small number of cookies and similar technologies. Strictly necessary cookies keep you signed in and remember your settings; these are always on because the Platform cannot function without them, and we also use a cookie to remember your cookie choices. We use a privacy-focused product-analytics service to understand how the Platform is used, such as which pages are visited and which features are used, so that we can improve it. Even if you decline, this service keeps only an anonymous, aggregate count of visits: it stores nothing on your device, sets no cookies, and never identifies you or builds a profile of you. If you accept analytics cookies, it additionally remembers your device between visits, and when you are signed in connects that usage to your account, so we can understand how the Platform is used over time. You can accept or decline, and later change your choice, through our cookie banner and cookie-preferences settings. We do not use advertising cookies, we do not engage in third-party ad targeting, and we do not sell your data. Separately, to keep the Platform reliable and secure, we use error-monitoring and performance-monitoring services that may process limited technical information (such as IP address and device or browser details) when an error or performance issue occurs. You can also manage cookies through your browser, though disabling strictly necessary cookies may affect Platform functionality.

14. Email Communications

We send transactional emails necessary to operate your account, such as sign-in, password reset, billing, and important account or policy notices; these are not promotional and cannot be opted out of while your account is active. We also send optional emails, such as activity notifications and digests, which you can turn off at any time from your notification preferences or by using the unsubscribe link in those emails.

15. Your Rights

Depending on your jurisdiction, you may have the following rights: the right to access a copy of your personal data; the right to rectification of inaccurate or incomplete data; the right to erasure ("right to be forgotten"), subject to legal retention obligations; the right to restrict processing; the right to data portability in a structured, machine-readable format; the right to object to processing based on legitimate interests; the right to withdraw consent at any time; and the right to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at support@spiffai.com. We will respond within 30 days.

16. CCPA Rights (California Residents)

If you are a California resident, you have the right to: know what personal information we collect, use, disclose, and sell; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); and be free from discrimination for exercising your rights. To submit a CCPA request, contact us at support@spiffai.com.

17. Children's Privacy

The Platform is intended only for adults and is not directed to anyone under the age of 18. We apply a date-of-birth age gate at sign-up and do not permit accounts for anyone under 18. We do not knowingly collect personal data from anyone under 18, and we rely on the date of birth provided at sign-up to enforce this. If we become aware that we have inadvertently collected data from a person under 18, we will promptly delete it. If you believe we have collected data from a person under 18, please contact us immediately at support@spiffai.com.

18. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission, secure authentication, hashed passwords, and access controls. However, no method of transmission over the Internet is completely secure and we cannot guarantee absolute security.

19. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and, where required by law, by sending you an email notification. The effective date at the top of this policy indicates when it was last revised. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

20. Contact and Data Protection Inquiries

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us at support@spiffai.com. We are committed to resolving any concerns promptly and transparently.