Privacy Policy — Inkrest

Last updated: [EFFECTIVE DATE]

Inkrest is a dictation app developed by Lampblack Labs LLC ("we," "us," "our"), a limited liability company. This policy explains what Inkrest does and does not do with your information.

The short version: Inkrest converts your speech to text entirely on your device. Your audio recordings and transcripts are never sent to us or to any third party. We run no analytics, no tracking, and no advertising.

1. Information we do NOT collect

We do not collect, transmit, or store your voice recordings, transcripts, or refined text. All speech recognition and text refinement happen locally on your Mac or iPhone. We use no analytics, telemetry, crash reporting, tracking technologies, or advertising identifiers. (This "no collection" statement concerns the content you create. Separately, when your device contacts our licensing/update server, that server necessarily processes your IP address and basic request metadata to deliver updates and prevent abuse — see Section 3.)

2. Information processed on your device only

The following stays on your device and is never transmitted to us: transcript history (the most recent 50 entries, stored locally), your settings and custom vocabulary, and temporary audio files that are deleted after each transcription. On macOS, trial information is stored in your device's Keychain.

3. Limited information we receive for licensing, trials, and updates

To sell and license the software we operate a licensing service at dl.inkrest.app. Depending on how you use Inkrest, we may receive:

We store license records (email, name if you provided it, license tier, number of activated devices, a hashed identifier and the model class and platform of each activated device, and activation timestamps), trial records (a hashed device identifier and trial timestamps — no email), and any email you submit to our waitlist, in our database solely to operate licensing, enforce device limits, contact waitlist sign-ups, and prevent fraud.

3a. Legal bases (EEA/UK users)

Where the EU/UK GDPR applies, we rely on: performance of a contract (Art. 6(1)(b)) to issue and operate your license; our legitimate interests (Art. 6(1)(f)) in securing the service and preventing fraud and abuse (including issuing trials and enforcing our one-trial-per-device limit using a one-way hashed device identifier, and rate-limiting by IP); and your consent (Art. 6(1)(a)) to add you to our waitlist and email you about availability. You may withdraw waitlist consent at any time by emailing [email protected] or using the unsubscribe link in any message; withdrawal does not affect prior processing. We also rely on compliance with a legal obligation (Art. 6(1)(c)) to retain transaction and license records for the period required by tax and accounting law (see Section 7).

4. Model downloads

The first time you use a speech or language model, Inkrest downloads the model files from Hugging Face (huggingface.co). These are standard file downloads; we do not send your Inkrest account information to Hugging Face. Your interaction with Hugging Face is subject to Hugging Face's own privacy policy.

5. Payments

Purchases are processed by our payment providers — Paddle (our merchant of record for direct sales) and/or Apple (for App Store purchases). We do not receive or store your full payment-card details. Their handling of your information is governed by Paddle's Privacy Policy and Apple's privacy policy.

6. How we share information

We use Cloudflare as a service provider (processor) that hosts our licensing infrastructure and acts only on our instructions under a data-processing agreement. Paddle (our merchant of record) and Apple (App Store) act as independent controllers for the payment transaction and handle your payment information under their own privacy policies (see Section 5). For purposes of the California Consumer Privacy Act as amended (CCPA/CPRA): we do not "sell" or "share" your personal information (including for cross-context behavioral advertising), and we have not done so in the preceding 12 months; because we do not sell or share, there is nothing to opt out of; should we ever introduce any activity that constitutes a "sale" or "share," we will process opt-out preference signals (including browser Global Privacy Control signals) as required by law. We do not discriminate against you for exercising your privacy rights. The categories of personal information we collect are: identifiers (email, name), commercial information (license/purchase records), internet/network activity (IP and request metadata), and device information (a hashed device identifier, plus the model class and platform of each device activated under a paid license). We do not collect sensitive personal information as defined by the CCPA/CPRA. The sources of this information are you directly (email and name you provide at purchase or waitlist sign-up) and your device's network requests (IP, request metadata, and the hashed device identifier; starting a trial sends only the hashed device identifier); we retain each category as described in Section 7.

7. Data retention

We retain license records for the life of the license plus the period required by tax and accounting law (generally up to 7 years). Trial records (a one-way hashed device identifier) are retained on an ongoing basis specifically to enforce our one-trial-per-device limit and prevent abuse, even after a trial ends. Waitlist emails are retained until you unsubscribe or we close the waitlist. Short-lived rate-limit counters are automatically aged out. You may request deletion of your licensing or waitlist data as described below, subject to fraud-prevention and legal-retention needs.

8. Your rights

Depending on where you live (including under the EU/UK GDPR and California CCPA/CPRA), you may have rights to access, correct, or delete the personal information we hold (your email and license records) and to object to certain processing. To exercise these rights, email [email protected]. We will verify your identity (typically via the email associated with your license) and respond within the period required by law (generally one month under GDPR; 45 days under the CCPA, extendable). You may use an authorized agent where the law permits. EEA/UK users have the right to lodge a complaint with their local data protection authority. U.S. state privacy rights: residents of U.S. states with comprehensive privacy laws (including California, Virginia, Colorado, Connecticut, Texas, Utah, and others as they take effect) have rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, sale, and certain profiling. We do not engage in targeted advertising, sale, sharing, or profiling. To exercise any right, email [email protected]; if we deny a request you may appeal by replying to our response. Because we do not collect your audio or transcripts, we cannot access or delete content that exists only on your device — you control that within the app; for the backend data we hold, we will action access, correction, and deletion requests subject to fraud-prevention and legal-retention limits.

9. Children

Inkrest is intended for adults and is not directed to children. We do not knowingly collect personal information from children under 13 (or, where consent is the basis and a higher age applies in your country under GDPR Article 8, under that age — up to 16). If you believe a child has provided us information, contact [email protected] and we will delete it.

10. International users and data transfers

We operate from the United States; if you use Inkrest from outside the U.S., the limited licensing information described above is processed in the U.S. When we transfer personal information from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards, including the Standard Contractual Clauses approved by the European Commission and, where applicable, our service providers' certification under the EU-U.S. Data Privacy Framework. You may request a copy of the relevant safeguards by emailing [email protected].

11. Changes to this policy

We may update this policy; we will revise the "Last updated" date and, for material changes, provide notice through the app or our website.

12. Contact

Lampblack Labs LLC, 522 W Riverside Ave, Ste N, Spokane, WA 99201, USA — [email protected].