Legal
Privacy policy
Last updated: July 6, 2026
What this covers
This policy explains what Inklate collects, why, and what control you have over it. It applies to the marketing site (inklate.com), the product (app.inklate.com), and the API (api.inklate.com), together "the Service."
What we collect
- Account information. Your name, email address, and authentication identifiers. Sign-in uses Google or a one-time email code; we never store passwords.
- Organization data. Organizations you create or join, your role in them, and settings such as API keys you mint (stored hashed).
- Content. Drafts, scheduled posts, and published posts your organization creates, plus the per-post analytics we fetch from connected networks.
- Channel connections. When you connect a channel such as LinkedIn, we store the OAuth tokens the network issues, encrypted, and only use them to act on your instructions — publishing and reading analytics.
- Usage data. Product analytics (page views, feature usage, errors) collected through PostHog to understand and improve the Service.
- Billing data. Subscriptions are processed by Polar, our merchant of record. We store the subscription state; Polar holds the payment details. We never see your full card number.
What we don't do
- We don't sell your data, ever.
- We don't publish anything without an explicit action by your team or your agents.
- We don't train machine-learning models on your content.
- We don't read one organization's data on behalf of another — isolation is enforced at the database row.
AI agents
Agents connect through the same guarded API as the dashboard, authorized by an organization API key or an OAuth grant a member approves. An agent can only reach the organization it was authorized for, and every call is checked against that organization's roles and plan. Revoking the key or grant severs access immediately.
Processors we rely on
- Amazon Web Services (AWS) — hosting and content delivery.
- PostHog — product analytics and error monitoring.
- Polar — payments and subscription management (merchant of record).
- Google — optional sign-in.
- Connected networks (e.g. LinkedIn) — publishing and analytics, under their own terms.
Cookies and local storage
We use strictly functional storage: your session, your theme preference, and analytics identifiers. No third-party advertising cookies.
Retention and deletion
Your data stays as long as your account or organization exists. Delete a post, a channel, an organization, or your account and the associated data is removed from production systems, with encrypted backups expiring on a rolling schedule.
Your rights
You can access, correct, export, or delete your personal data. Depending on where you live (GDPR, CCPA, and similar), you may have additional rights — we honor requests under all of them regardless of geography.
Contact
Questions or requests: reach us from the dashboard, or write to the contact address published at inklate.com. We answer privacy requests within 30 days.
Changes
If this policy changes materially, we'll note it here with a new date and announce it in the product before it takes effect.