Label Icon

Privacy

Privacy policy

Inkstone is the co-creative writing platform for the agent age

Hero ShapeHero Shape

Last updated: January 28, 2026

This Privacy Policy explains how Kentauros AI, Inc. (“Kentauros,” “we,” “us”) collects and uses information when you use Inkstone (the “Service”). We are the data controller for personal data processed under this policy (unless otherwise stated).

1) What data we collect

* Data you provide
* Account data: name (optional), email address, authentication credentials (handled by our authentication provider), and account settings.
* User content: the text, prompts, documents, files, and instructions you submit to the Service (“Input”), and any content you save (Input and/or Output).
* Support data: messages you send to support and related attachments.

Data collected automatically

* Usage data: feature usage, timestamps, session/activity events, and product interaction data.
* Device/technical data: IP address, browser type, device identifiers, operating system, app version, language, and approximate location (city/region) inferred from IP.
* Security data: authentication logs, rate-limit events, abuse signals, and security-relevant telemetry.

Payment data

We use Polar.sh (“Polar”) to manage subscriptions and billing. We receive billing metadata (e.g., subscription status, invoice/transaction references). We do not store full payment card numbers; payment handling is performed by Polar and its payment processing partners (including Stripe).

2) How we use data

Core principle: services only, NO training

We use personal data and your content only to provide and operate the Service.
We do not use your Input, Output, or Saved Content to train AI models.

Purposes

We use data to:

* Provide the Service: authenticate you, process Input to generate Output, and store content you choose to save.
* Customer support: respond to requests and troubleshoot issues.
* Safety and security: prevent fraud/abuse, detect security incidents, and enforce our Terms and Usage Policy.
* Reliability: maintain, debug, and improve performance (not training).
* Billing: manage subscriptions, renewals, taxes (if applicable), and payments via Polar.
* Legal compliance: meet legal obligations and respond to lawful requests.

Legal bases (GDPR/UK GDPR)

Where GDPR/UK GDPR applies, we process personal data under:

* Contract (to provide the Service),
* Legitimate interests (security, fraud prevention, service reliability, and business operations),
* Consent (for optional cookies/analytics where required),
* Legal obligation (compliance duties).

3) AI providers and subprocessors

To provide AI-powered features, we may share user inputs and relevant context with third-party AI service providers acting as processors on our behalf. These providers process data solely to deliver the requested functionality and do not use it to train or improve their models unless we explicitly enable such use.

We also use third-party service providers for essential functions such as authentication, cloud hosting, data storage, logging and monitoring, collaboration, realtime updates, email delivery, and billing. These providers may process personal data only as necessary to operate and support the Service.We maintain appropriate contractual safeguards with our service providers. A current list of subprocessors, including their purposes and locations, is available upon request by contacting us.

4) Data retention

We keep data only as long as necessary for the purposes above.

* Account data: kept while your account is active, and then for a limited period as needed for legal, security, and operational reasons.
* User content: kept while you keep it in the Service. If you delete content or close your account, we delete or de-identify it within a reasonable period, unless retention is required for legal compliance, dispute resolution, or security investigations.
* Logs/security records: kept for a limited period to maintain security, prevent abuse, and support investigations.
* Billing records: retained as required by tax/accounting laws.
* Backups: deleted data may remain in encrypted backups until backup rotation completes.

5) User rights

If GDPR/UK GDPR applies (and in other jurisdictions with similar rights), you may have rights to:

* Access your personal data,
* Correct inaccurate data,
* Delete your data,
* Restrict or object to certain processing,
* Data portability (where applicable),
* Withdraw consent (where processing is based on consent).

How to exercise your rights

Email support [AT] inkstone.pro from the email address associated with your account with your request (e.g., “access request” or “delete my account”). We may request verification information to protect your account and others.

Complaints

If you are in the EEA/UK, you can also lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve it.

6) International transfers

The Service is hosted in the United States. If you use the Service from the EEA, the UK, or other regions, your information will be transferred to and processed in the United States and potentially other countries where our service providers operate.

Where GDPR or UK GDPR applies, we rely on appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs), along with reasonable technical and organizational measures designed to protect your information.

7) Contact info

support [AT] inkstone.pro