1. Introduction
Welcome to Inkroost ("we", "our", "us"). We are committed to protecting your personal data
and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service
at https://inkroost.com.
2. Data Controller
The data controller responsible for your personal data is:
3. What Data We Collect
We may collect and process the following personal data:
- Account data: Name, email address, password (hashed), profile information
- Usage data: Pages visited, features used, timestamps, IP address, browser type
- Payment data: Billing address, payment method details (processed securely by Stripe — we do not store card numbers)
- Communication data: Messages, support requests, feedback you send us
- Cookie data: See our Cookie section below
4. Legal Basis for Processing
We process your data based on the following legal grounds (GDPR Article 6):
- Contract performance: To provide you with our service and manage your account
- Legitimate interests: To improve our service, prevent fraud, and ensure security
- Consent: For optional cookies, marketing communications, and analytics
- Legal obligation: To comply with tax, accounting, and regulatory requirements
5. How We Use Your Data
- To create and manage your account
- To provide and improve our service
- To process payments via Stripe
- To send transactional emails (account confirmations, password resets)
- To send marketing communications (only with your explicit consent)
- To detect, prevent, and address technical or security issues
- To comply with legal obligations
6. Data Sharing
We may share your data with:
- Stripe: Payment processing (Stripe Privacy Policy)
- Hosting provider: To host and serve our application
- Email provider: To send transactional and marketing emails
- Analytics: Anonymized usage data (only with your consent)
We do not sell your personal data to third parties.
7. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion
- Payment records: Retained for 7 years as required by tax regulations
- Usage logs: Retained for 90 days, then anonymized or deleted
- Support communications: Retained for 2 years after resolution
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request restricted processing of your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent at any time without affecting prior processing
To exercise any of these rights, contact us at
[email protected].
We will respond within 30 days.
9. Cookies
We use the following types of cookies:
- Essential cookies: Required for the service to function (session, CSRF token). These cannot be disabled.
- Analytics cookies: Help us understand how visitors use our service. Only set with your consent.
- Preference cookies: Remember your settings (e.g., dark mode). Only set with your consent.
You can manage your cookie preferences at any time via the cookie settings banner.
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
encryption in transit (TLS/HTTPS), encrypted storage for sensitive data, regular security audits,
access controls, and secure coding practices.
11. International Transfers
Your data may be processed outside the European Economic Area (EEA). Where this occurs,
we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs)
approved by the European Commission.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes
by email or by displaying a notice in the application. We encourage you to review this page periodically.
13. Contact & Complaints
If you have questions or complaints about how we handle your data, contact us at
[email protected].
You also have the right to lodge a complaint with your local data protection authority.
In the Netherlands, this is the Autoriteit Persoonsgegevens.