Privacy Policy
**Inky — AI Tattoo Design Assistant**
**Last Updated:** April 26, 2026
This Privacy Policy explains how **Lucian Horvat** ("we," "us," or "our") collects, uses, stores, and protects your information when you use the Inky iOS application ("Inky" or the "App"). We are committed to protecting your privacy and being transparent about our data practices.
By using Inky, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Apple ID credentials (via Sign in with Apple): We receive an identity token, and optionally your name and email address, as provided by Apple. You may choose to hide your email using Apple's private relay service.
- Google account credentials (via Sign in with Google): We receive an authentication token through Google OAuth, which provides access to your basic profile information (name and profile picture) and email address.
We assign each account a unique identifier (UUID) which is used internally to associate your data.
1.2 Content You Create
When you use Inky, you may provide:
- Text prompts and messages: Your tattoo design requests, questions, and conversation text.
- Uploaded images: Photos you take with your camera or select from your photo library for use as tattoo references or body-part placement previews.
- AI-generated images: Tattoo designs created by Inky's AI based on your prompts.
1.3 Conversation & Project Data
- Chat history: Your full conversation history with Inky, including all text messages and images.
- Project memory: Preferences and context you share during a conversation (e.g., preferred tattoo style, placement, size, color preferences, existing tattoo notes).
- Conversation titles: Short labels for each conversation thread.
1.4 Subscription & Billing Data
- Subscription status: Your current plan tier (Basic, Pro, or Premium), billing period, and entitlement status.
- Purchase events: Transaction metadata received via RevenueCat webhooks (event IDs, product IDs, timestamps, renewal/cancellation status).
- Usage counters: The number of AI routing requests and image outputs you have used within your current billing period.
We do not collect or store your payment card details, bank information, or Apple ID password. All payments are processed entirely by Apple through the App Store.
1.5 Device Permissions
Inky may request the following device permissions:
- Camera: To take photos for use as tattoo references.
- Photo Library (Save): To save generated tattoo designs to your device.
1.6 Analytics & Diagnostics
Inky does not use any third-party analytics, crash reporting, or advertising SDKs. There is no Firebase, Crashlytics, Sentry, Mixpanel, Amplitude, or similar service integrated.
We maintain a lightweight, device-local-only diagnostic log for AI request tracing (request IDs, timing, and error categories). This data is written to the device's system log and is never transmitted to any external server.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the core service | Text prompts, uploaded images, project memory |
| Store your conversations | Messages, images, and project memory (encrypted) |
| Manage your subscription | Account ID, entitlement status, usage counters |
| Process purchases | Subscription events from RevenueCat |
| Improve reliability | Local diagnostic logs |
3. How We Protect Your Data
3.1 End-to-End Encryption for Conversations
All conversation content (messages, images, and project memory) is encrypted using AES-256-GCM before being stored:
- A unique 256-bit encryption key is generated per user and stored exclusively in the iOS Keychain on your device.
- Data is encrypted on your device before upload and decrypted on your device after download.
- Our servers store only encrypted ciphertext — we cannot read your messages or view your images at rest.
4. Third-Party Services
4.1 Google Cloud — Vertex AI (Gemini)
Your text prompts, uploaded images, and project memory context are sent to Google's Vertex AI API to generate tattoo designs and provide conversational AI responses.
4.2 RevenueCat
Your anonymized user ID is shared with RevenueCat for subscription lifecycle management.
4.3 Apple
Used for account authentication and subscription payment processing.
4.4 Supabase
Your encrypted data and account information are stored in a Supabase-hosted database.
5. Data Retention
Account and conversation data are retained as long as your account is active. Local cache is stored on-device until you sign out.
6. Your Rights
Depending on your jurisdiction, you may have rights to access, rectification, erasure, and portability of your data. Contact us at lucianhorvat.business@gmail.com to exercise these rights.
7. Children's Privacy
Inky is not directed at children. You must be at least 13 years old to use the App.
8. Contact Us
If you have questions, please contact us at lucianhorvat.business@gmail.com.