InkEngine

Privacy Policy

Last updated: 2 July 2026

This policy explains what data InkEngine collects, why, who it is shared with, and the rights you have over it. Short version: we collect what the product needs to work, we run no advertising or analytics trackers of any kind, and we never sell your data.

1. Who we are (data controller)

InkEngine is operated by Moneytise Ltd (company no. 16803031), registered office 17 Green Lanes, London, England, N16 9BS, which is the data controller for personal data processed through InkEngine under the UK GDPR and the Data Protection Act 2018. Contact: maydin@moneytise.co.

For payments, Stripe acts as merchant of record and is an independent controller of your payment data (see Sections 7 and 14).

2. Data we collect

  • Account data — your email address, password (stored only as a salted hash by our authentication provider, Supabase), and display name. If you sign in with Google, we receive your Google account email and name.
  • Profile and settings — your subscription tier, preferred model quality, and Google Drive folder settings.
  • Content — the prompts you enter, inspiration images you upload, and the images generated, upscaled, and edited for you (stored in Supabase Storage), plus project metadata.
  • Google Drive tokens — if you connect Google Drive, we store the OAuth access and refresh tokens needed to upload your images to your Drive (see Section 4).
  • Billing identifiers — your Stripe customer ID, subscription ID, and subscription status. We never receive or store your card number — Stripe collects payment details directly.
  • Usage records — your credit ledger (grants, spends, refunds, expiry) and generation/upscale counts.
  • Technical data — standard server logs (IP address, browser user agent) from our hosting infrastructure, kept on a short rotating basis.

We use no analytics, advertising, or tracking scripts of any kind.

3. How we use your data, and our legal bases

PurposeDataLegal basis (UK GDPR Art. 6)
Provide the Service — accounts, image generation, storage, creditsAccount, content, usage recordsContract (6(1)(b))
Send your prompts and images to AI providers to generate your imagesPrompts, uploaded and generated imagesContract (6(1)(b))
Upload your images to your Google DriveGenerated images, Drive tokensConsent (6(1)(a)) — withdraw by disconnecting Drive
Sync your subscription and billing state with StripeBilling identifiersContract (6(1)(b)); legal obligation (6(1)(c)) for transaction records
Prevent abuse, fraud, and credit-limit circumvention; secure and debug the ServiceAccount, usage, technical dataLegitimate interests (6(1)(f)) — protecting the Service; balanced against your rights
Send service emails — receipts (via Stripe), security and account notices, changes to termsEmail addressContract / legitimate interests

We do not send marketing emails without your consent.

4. Google user data (Drive and Google sign-in)

InkEngine's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In practice:

  • Drive access uses only the restricted drive.file scope — InkEngine can only see files and folders it creates itself, never your wider Drive.
  • Drive data is used solely to upload your generated images to your Drive and to create or list your chosen export folder — never for advertising, and never sold.
  • No humans read your Google data except with your consent for support, for security purposes, or where required by law.
  • Your Drive tokens are deleted when you disconnect Drive in Settings. You can also revoke InkEngine's access at any time at myaccount.google.com/permissions.
  • Google sign-in data (email, name) is used only to authenticate you.

5. AI processing

To generate your images, your prompts and any inspiration images are transmitted to third-party AI provider partners (such as Google and Replicate). These providers process the data to produce your images; their API terms state that API inputs are not used to train their models. We recommend not including personal data about other people in prompts.

6. Cookies

InkEngine sets only strictly necessary cookies: the Supabase authentication cookies that keep you signed in. There are no advertising, analytics, or third-party cookies. Because strictly necessary cookies are exempt from consent requirements under PECR, we do not show a cookie banner.

7. Who we share data with

ProviderRoleDataLocation
SupabaseDatabase, authentication, file storageAccount data, content, usage recordsEU (AWS eu-west-1, Ireland)
GoogleSign-in, AI image generation, Drive exportAuth profile; prompts and images sent for generation; Drive tokens and uploadsUS / global
ReplicateAI image generation, upscaling, background removalPrompts and images for those jobsUS
Stripe (privacy policy)Merchant of record: payments, tax, invoicingPayment and billing data (independent controller)US / global

We may also disclose data where required by law (courts, regulators), and in a merger or acquisition your data may transfer to the successor with notice to you. We do not sell personal data and share nothing for advertising.

8. International transfers

Some providers above process data in the United States. Where personal data leaves the UK/EEA, transfers are protected by appropriate safeguards — the UK Extension to the EU-US Data Privacy Framework where the provider is certified, and otherwise the UK International Data Transfer Agreement or Standard Contractual Clauses. Copies of the relevant safeguards are available on request.

9. How long we keep data

  • Account data — for the life of your account, then deleted within 30 days of closure.
  • Images and prompts — until you delete them or your account is closed (plus up to 30 days in backups).
  • Google Drive tokens — until you disconnect Drive or close your account; deleted promptly.
  • Credit ledger and billing-related records — up to 6 years after the transaction, for accounting and legal record-keeping, even after account closure.
  • Server logs — short rotating retention.

10. Security

Data is encrypted in transit (TLS). Database access is protected by row-level security so users can only reach their own records; passwords are hashed; OAuth tokens are stored server-side and never exposed to the browser; access to production systems is limited. No method of transmission or storage is 100% secure, but if a breach affects your rights we will notify you and the ICO as required by the UK GDPR.

11. Share links

If you create a share link for an image, anyone with that URL can view or download the image without logging in. The link may redirect to the copy in your Google Drive if Drive export is enabled. Only create share links for images you are comfortable making public; deleting the image disables its link.

12. Your rights

Under the UK GDPR you can ask us to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data ("right to be forgotten");
  • restrict or object to processing, including processing based on legitimate interests;
  • receive your data in a portable format;
  • withdraw consent at any time (for example, by disconnecting Google Drive) — this does not affect processing before withdrawal.

To exercise any right, email maydin@moneytise.co. We may need to verify your identity, and we respond within one month. You also have the right to complain to the Information Commissioner's Office (ico.org.uk) or, if you are in the EEA, your local supervisory authority.

13. Children

InkEngine is for adults aged 18 and over. We do not knowingly collect data from children; if you believe a child has created an account, contact us and we will delete it.

14. Payments and Stripe

Stripe is the merchant of record for InkEngine subscriptions and an independent controller of the payment data it collects (card details, billing address, tax location) — see Stripe's Privacy Policy. We receive only customer and subscription identifiers and subscription status.

15. Changes to this policy; contact

If we make material changes to this policy we will notify you by email or a prominent in-app notice before they take effect; the "Last updated" date above always reflects the current version.

Contact: maydin@moneytise.co · Moneytise Ltd (company no. 16803031), 17 Green Lanes, London, England, N16 9BS.