Privacy Policy

Last updated: April 19, 2026

This Privacy Policy describes how Inkspire ("we", "us" or "our") collects, uses, stores and otherwise processes personal data of users ("you", "your") of the Inkspire mobile application (the "App") and this website (the "Site", together with the App, the "Services").

We process personal data in accordance with Regulation (EU) 2016/679 ("GDPR"), the Bulgarian Personal Data Protection Act ("PDPA") and other applicable laws.

1. Scope

This Privacy Policy applies to personal data we process when you:

create and use an Inkspire account in the App;
read stories and use the immersive reading features;
subscribe to paid plans via the Apple App Store or Google Play Store;
contact us for customer support or other inquiries;
visit or interact with the Site.

2. Personal Data We Collect

3.1 Data you provide directly

Account data: email address used to sign in (including via Email One-Time Password, Sign in with Apple or Sign in with Google).
Authentication identifiers:unique user identifiers provided by Apple or Google when you sign in with those services. If you use Sign in with Apple and choose to hide your email, we only receive Apple's private relay email address.
Support communications: the content of emails or messages you send us when requesting help or providing feedback.

3.2 Data generated through your use of the App

Library and reading activity: which stories you open, your reading progress, stories marked as currently reading or completed, and similar activity needed to power your personal Library.
App preferences and settings: choices you make within the App that affect your reading experience.
Device and technical data: device type, operating system and version, App version, language settings and diagnostic information such as crash reports, stack traces and performance metrics (collected via Sentry).
Usage data: aggregated or pseudonymous information about how features of the App are used (for example, reads count), used to improve the Services.

3.3 Data we receive from third parties

Identity providers (Apple, Google): a unique identifier and an email address (or private relay address) so that we can create and authenticate your account.
App stores (Apple App Store, Google Play):paid subscriptions are offered and billed through Apple's and Google's subscription platforms. They process and retain subscription and transaction-related information (such as subscription type, renewal status, and the country associated with your store account) on their own systems. We do not store that information. We do not receive or store your payment card details.
Subscription implementation (RevenueCat): we use RevenueCat (RevenueCat, Inc., USA) to implement in-app subscriptions. RevenueCat receives subscription-related data from the App and from Apple or Google (for example, product identifiers, subscription status and technical identifiers) so we can verify entitlements and manage the subscription experience. See the RevenueCat Privacy Policy.

We do not intentionally collect special categories of personal data (such as health, religious or political information). Please avoid sharing such information with us.

3. Purposes of Processing and Legal Bases

We process your personal data for the following purposes and on the following legal bases:

Provision of the Services (creating and maintaining your account, enabling App features) — Art. 6(1)(b) GDPR, performance of a contract with you (our Terms and Conditions).
Authentication and account security (Email OTP, Sign in with Apple, Sign in with Google, preventing unauthorised access) — Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, our legitimate interest in keeping accounts and the Services secure.
Providing the immersive reading experience (serving stories, synchronising reading progress, delivering visual and audio content) — Art. 6(1)(b) GDPR.
Processing subscriptions (verifying active subscription status via RevenueCat and the Apple App Store or Google Play) — Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR, compliance with accounting, tax and consumer protection laws.
Customer support (replying to your inquiries, investigating and resolving issues) — Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Analytics, quality and improvement (understanding how the App is used, fixing bugs, improving stability and features) — Art. 6(1)(f) GDPR, our legitimate interest in operating and improving the Services.
Compliance with legal obligations (including obligations under Bulgarian and EU law, responding to lawful requests from competent authorities) — Art. 6(1)(c) GDPR.
Establishing, exercising or defending legal claims — Art. 6(1)(f) GDPR.

4. Recipients and Categories of Third Parties

We do not sell your personal data. We share personal data only with trusted recipients who help us operate the Services, and only to the extent necessary. Typical categories include:

Backend, authentication, database and storage: Supabase (Supabase, Inc., USA) is our primary backend and infrastructure provider. Supabase hosts our database and file storage and processes sign-in requests for Sign in with Apple, Sign in with Google and Email One-Time Password (OTP) authentication. Supabase also delivers authentication emails (including OTP codes) on our behalf. See the Supabase Privacy Policy.
Identity providers: Apple Inc. (for Sign in with Apple) and Google LLC (for Sign in with Google) authenticate you and share a unique identifier and an email address (or, in the case of Apple, a private relay address) with Supabase so that we can create or look up your Inkspire account.
App distribution and payment platforms: Apple Inc. (App Store) and Google LLC (Google Play), which will process subscription purchases under their own terms and privacy policies once paid plans are introduced.
Subscription management: RevenueCat (RevenueCat, Inc., USA) provides the subscription implementation we use in the App. RevenueCat processes subscription-related data on our behalf to validate purchases, sync entitlement status across devices where applicable, and support subscription features. See the RevenueCat Privacy Policy.
Error logging and diagnostics: Sentry (Functional Software, Inc. d/b/a Sentry, USA) is used to collect crash reports, exceptions and diagnostic telemetry from the App so that we can detect and fix issues. Events may include technical information such as device model, operating system, App version, stack traces and, where strictly necessary for debugging, a pseudonymous user identifier. We configure Sentry to minimise personal data and do not intentionally send story content or email addresses to Sentry. See the Sentry Privacy Policy.
Professional advisors (accountants, auditors, lawyers) bound by duties of confidentiality.
Competent public authorities where disclosure is required by law.

We do not sell your personal data and we do not share it with third parties for their own independent marketing purposes. All providers acting as processors on our behalf are bound by written data processing agreements in accordance with Art. 28 GDPR.

5. International Transfers

Some of our service providers are established outside the European Economic Area ("EEA") and may process personal data in third countries. In particular:

Supabase, Inc. is a US-based company. We select Supabase project regions within the EU where feasible, but some operational data may still be accessed from outside the EEA.
Sentry (Functional Software, Inc.)is a US-based company. Where offered, we prefer Sentry's EU data residency, but some processing may still involve transfers outside the EEA.
RevenueCat, Inc. is a US-based company and may process subscription-related data in the United States or other countries where it operates.
Apple Inc. and Google LLC (including their affiliates) process data on a global infrastructure, including in the United States.

Where personal data is transferred outside the EEA, we rely on an appropriate safeguard under Chapter V GDPR, such as:

an adequacy decision of the European Commission (e.g. the EU–US Data Privacy Framework, where the recipient is certified); or
the EU Standard Contractual Clauses (2021/914); or
another valid transfer mechanism recognised by the GDPR.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Indicative retention periods are:

Account data and reading activity: for the duration of your account and for a limited period after account deletion, necessary for legal, security and dispute-resolution purposes.
Authentication logs (including OTP): short-term (typically up to a few months) for security and abuse-prevention purposes.
Subscription and billing records: for the period required under Bulgarian accounting and tax legislation (generally up to 10 years for accounting documents).
Support communications: for as long as needed to handle your inquiry and to defend against potential claims.

When personal data is no longer required, we will securely delete or irreversibly anonymise it.

When you delete your account, your personal data will be deleted or anonymised without undue delay, except where retention is required by law.

7. Your Rights

Subject to the conditions set out in the GDPR and the PDPA, you have the following rights in relation to your personal data:

Right of access (Art. 15 GDPR) — to obtain confirmation of whether we process your personal data and a copy of such data.
Right to rectification (Art. 16 GDPR) — to have inaccurate or incomplete data corrected.
Right to erasure(Art. 17 GDPR, "right to be forgotten") — to request deletion of your personal data where one of the grounds in the GDPR applies.
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR) — to receive personal data you provided in a structured, commonly used, machine-readable format.
Right to object (Art. 21 GDPR) — to object to processing based on our legitimate interests.
Right to withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal.
Right not to be subject to automated decision-making producing legal or similarly significant effects (Art. 22 GDPR). We do not currently engage in such automated decision-making.

You can exercise these rights by writing to us at support@inkspire-app.com. We will respond within one month, as required by the GDPR, and may extend that period by two further months where necessary, taking into account the complexity and number of requests. You can also delete your account and associated data by contacting us.

8. Security of Your Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as required by Art. 32 GDPR. These measures include, among others, encrypted transmission (TLS), access controls, secure authentication and regular reviews of our security practices.

No method of transmission over the Internet or electronic storage is fully secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

The Services are not intended for children under the age of 16. We do not knowingly collect personal data from children under this age without appropriate parental consent, where required by law. If you believe that a child has provided us with personal data, please contact us at support@inkspire-app.com and we will take steps to delete such data in accordance with applicable law.

10. Subscriptions and Payments

The App is planned to offer paid subscription plans distributed through the Apple App Store and Google Play Store. We use RevenueCat to implement and manage in-app subscriptions (including validating purchases and subscription status with Apple and Google). All subscription purchases, renewals and cancellations are processed directly by Apple or Google under their own terms and privacy policies. We and RevenueCat receive from these platforms only the information necessary to grant and manage your subscription (for example, subscription status, product identifiers, country of the store account). We do not have access to your payment card details.

11. Cookies and Similar Technologies

The App does not rely on web cookies. It may, however, use local storage on your device, unique identifiers provided by the operating system (such as identifier for advertisers, where applicable) and similar technologies strictly necessary to operate the App and to provide the features you request.

The Site may use cookies and similar technologies that are strictly necessary for its operation and, where required, optional cookies for analytics or performance. Where required by applicable law, we will obtain your consent prior to setting any non-essential cookies.

12. Third-Party Services and Links

The Services may contain links to third-party websites or rely on third-party services (for example, Apple, Google, cloud or analytics providers). This Privacy Policy does not cover the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you use.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. The updated version will be indicated by an updated "Last updated" date at the top of this page. Where changes are material, we will provide a more prominent notice (for example, in the App or by email). We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or the processing of your personal data, please contact us at support@inkspire-app.com.

15. Data Controller

The controller of your personal data is:

Inkspire Ltd
UIC: 208732068
Contact email: support@inkspire-app.com

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us at support@inkspire-app.com.