1. Introduction
InkLift (“we,” “us,” or “our”) is operated by Filipe Salvio, based in Brazil. InkLift provides AI-powered handwriting OCR and sync services for e-ink tablet users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at inklift.ai, our backend API, and our Obsidian plugin (collectively, the “Service”).
By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
2. Data We Collect
2.1 Account Information
When you register, we collect your email address and a password. Your password is hashed using bcrypt and is never stored or transmitted in plain text.
2.2 Device Credentials
To sync your reMarkable tablet, you provide a one-time authentication code. We exchange this for API tokens that are encrypted at rest using AES-256 (Fernet symmetric encryption) before being stored in our database. We never store your reMarkable account password.
2.3 Handwritten Page Images
When sync runs, page images are downloaded from your reMarkable Cloud account (or via SSH if you use USB mode). These images are stored temporarily on our server for OCR processing. After OCR is complete, the images are retained so you can view originals alongside transcriptions in your Obsidian vault.
2.4 OCR Results
The transcribed text from your handwritten pages, along with confidence scores and processing metadata, is stored in our PostgreSQL database. This is the core content you access through the dashboard and Obsidian plugin.
2.5 Billing Information
If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We never see, store, or process your credit card number. We store only your Stripe Customer ID and subscription status to manage your account tier.
2.6 Transactional Email
We use Resend to deliver transactional emails (welcome messages, OCR completion notifications, billing alerts). Your email address is shared with Resend solely for this purpose.
2.7 Third-Party Sync Destinations (OAuth)
When you connect a third-party service (Google) to sync your converted notes, we request specific OAuth permissions. We only request the minimum permissions needed for the features you use. You can revoke access at any time from your InkLift dashboard or from the third-party service’s security settings.
Google Scopes
| Scope | What It Allows | Why We Need It |
|---|---|---|
drive.file |
Create and manage files that InkLift has created in your Google Drive | InkLift creates Google Docs containing your converted handwritten notes. This scope limits access to only files InkLift created — we cannot see or modify any other files in your Drive. |
drive.readonly |
Read-only access to files in a Google Drive folder you designate | If you use Google Drive as an ingest source, InkLift reads PDFs (scanned notes, worksheets) from the folder you select and runs them through OCR. We never write, modify, or delete through this scope — all writes use the narrower drive.file scope. We do not index or cache files outside the folder you chose. |
documents |
Read and write Google Docs content | InkLift writes OCR-converted text from your handwritten notes into Google Docs format, preserving formatting and structure. |
calendar.events |
Read and write Google Calendar events | InkLift extracts dated action items and appointments from your handwritten notes and creates corresponding Google Calendar events. |
What we do NOT access: Your Gmail, Contacts, Google Photos, calendar-level settings (ACLs, sharing), or Drive files outside the folder you designate for ingest. We do not store your Google account password.
2.8 Usage & Technical Data
We collect basic operational data including sync job status, page counts, error logs, and performance metrics. We use Sentry for error monitoring (with a 10% trace sampling rate). We do not use cookies for advertising or tracking. The Service uses only essential session cookies for authentication.
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the OCR & sync service | Page images, OCR results, device tokens | Contract performance |
| Authenticate your account | Email, hashed password, JWT tokens | Contract performance |
| Process payments | Stripe Customer ID, subscription tier | Contract performance |
| Send transactional emails | Email address | Legitimate interest |
| Monitor errors & improve the service | Error logs, performance metrics | Legitimate interest |
| Sync notes to third-party destinations | OCR text, OAuth tokens (encrypted), calendar events, tasks | Contract performance (user-initiated connection) |
4. Third-Party Processors
We share data with the following third-party services, each acting as a data processor on our behalf:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Cloud (Gemini API) | Handwriting OCR | Page images (sent for processing, not stored by Google for model training under our API terms) | United States |
| Stripe | Payment processing | Email, payment method (handled directly by Stripe) | United States |
| Resend | Transactional email delivery | Email address, message content | United States |
| Sentry | Error monitoring | Error traces, anonymized request metadata | United States |
| Hetzner Cloud | Server hosting | All application data (encrypted in transit via TLS) | Helsinki, Finland |
| Google Workspace APIs | Sync destination (Drive, Docs, Calendar) | OCR-converted note text, calendar events extracted from notes (only when you connect Google) | United States |
5. AI Processing & Your Content
Your handwritten page images are sent to the Google Gemini 2.5 Flash Vision API for OCR processing. This means your handwriting images are transmitted to Google’s servers in the United States for the sole purpose of converting them to text.
Under Google’s Cloud API Terms of Service, data submitted through their paid API is not used to train or improve Google’s models. We do not use any other AI service to process your content. We do not train our own models on your data.
6. Data Security
We implement the following security measures to protect your data:
- Encryption in transit: All connections use TLS (HTTPS). Our SSL certificate is issued by Let’s Encrypt and auto-renews.
- Device credential encryption: reMarkable API tokens are encrypted at rest using AES-256 Fernet symmetric encryption before storage.
- OAuth token encryption: Google OAuth tokens (access and refresh) are encrypted at rest using the same AES-256 Fernet encryption. Tokens are only decrypted in memory when actively syncing.
- Password hashing: Passwords are hashed using
bcryptwith salt. We never store plain-text passwords. - JWT authentication: Access tokens expire after 30 minutes. Refresh tokens expire after 7 days.
- Infrastructure: The application runs in Docker containers on Hetzner Cloud with Nginx reverse proxy, rate limiting (via
slowapi+ Redis), and security headers (CSP, X-Frame-Options, X-XSS-Protection, Referrer-Policy). - CORS policy: API access is restricted to
https://inklift.aionly. - Database backups: Automated daily backups via
pg_dumpat 3:00 AM UTC.
7. Data Retention
We retain your data for as long as your account is active and as needed to provide the Service. Specifically:
- Account data: Retained until you delete your account.
- Page images & OCR results: Retained while your account is active to enable re-sync and historical access.
- Sync job logs: Retained for 90 days for debugging and support purposes.
- Error logs (Sentry): Retained per Sentry’s default retention policy (90 days).
- Billing data: Retained as required by Brazilian tax law (5 years for financial records).
- OAuth tokens (Google): Retained while the connection is active. When you disconnect a service from the InkLift dashboard, tokens are deleted immediately.
When you delete your account, we will delete your personal data, page images, OCR results, and device credentials within 30 days. Some anonymized or aggregated data may be retained for analytics.
8. Your Rights
Depending on your location, you have certain rights regarding your personal data:
Under LGPD (Brazil)
If you are located in Brazil, you have the right to: confirm whether we process your data, access your data, correct inaccurate data, anonymize or block unnecessary data, request data portability, delete your data, obtain information about third parties with whom we share data, and revoke consent at any time. These rights are guaranteed by Brazil’s Lei Geral de Proteção de Dados (Law No. 13.709/2018).
Under GDPR (European Economic Area)
If you are located in the EEA, you have the right to: access, rectify, or erase your personal data, restrict or object to processing, data portability, and lodge a complaint with your local data protection authority. The legal bases for our processing are described in Section 3 above. International transfers of data to the United States (for Gemini OCR, Stripe, Resend, and Sentry) rely on standard contractual clauses or equivalent safeguards.
Under CCPA (California)
If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of any “sale” of personal information. We do not sell your personal information.
To exercise any of these rights, contact us at privacy@inklift.ai or filipesalvio@gmail.com. We will respond within 15 days (LGPD) or 30 days (GDPR/CCPA).
9. Cookies
InkLift uses only essential cookies required for authentication and session management. We do not use advertising cookies, analytics cookies, or third-party tracking cookies. No cookie consent banner is needed because we only use strictly necessary cookies.
10. Children’s Privacy
InkLift is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. International Data Transfers
Our primary server is hosted in Helsinki, Finland (Hetzner Cloud). However, certain data is processed by services located in the United States (Google Gemini API, Stripe, Resend, Sentry). These transfers are necessary to provide the Service and are conducted under appropriate legal safeguards including standard contractual clauses where applicable.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by placing a notice on our website at least 15 days before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was last revised.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact:
Filipe Salvio
Data Controller, InkLift
Email: privacy@inklift.ai
Fallback: filipesalvio@gmail.com