Security & Data Practices

How InkLift handles, protects, and processes your data.

📊 Data Collection

InkLift collects only the data necessary to provide handwriting OCR and sync services:

Account information: your email address and a securely hashed password (bcrypt).
Device credentials: API tokens for your e-ink tablet (reMarkable, Boox, Supernote, Kindle Scribe) used to fetch your notebooks. These are encrypted at rest (see Encryption below).
Notebook page images: rendered PNG images of your handwritten pages, temporarily stored for OCR processing.
OCR results: the converted text and confidence scores from your handwritten pages.
Sync metadata: timestamps, job statuses, and content hashes to enable efficient delta sync without re-downloading unchanged pages.
Usage data: subscription tier, pages processed count, and billing identifiers (Stripe customer ID). We do not store payment card details — Stripe handles all payment processing.

Your device credentials (API tokens, OAuth tokens) are encrypted at rest using AES-256 via Fernet from the cryptography Python library.

A 256-bit encryption key is derived from the application secret using SHA-256.
Fernet provides authenticated encryption — each encrypted blob includes an HMAC signature that prevents tampering.
Encrypted credential blobs are stored in the database as binary data; they cannot be read without the server-side secret key.
Passwords are never stored in plain text — they are hashed using bcrypt with a per-user salt.
All connections between your browser and InkLift are encrypted using TLS (HTTPS).

InkLift uses the Google Gemini 2.0 Flash Vision API for handwriting recognition. Here is how your data flows during OCR:

Image transmission: page images (PNG or PDF) are sent to Google's Gemini API as inline data within the API request. The images are transmitted over an encrypted (TLS) connection.
Processing: Gemini analyses the handwritten content and returns the recognized text. InkLift uses a low-temperature setting (0.1) for accurate, deterministic output.
Google's data retention: per Google's API terms of service, data sent via the Gemini API is not used to train Google's models when accessed through a paid API key. Refer to Google's AI Terms of Service for the latest policy.
No third-party sharing: your page images and OCR results are not shared with any party other than Google (for processing) and your configured sync destinations (e.g., Obsidian).
Retry handling: if OCR fails, InkLift retries up to 3 times with exponential backoff. Failed attempts are logged without exposing your content.

InkLift retains your data only as long as needed to provide the service:

Page images: stored on the server for OCR processing and re-processing (e.g., if you trigger a manual re-OCR). Images remain available while your account is active.
OCR text and embeddings: stored in PostgreSQL alongside vector embeddings for semantic search. Retained while your account is active.
Sync job history: job status records (pending, completed, failed) are retained for troubleshooting and analytics.
Account data: your account information is retained until you delete your account. Soft-deleted records (with a deleted_at timestamp) may be retained for a limited period to allow recovery.

You have the right to delete your data at any time:

Account deletion: you can request account deletion by contacting us at support@inklift.com. This removes your account, devices, notebooks, pages, OCR results, and all associated data.
Device disconnection: you can disconnect a device from your Account settings page, which removes the stored (encrypted) credentials for that device.
Individual notes: you can delete individual notes and their OCR results through the dashboard.
Sync destination data: data already synced to external services (e.g., your Obsidian vault) is managed by those services and is not affected by deletion within InkLift.
Stripe billing data: billing records maintained by Stripe are subject to Stripe's own data retention policies.

InkLift implements multiple layers of security to protect your account and data:

Authentication: JWT-based session tokens with short-lived access tokens (30-minute expiry) and longer-lived refresh tokens (7-day expiry). Web sessions use secure, HTTP-only cookies.
Multi-factor authentication (MFA): optional TOTP-based MFA for additional account security.
Rate limiting: authentication endpoints and sensitive operations are rate-limited to prevent brute-force attacks.
HSTS & transport security: HTTP Strict Transport Security headers ensure all traffic is encrypted. CORS and Content Security Policy headers restrict cross-origin access.
Input validation: all API inputs are validated using Pydantic models with strict type checking.
Structured logging: security-relevant events are logged using structured JSON logging with PII redaction to prevent accidental data exposure in logs.
Infrastructure: the application runs on dedicated infrastructure with PostgreSQL and Redis services isolated via Docker containers.
Dependency management: dependencies are managed via uv with pinned versions and regular updates.

Questions about our security practices? Contact us at support@inklift.com.

Last updated: April 2026