Privacy Policy

This Privacy Policy describes how Inkwell Shift ("we", "us", "our", the "Service") collects, uses, shares, retains, and protects personal data of users ("you", "your") of our hosted PDF flipbook platform, including the website, web application, embedded readers, and desktop reader applications.

By creating an account, uploading content, embedding our reader on a third-party site, or otherwise using the Service, you acknowledge that you have read, understood, and agreed to be bound by this Policy. If you do not agree, do not use the Service.

This Policy is provided as the authoritative English version. Translations are offered for convenience only; in case of conflict, the English text controls.

We collect the minimum information necessary to operate, secure, and improve the Service. Collected categories include:

• Account data: username, email address, password hash (we never see your plain-text password), display name, time zone, preferred language, and the date you joined.
• Content data: PDF files you upload, generated flipbook pages, overlays you create (text, buttons, images, video popups, shapes, badges, links), notes and bookmarks, background audio uploads, and any other content you submit to the Service.
• Billing data: plan selection, subscription status, partial payment-instrument metadata received from our payment processor (Polar). We do NOT store full card numbers or CVV codes — those remain with the processor at all times.
• Usage data: IP address, browser user-agent, device type, locale, referring URL, pages and features accessed, timestamps, error reports, and aggregated analytics about reader engagement with published flipbooks.
• Cookies and local storage: session tokens, theme preference, audio mute state, last-read page, and other UX preferences. See §6 for details.

We process personal data for the following purposes:

• Service delivery: create and maintain your account, render your uploaded PDFs into flipbooks, host and serve your published books, and persist your editor state.
• Billing: process subscription payments via our payment processor, manage upgrades, downgrades, and cancellations, and apply plan-based feature gating.
• Security: detect and prevent abuse, fraud, unauthorised access, denial-of-service attacks, and policy violations.
• Service improvement: analyse aggregated usage patterns to plan features, fix bugs, and improve performance. Analytics are aggregated and never tied to identified individuals in our reports.
• Communication: send transactional emails (sign-in, password reset, billing receipts), respond to support requests, and — only with your explicit opt-in — product updates.
• Legal compliance: respond to lawful requests from competent authorities, enforce our Terms, and protect our legitimate interests.

Where applicable (EU/UK users), we rely on:

• Performance of contract — to deliver the Service you signed up for.
• Legitimate interests — for security, fraud prevention, and aggregated analytics, balanced against your rights and freedoms.
• Consent — for optional marketing communications and any non-essential cookies. You may withdraw consent at any time.
• Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

We do not sell personal data. We share data only with the limited categories of recipients listed here:

• Infrastructure providers hosting our servers, databases, object storage, and CDN, bound by data-processing agreements.
• Payment processor (Polar and its sub-processors) for subscription billing.
• Email delivery service for transactional messages.
• Analytics — only first-party, server-side aggregated analytics. No third-party tracking scripts are embedded in the Service.
• Lawful authorities when we are legally compelled to do so, after reviewing each request for legitimacy and necessity.
• Successor entities in connection with a merger, acquisition, asset sale, or financing event, in which case the acquirer assumes the obligations of this Policy.

The Service uses a minimal set of cookies and browser localStorage keys strictly necessary for it to function:

• Auth session token — required to keep you signed in.
• Theme preference, locale, viewer audio mute, last-read page, recent colour swatches — purely client-side UX state, stored in localStorage and never transmitted to our servers.

We do not use advertising cookies, cross-site trackers, or third-party analytics scripts. Disabling cookies will sign you out and disable certain personalised preferences.

We retain personal data only for as long as needed to provide the Service and to meet our legal obligations:

• Account data is kept for the lifetime of your account, plus a short grace period after deletion to allow recovery from operator error.
• Uploaded content and overlays are kept until you delete the corresponding book or your account. Deletion is irreversible.
• Billing records are retained for the period required by applicable tax and accounting law (typically 7 years).
• Security logs are kept for up to 12 months for forensic and incident-response purposes.
• Aggregated analytics may be retained indefinitely; they do not identify individuals.

Subject to your jurisdiction, you may have the right to access, correct, port, restrict, or delete your personal data, and to object to certain processing.

You can exercise most of these rights directly from your account settings (update your profile, change your password, delete your books, and delete your account). For requests we cannot honour automatically, contact us via the channel listed in §13. We normally respond within 30 days.

If you believe we have processed your data in violation of applicable law, you have the right to lodge a complaint with a competent supervisory authority.

We use industry-standard administrative, technical, and physical safeguards to protect personal data, including encryption in transit (TLS), encrypted password storage, role-based access control, signed URLs for media assets, request audit logging, and regular security reviews.

No internet service can be guaranteed 100% secure. While we work continuously to harden the Service, you use it at your own risk and are responsible for keeping your account credentials confidential.

The Service may store and process personal data in jurisdictions outside your country of residence. Where transfers cross jurisdictional borders, we apply appropriate safeguards (such as contractual data-processing terms with our providers) consistent with applicable law.

The Service is not directed at children under the age of 13 (or the local digital-consent age, whichever is higher). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will revise the "Last updated" date at the top of this page and, for material changes, post a notice on the dashboard or send a transactional email. Continued use of the Service after the change takes effect constitutes acceptance of the updated Policy.

Questions about this Policy, or to exercise your data-protection rights, can be emailed to our privacy team at info@inkwell-shift.com and we respond to legitimate requests in good faith and within a reasonable time.