Privacy Policy — Inkrest

Last updated: June 13, 2026

Inkrest is a dictation app developed by Lampblack Labs LLC ("we," "us," "our"), a limited liability company. This policy explains what Inkrest does and does not do with your information.

The short version: Inkrest converts your speech to text entirely on your device. Your audio recordings and transcripts are never sent to us or to any third party. We run no analytics, no tracking, and no advertising. Free trials are anonymous — we never ask for your email or name to start one. The only personal information we ever receive is an email address you choose to give us when you buy a license.

1. Information we do NOT collect

We do not collect, transmit, or store your voice recordings, transcripts, or refined text. All speech recognition and text refinement happen locally on your Mac or iPhone. We use no analytics, telemetry, crash reporting, tracking technologies, or advertising identifiers. (This "no collection" statement concerns the content you create. Separately, when your device contacts our licensing/update server, that server necessarily processes your IP address and basic request metadata to deliver updates and prevent abuse — see Section 3.)

2. Information processed on your device only

The following stays on your device and is never transmitted to us: transcript history (the most recent 50 entries, stored locally), your settings, and temporary audio files that are deleted after each transcription. On macOS, trial information is stored in your device's Keychain. Your custom vocabulary is synchronized across your own devices through Apple iCloud (iCloud Key-Value Storage) under your Apple ID: it is stored in your personal iCloud account, governed by Apple's privacy policy, and is never transmitted to us.

3. Limited information we receive for licensing, trials, and updates

To sell and license the software we operate a licensing service at dl.inkrest.app. Depending on how you use Inkrest, we may receive:

We store license records (email, name if you provided it, license tier, number of activated devices, a payment-provider customer reference used only to keep your contact email current, a hashed identifier and the model class and platform of each activated device, and activation timestamps) and trial records (a hashed device identifier and trial timestamps — no email) in our database solely to operate licensing, enforce device limits, and prevent fraud.

3a. Legal bases (EEA/UK users)

Where the EU/UK GDPR applies, we rely on: performance of a contract (Art. 6(1)(b)) to issue and operate your license; our legitimate interests (Art. 6(1)(f)) in securing the service and preventing fraud and abuse (including issuing trials and enforcing our one-trial-per-device limit using a one-way hashed device identifier, and rate-limiting by IP); and compliance with a legal obligation (Art. 6(1)(c)) to retain transaction and license records for the period required by tax and accounting law (see Section 7).

4. Model downloads

The first time you use a speech or language model, Inkrest downloads the model files from Hugging Face (huggingface.co). These are standard file downloads; we do not send your Inkrest account information to Hugging Face. Your interaction with Hugging Face is subject to Hugging Face's own privacy policy.

5. Payments

Purchases are processed by our payment providers — Paddle (our merchant of record for direct sales) and/or Apple (for App Store purchases). We do not receive or store your full payment-card details. Their handling of your information is governed by Paddle's Privacy Policy and Apple's privacy policy.

6. How we share information

We use Cloudflare as a service provider (processor) that hosts our licensing infrastructure, and Resend (Resend, Inc., United States) to deliver the one transactional email that sends you your purchased license key. Both act only on our instructions under a data-processing agreement. Resend receives the email address you provided at purchase (as the recipient) and the contents of that email, which include your license key; it does not receive any audio, transcripts, refined text, or other content you create, and we use it solely to deliver your license key to you. Paddle (our merchant of record) and Apple (App Store) act as independent controllers for the payment transaction and handle your payment information under their own privacy policies (see Section 5). For purposes of the California Consumer Privacy Act as amended (CCPA/CPRA): we do not "sell" or "share" your personal information (including for cross-context behavioral advertising), and we have not done so in the preceding 12 months; because we do not sell or share, there is nothing to opt out of; should we ever introduce any activity that constitutes a "sale" or "share," we will process opt-out preference signals (including browser Global Privacy Control signals) as required by law. We do not discriminate against you for exercising your privacy rights. The categories of personal information we collect are: identifiers (email, name, and a payment-provider customer reference), commercial information (license/purchase records, including your license key), internet/network activity (IP and request metadata), and device information (a hashed device identifier, plus the model class and platform of each device activated under a paid license). We disclose identifiers (your email address) and commercial information (your license key) to our service providers Cloudflare and Resend for the business purpose of issuing and delivering your license; because these providers act on our behalf as processors under contract, these disclosures are not a "sale" or a "share." We do not collect sensitive personal information as defined by the CCPA/CPRA. The sources of this information are you directly (email and name you provide at purchase) and your device's network requests (IP, request metadata, and the hashed device identifier; starting a trial sends only the hashed device identifier); we retain each category as described in Section 7.

7. Data retention

We retain license records for the life of the license plus the period required by tax and accounting law (generally up to 7 years). Trial records (a one-way hashed device identifier) are retained on an ongoing basis specifically to enforce our one-trial-per-device limit and prevent abuse, even after a trial ends. The transactional email that delivers your license key — which includes your email address and the license key — is retained by our email provider, Resend, in its sending logs in accordance with Resend's standard log-retention period, after which it is deleted; we limit access to those logs to operating and supporting your license. Short-lived rate-limit counters are automatically aged out. You may request deletion of your licensing data as described below, subject to fraud-prevention and legal-retention needs.

8. Your rights

Depending on where you live (including under the EU/UK GDPR and California CCPA/CPRA), you may have rights to access, correct, or delete the personal information we hold (your email and license records) and to object to certain processing. To exercise these rights, email [email protected]. We will verify your identity (typically via the email associated with your license) and respond within the period required by law (generally one month under GDPR; 45 days under the CCPA, extendable). You may use an authorized agent where the law permits. EEA/UK users have the right to lodge a complaint with their local data protection authority. U.S. state privacy rights: residents of U.S. states with comprehensive privacy laws (including California, Virginia, Colorado, Connecticut, Texas, Utah, and others as they take effect) have rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, sale, and certain profiling. We do not engage in targeted advertising, sale, sharing, or profiling. To exercise any right, email [email protected]; if we deny a request you may appeal by replying to our response. Because we do not collect your audio or transcripts, we cannot access or delete content that exists only on your device — you control that within the app; for the backend data we hold, we will action access, correction, and deletion requests subject to fraud-prevention and legal-retention limits.

9. Children

Inkrest is intended for adults and is not directed to children. We do not knowingly collect personal information from children under 13 (or, where consent is the basis and a higher age applies in your country under GDPR Article 8, under that age — up to 16). If you believe a child has provided us information, contact [email protected] and we will delete it.

10. International users and data transfers

We operate from the United States; if you use Inkrest from outside the U.S., the limited licensing information described above is processed in the U.S., including by our U.S.-based service providers Cloudflare and Resend. When we transfer personal information from the EEA, UK, or Switzerland to the United States — including the email address and license key sent to Resend to deliver your license — we rely on appropriate safeguards, including the Standard Contractual Clauses approved by the European Commission and, where applicable, our service providers' certification under the EU-U.S. Data Privacy Framework. You may request a copy of the relevant safeguards by emailing [email protected].

11. Changes to this policy

We may update this policy; we will revise the "Last updated" date and, for material changes, provide notice through the app or our website.

12. Contact

Lampblack Labs LLC, 522 W Riverside Ave, Ste N, Spokane, WA 99201, USA — [email protected].