Privacy Policy

1. Who We Are

Ink Link ("we", "us") operates the WrapFlo, DesignerFlo, InstallerFlo, and SignFlo platforms. This policy explains how we collect, use, and protect your data, and the choices you have. We are based in the United States.

When your customers' contact info appears on the estimates and invoices you create, you are the data controller and we are the data processor — we handle that data only as needed to provide the Service to you.

2. Data We Collect

Category	What	Why
Account info	Name, email, phone, business type	Create and manage your account
Information you submit	Business or job-related data you choose to provide while using the Service	Provide the Service
Network data	Information you choose to make public on the Network	Operate the marketplace
Payment info	Processed by Stripe — we never see your card number	Process subscriptions and payments
Usage data	Pages visited, features used, device type	Improve the Service

3. How We Use Your Data

• Provide, maintain, and improve the Service
• Process payments via Stripe
• Send transactional emails (estimates, invoices, notifications)
• Send trial reminders and subscription-related emails
• Operate the WrapFlo Network (profiles, jobs, messaging)
• Comply with legal obligations

4. What We Don't Do

• We do not sell your data. Ever.
• We do not share your data with advertisers
• We do not use your business data to compete with you
• We do not train AI models on your data, and we do not allow our sub-processors to either (Anthropic and OpenAI honor no-train flags on API requests)
• We do not read your messages, customer notes, or estimates for any purpose other than providing the Service

4a. Operator Access

Authorized Ink Link staff may access your account data when strictly needed to deliver support you requested, investigate suspected abuse or security incidents, or comply with a legal obligation. All such access is logged. We do not browse customer data for any other purpose.

5. Sub-processors

We use the following services to operate the platform. Each receives only the data needed for its role.

Service	Purpose	What they see	Privacy link
Supabase	Database, authentication, file storage	All stored account and business data	supabase.com/privacy
Railway	Application hosting	Runtime traffic and logs	railway.app/legal/privacy
Stripe	Payments + customer portal	Billing info, card data (we never see card numbers)	stripe.com/privacy
Resend	Transactional email	Recipient email addresses + message contents	resend.com/privacy
Anthropic	AI scan / AI quote (Claude)	Files and prompts you submit to the AI features only	anthropic.com/legal/privacy
OpenAI	AI scan / AI quote (fallback)	Files and prompts you submit to the AI features only	openai.com/policies/privacy-policy

We will notify users by email at least 30 days before adding a new sub-processor that materially changes how data is handled.

6. Data Retention

• Active accounts: data retained while account is active
• Deleted accounts: data anonymized immediately, purged after 30 days
• Cancelled subscriptions: data retained (read-only access) until account is deleted

7. Your Rights

You have the right to:

• Access your data — your account dashboard shows everything we store about you.
• Edit your data — directly in the Settings page and throughout the app.
• Export your data — Settings → Privacy & data → Export my data downloads a complete JSON of every record your account owns. Self-serve, no waiting on support.
• Delete your account — Settings → Privacy & data → Delete account. Permanent: cancels your subscription and erases all owned data.
• Object or restrict processing for any reason — email us and we'll honor the request within 30 days.
• Opt out of non-essential emails (contact us).
• Complain to a supervisory authority. EU residents may contact their local Data Protection Authority; California residents have rights under the CCPA, including the right to know what personal information is collected and to request deletion.

For requests made by your customers about data you uploaded into the Service, you (the data controller) are responsible for handling them. We will help if asked.

7a. Data Processing Agreement

If you are subject to GDPR or have customers in the EU/UK, you may request a Data Processing Agreement (DPA) by emailing us. We will return a signed copy on request at no charge.

8. Security

We use industry-standard security measures: encrypted connections (HTTPS), hashed passwords (bcrypt), token-based authentication, and role-based access control. However, no system is 100% secure.

9. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be communicated via email. Continued use constitutes acceptance.

11. Contact

Privacy questions? Contact us at support@inklinkplatform.com.