§ Privacy

Privacy Policy.

What InkCMS.ai collects, what your InkCMS installation sends to us, and what we never see. Plain English first, legal precision second.

Effective: 13 May 2026  ·  Last updated: 13 May 2026  ·  Controller: InkCMS (operator of InkCMS.ai)

This page is divided into two parts. The first covers InkCMS.ai — this marketing website. The second covers InkCMS software installations — what your running copy of InkCMS phones home about. The two are separate concerns and you can read whichever applies to you.

Part A — Visitors to InkCMS.ai

What we collect when you visit this site

  • Request logs. Standard web-server access logs (IP, user-agent, URL, referrer, timestamp). Retained 30 days, then deleted.
  • Form submissions. Anything you type into our contact, signup, or subscribe forms. We use that to email you back and (if you opt in) to add you to the launch announcement list.
  • AI Advisor questions. If you use the AI Advisor bar on this site, your question and the answer are stored in our audit log alongside your IP and a session cookie. Used for product debugging and improvement. Retained 90 days.
  • Cookies. One session cookie for the AI Advisor rate limiter. No third-party analytics. No marketing trackers.

What we do with it

We use your contact information to reply to you and, if you opted in, to send launch updates. We don't sell your data, don't share it with marketing partners, and don't use it to train AI models. Form submissions and audit logs are stored on our own servers, not in a third-party SaaS tool.

Your rights

You can request a copy of everything we hold about you, ask us to delete it, or ask us to correct anything that's wrong. Use the contact form with subject "Privacy request" — we'll respond within 30 days. If you're in the EU/UK, you have the rights granted by GDPR; if you're in California, by CCPA — those laws apply and we'll honor them.

Part B — InkCMS software installations

If you run a copy of the InkCMS software, your installation communicates with our license server twice: once to activate your license, and roughly once a day for a heartbeat. Here's exactly what's in those calls.

What the installation sends to us

  • Install ID — a random GUID generated the first time the software runs, stored at config/install.json on your server. Lets us count installs against your license.
  • License blob ID — the jti claim from your current signed license token.
  • App version — the version of the InkCMS binary you're running.
  • Host header — the public hostname the request came from. Matched against the domain allowlist on your license.
  • Page count — the integer count of active pages on your site, for tier enforcement.

What the installation never sends

  • Page content — titles, body text, URLs, frontmatter.
  • Admin user records — emails, password hashes, session data, audit log entries.
  • Your Anthropic / Google / OpenAI API keys.
  • Visitor data — IPs, sessions, AI Advisor questions, search queries.
  • Audit log contents.

Marketing-ready commitment: we never see your content. We never see your visitors. We never see your AI conversations.

Localhost is never validated

If you run InkCMS on localhost, 127.0.0.1, *.localhost, *.local, or *.test, the software short-circuits the license validation entirely. Zero network calls are made. We don't know your localhost install exists.

Visitors to your InkCMS site

Visitors to a website powered by InkCMS interact with your site — not with us. You are the data controller for those visitors. We provide the software; you decide what to log and what to publish in your own privacy policy.

Sub-processors

We use the following third-party services to operate InkCMS.ai. None of them have access to InkCMS-software-installation data.

  • Postmark (transactional email) — for replies to form submissions.
  • Stripe (payment processing — coming with public launch) — for subscription payments. We don't store your card number; Stripe does.
  • Cloudflare (CDN / DDoS protection) — for serving InkCMS.ai.

Changes to this policy

If we change anything material, we'll update the "Last updated" date at the top and (for active customers) email a heads-up before the change takes effect. We'll never quietly broaden data collection without telling you.

Contact

Privacy questions, data requests, complaints: use the contact form and we'll route it appropriately.