Privacy Policy

InnerNote ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the InnerNote platform, website, and services (collectively, the "Service"). By using the Service, you consent to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide

• Account Information. When you create an account, we collect your name, email address, profile picture, and authentication credentials (via Google OAuth or other authentication providers).
• Profile and Preferences. Information about your professional background, writing style preferences, industry, and LinkedIn profile details that you voluntarily provide to personalize the Service.
• Content and Inputs. Text, drafts, ideas, notes, prompts, and other content you create, upload, or input into the Service, including voice and style samples used for AI analysis.
• Payment Information. If you subscribe to a paid plan, our payment processor collects billing details such as credit card number, billing address, and transaction history. We do not store full credit card numbers on our servers.
• Communications. Information you provide when you contact our support team, submit feedback, or respond to surveys.

1.2 Information We Collect Automatically

• Usage Data. Information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, frequency and duration of use, and referring URLs.
• Device and Browser Information. Device type, operating system, browser type and version, screen resolution, language settings, and unique device identifiers.
• IP Address and Location. Your IP address and approximate geographic location derived from it.
• Cookies and Tracking Technologies. We use cookies, pixels, local storage, and similar technologies to maintain sessions, remember preferences, and analyze Service usage. See Section 7 for more details.

1.3 Information from Third Parties

• Authentication Providers. When you sign in through Google or other OAuth providers, we receive your name, email address, and profile picture as authorized by you.
• LinkedIn.If you connect your LinkedIn account, we may receive profile information and content data as authorized by you and permitted by LinkedIn's API terms.
• Analytics Providers. We may receive aggregated or de-identified information from analytics services we use.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Operate the Service. To create and maintain your account, deliver the features you use, process transactions, and provide customer support.
• AI and Personalization. To analyze your writing style and voice, generate personalized content suggestions, improve AI model outputs for you, and deliver a tailored experience.
• Improve the Service. To understand usage patterns, diagnose technical issues, conduct research and analysis, and develop new features.
• Communications. To send you transactional emails (account confirmations, billing receipts, security alerts), and, with your consent, promotional communications about new features, tips, and offers. You may opt out of promotional communications at any time.
• Security and Fraud Prevention. To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
• Legal Compliance. To comply with applicable laws, regulations, legal processes, and governmental requests.

3. How We Use Your Content with AI

Your content is processed by AI systems to provide the Service. Here is how we handle it:

• Personalization. Your content and writing samples may be used to build a voice profile that helps the AI generate suggestions tailored to your style.
• No Training on Your Content. We do not use your personal content, drafts, or writing samples to train general-purpose AI models that serve other users, unless you explicitly opt in.
• Third-Party AI Providers. We may use third-party AI service providers (such as large language model APIs) to process your content. These providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
• Aggregated and De-Identified Data. We may use aggregated or de-identified data derived from user interactions to improve our AI models and the Service generally. This data cannot be used to identify you.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers. With trusted third-party vendors who perform services on our behalf, such as hosting, analytics, payment processing, email delivery, and customer support. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• AI Processing Partners. With AI service providers to process your content and deliver AI features. These providers operate under strict data processing agreements.
• Legal Requirements. When required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers. In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets. Your information may be transferred as part of such a transaction, and we will notify you of any change in ownership or use of your personal information.
• With Your Consent. When you explicitly authorize us to share your information with a third party.
• Team Features. If you use team or collaboration features, certain information (such as your name and content) may be visible to other members of your team as part of the functionality.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we will delete or anonymize your personal information within ninety (90) days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes, enforcing our Terms, or complying with legal obligations).

Content you have published externally (such as LinkedIn posts) is not within our control after publication and is subject to the policies of those platforms.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access controls and authentication requirements for internal systems.
• Regular security assessments and vulnerability testing.
• Secure cloud infrastructure with reputable hosting providers.
• Employee access limited to a need-to-know basis.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. If we become aware of a security breach that affects your personal information, we will notify you in accordance with applicable law.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies. Required for the Service to function properly, including session management, authentication, and security. These cannot be disabled.
• Analytics Cookies. Help us understand how users interact with the Service, which pages are most popular, and where errors occur. We use this data to improve the Service.
• Preference Cookies. Remember your settings and preferences (such as language and display options) for a better experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access. Request a copy of the personal information we hold about you.
• Correction. Request correction of inaccurate or incomplete personal information.
• Deletion. Request deletion of your personal information, subject to certain exceptions required by law.
• Portability. Request a machine-readable copy of your data.
• Restriction. Request that we limit the processing of your personal information in certain circumstances.
• Objection. Object to processing of your personal information for certain purposes.
• Withdraw Consent. Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Opt-Out of Marketing. Unsubscribe from promotional emails at any time using the link provided in each email.

To exercise any of these rights, please contact us at privacy@innernote.com. We will respond to your request within the timeframe required by applicable law.

9. International Data Transfers

Your information may be processed and stored in countries other than your own. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction. We implement appropriate safeguards (such as standard contractual clauses) to protect your information during international transfers.

10. GDPR Compliance (European Economic Area Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal bases:

• Contract. Processing necessary to perform our contract with you (providing the Service).
• Consent. Processing based on your explicit consent (such as marketing communications).
• Legitimate Interests. Processing necessary for our legitimate interests (such as improving the Service, security, and fraud prevention), where those interests are not overridden by your data protection rights.
• Legal Obligation. Processing necessary to comply with our legal obligations.

You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable law.

11. CCPA Compliance (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to Know. You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete. You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale. We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism.
• Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@innernote.com.

13. Third-Party Links and Services

The Service may contain links to third-party websites, platforms, or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of every site you visit.

14. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for how to respond to DNT signals. We do not currently respond to DNT signals, but we respect your privacy choices through the other mechanisms described in this Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy on the Service and updating the "Last updated" date. We may also notify you by email for significant changes. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

16. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law. We will provide information about the nature of the breach, the data affected, the measures we are taking to address it, and steps you can take to protect yourself.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are in the EEA and have a concern about our data practices that we have not adequately addressed, you have the right to lodge a complaint with your local data protection authority.