Inkling Privacy Policy
Last updated June 12, 2026
Inkling is a competitive-intelligence service for businesses. It monitors publicly available professional profile and company information and alerts our customers when something changes — a departure, a promotion, a new hire, a shift in hiring. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights available to you.
The Service is provided by [Company legal name — pending], a [State of incorporation — pending] company ("Inkling," "we," "us," or "our"). This Policy covers our websites at inkling.co (including the signed-in application), our APIs, and the emails we send (together, the "Service").
This Policy describes our practices for four groups of people. You may be in more than one:
- Customers and users — people who create an Inkling account or belong to a customer's team.
- Visitors and leads — people who browse our website or request content from us (such as a sample briefing).
- Monitored professionals — people whose publicly available professional information appears in our monitoring database. If that may be you, Section 4 is written for you.
- Outreach recipients — professionals we contact about Inkling. Section 5 is written for you.
1. Information we collect from customers and users
Account information. When you create an account we collect your name, email address, and a password (stored only in hashed form). You may optionally add a profile photo and time zone. If you sign in with Google, we receive your name and email address from Google; we never see your Google password.
Billing information. Payments are processed by Stripe. Your card details are provided directly to Stripe and are not stored on our systems; we store your Stripe customer and subscription identifiers, your plan, and your billing history.
Team configuration and content. We store the workspace you set up: the companies and profiles your team chooses to monitor, alert and digest preferences, team member roles and invitations, and any integrations you configure (for example, a Slack webhook URL you provide).
Communications. If you contact support, reply to our emails, or complete an in-product survey (for example, the cancellation survey), we keep that correspondence and feedback.
Usage and device data. We collect log and security data (IP address, browser type, sign-in timestamps and IP addresses, pages viewed, actions taken) and product analytics events describing how features are used. See Section 8 (Cookies and analytics).
2. Information we collect from visitors and leads
If you request a sample briefing or other content from our website, we collect the email address you submit, the source of your request, and whether our emails to you are delivered and opened. Every such email contains a one-click unsubscribe link, and unsubscribing is permanent. Website visits are measured as described in Section 8.
3. Professional information about monitored companies and people
This is the core of the Service, so we describe it precisely.
What we collect. Our monitoring database contains professional information about companies and the people who work at them: name, current and past job titles and employers, professional headline and summary, education, skills, certifications, languages, location (city or region), public profile URL and photo, follower and connection counts, and indicators a person has chosen to publish (such as "open to work"). For companies, we collect public firmographic information such as name, industry, size, locations, and open roles. We retain a history of snapshots and the changes we detect between them (for example, "title changed from X to Y").
Where it comes from. This information originates from publicly available sources — principally public professional networking pages and public company pages — retrieved on our behalf through licensed third-party data providers. Our customers do not supply this information; they only select which companies and profiles to monitor. We do not collect information from private profiles, private messages, or other non-public sources.
What we derive. We classify roles by seniority and function, detect changes between snapshots, and generate aggregate statistics (such as a company's hiring trend). For some monitored professionals, our systems also derive a likely work email address — for example, by combining a person's name with their employer's publicly observable email format — and periodically check with an email-verification service whether that address is deliverable. We use deliverability status only as a signal that a person may have changed roles and to keep our own outreach lists accurate. Derived email addresses and verification results are internal: they are not displayed in the product, not included in any export, API response, or webhook, and not sold or licensed to anyone.
What we deliberately do not collect. The monitoring database is limited to professional context. We do not collect government identifiers, financial account information, health information, biometric data, precise geolocation, or information about a person's private life, and we do not enrich profiles from data brokers of consumer information.
4. If you are a monitored professional
Your information may appear in Inkling because a customer monitors your employer or your public profile, or because our systems identified you as a professional at a company in a market we cover. In plain terms:
- The information is limited to your public professional footprint, as described in Section 3.
- We act as an independent controller of this database. Our lawful basis under the GDPR and UK GDPR is legitimate interests: providing business customers with competitive intelligence drawn from information professionals have chosen to publish about their working lives. You may object at any time (see below).
- We do not sell your information, do not use it for advertising, and do not display any derived contact details to customers.
- Inkling is not a consumer reporting agency. We contractually prohibit customers from using the Service to determine eligibility for employment, credit, insurance, housing, or any purpose regulated by the U.S. Fair Credit Reporting Act, and the Service is not designed for such use.
- You can opt out. Email [email protected] and we will remove your profile from the monitoring database and add you to a suppression list so you are not re-added. We keep only the minimal information needed to honor that suppression. We respond to requests within the timelines required by applicable law, and you may also exercise the rights described in Section 12.
5. If you receive outreach from us
We send a limited volume of business email introducing Inkling to professionals in markets we cover. Recipients are selected from our own monitoring database based on professional role and company — never from any customer's watchlist or account activity. How this works is described publicly at inkling.co/trust/outbound. Each email identifies us, says why you received it, and includes a one-click unsubscribe that is honored permanently, plus our postal address. We record delivery and engagement events (delivered, opened, clicked, replied, unsubscribed) through our email delivery providers. To have your information deleted entirely, email [email protected].
6. How we use personal information
We use personal information to:
- Provide and operate the Service: maintain the monitoring database, detect changes, and deliver alerts, digests, briefings, webhooks, and API responses.
- Manage accounts, subscriptions, billing, and renewals, including trial-ending and billing notices.
- Provide customer support and respond to inquiries.
- Understand how the Service is used and improve it (analytics as described in Section 8).
- Send service, lifecycle, and marketing email, each of which (other than essential billing and security notices) includes an unsubscribe.
- Conduct our own business-to-business outreach as described in Section 5.
- Keep the Service secure: authenticate sign-ins, prevent abuse and fraud, and maintain audit logs.
- Comply with law, enforce our Terms of Service, and protect our rights and the rights of others.
Lawful bases (EEA/UK). Where the GDPR or UK GDPR applies, we rely on the following bases:
| Processing | Lawful basis |
|---|---|
| Providing the Service to customers; accounts and billing | Performance of a contract |
| Maintaining the professional monitoring database | Legitimate interests (competitive intelligence from public professional sources) |
| Our own B2B outreach and lead communications | Legitimate interests; consent where required by local law |
| Product analytics and improvement | Legitimate interests |
| Security, abuse prevention, audit | Legitimate interests; legal obligation |
| Tax, accounting, and compliance records | Legal obligation |
7. How we share personal information
We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share personal information only:
With service providers acting on our instructions under contracts that limit their use of the data:
| Function | Provider(s) |
|---|---|
| Cloud hosting and storage (United States) | Heroku (Salesforce) / Amazon Web Services |
| Payment processing | Stripe |
| Transactional and notification email | Postmark (ActiveCampaign) |
| Outreach email delivery | Smartlead |
| Email deliverability verification | DeBounce |
| Product analytics and session replay (public pages only) | PostHog |
| Error monitoring | Sentry |
| Professional-profile data retrieval | Licensed data providers |
| AI-assisted classification and briefing generation | Anthropic |
| Sign-in with Google |
At your direction — for example, when your team configures Slack delivery, alerts are sent to the webhook URL you provide; when you use the API or webhooks, data flows to the systems you designate.
For legal reasons — to comply with law or legal process, to enforce our agreements, or to protect the rights, safety, and property of Inkling, our customers, or others.
In a corporate transaction — if we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy's commitments.
We may also share aggregated or de-identified information that does not identify any person (for example, "tracking N profiles across M companies").
8. Cookies and analytics
We use a first-party session cookie that is essential for signing in and keeping your session secure. We use PostHog for product analytics: page views, feature usage, and events that help us understand and improve the Service. Analytics is tied to your identity only after you sign in. On our public and sign-up pages only, we may record session replays to diagnose usability problems; all keystroke and form input is masked in these recordings, and replay is not enabled inside the signed-in application.
We do not use advertising cookies or pixels and do not track you across other websites. Because we do not sell or share personal information for cross-context behavioral advertising, there is no such activity to opt out of; where the law treats a universal opt-out signal such as Global Privacy Control as a required opt-out mechanism, we honor it. You can also block or delete cookies in your browser settings; the Service requires the session cookie to sign in.
9. Retention
We keep personal information only as long as needed for the purposes above:
- Account and team data — for the life of your account. If your subscription lapses, your configuration is retained (monitoring is paused) so you can reactivate. If you ask us to close your account, we delete or de-identify your personal information within a commercially reasonable period, except records we must keep for billing, tax, dispute, or compliance purposes.
- Monitored professional data — for as long as it remains relevant to the Service, including snapshot and change history needed to provide longitudinal monitoring. Profiles removed under Section 4 are deleted, with a minimal suppression record retained.
- Derived email verification data — a limited rolling history per profile, used only as described in Section 3.
- Outreach and lead data — engagement history for as long as relevant; unsubscribe and suppression records are kept indefinitely so opt-outs stick.
- Backups and logs — age out on routine schedules.
10. Security
We protect personal information with encryption in transit (TLS) and at rest on our managed infrastructure, hashed passwords, optional two-factor authentication, role-based access within teams, HMAC-signed webhooks, and least-privilege access controls for our personnel. No method of transmission or storage is completely secure, but we work to protect your information and will notify you of incidents as required by law.
11. International transfers
We are based in the United States and the Service is hosted there. If you access the Service from elsewhere, your information is transferred to the United States. Where we receive personal data from the EEA, the United Kingdom, or Switzerland, we rely on appropriate safeguards, including standard contractual clauses with our service providers, or other lawful transfer mechanisms.
12. Your rights and choices
Everyone. You can access and update account information in your settings, unsubscribe from any commercial email via the link in its footer, manage notification preferences in-product, and contact us at [email protected] to request access, correction, deletion, or a copy of your personal information. We will verify your request (typically by confirming control of the relevant email address) and respond within the time required by applicable law. We will not discriminate against you for exercising your rights.
EEA, UK, and Switzerland. You have the rights of access, rectification, erasure, restriction, portability, and objection — including the right to object at any time to processing based on legitimate interests, such as our monitoring database (Section 4) and our outreach (Section 5). Where processing is based on consent, you may withdraw it at any time. You may also lodge a complaint with your supervisory authority, though we would welcome the chance to address your concern first.
U.S. states (California, Colorado, Connecticut, Virginia, Utah, and others). Depending on your state, you have rights to know/access, correct, delete, and obtain a portable copy of your personal information, and to appeal a refusal by replying to our response or emailing [email protected] with "Appeal" in the subject line. You may use an authorized agent, in which case we may require proof of authorization. We do not sell personal information, share it for cross-context behavioral advertising, or use it for targeted advertising or for profiling that produces legal or similarly significant effects.
California categories. In the preceding 12 months we have collected the following categories of personal information (sources and purposes are described in Sections 1–6; each category is disclosed only to the service providers listed in Section 7):
| Category | Examples |
|---|---|
| Identifiers | Name, email address, IP address, account identifiers |
| Commercial information | Subscription, plan, and billing history |
| Internet or network activity | Usage logs, analytics events, email engagement |
| Professional or employment information | Monitored-profile fields described in Section 3; customer job context |
| Inferences | Seniority/function classification; derived business-contact signals (Section 3) |
| Sensitive personal information | Account log-in credentials (used only to authenticate you) |
We use sensitive personal information only to provide the Service and never to infer characteristics. Much of the monitored-professional information described in Section 3 is publicly available information within the meaning of California law; the rights in this section are available to monitored professionals regardless.
13. Children
The Service is for business use and is not directed to anyone under 16. We do not knowingly collect personal information from children, and our monitoring database is limited to professional profiles.
14. Changes to this Policy
When we make material changes, we will notify customers by email or in-product notice before the changes take effect and update the date at the top of this page. The current version always lives at inkling.co/privacy.
15. Contact us
[Company legal name — pending]
Inkling (Staging), 123 Test St, San Francisco, CA 94105
Privacy requests: [email protected]
Everything else: [email protected]