The short version You bring keywords, drafts, and publishing credentials into AutoInk. We store them, encrypt the secrets, and route work to the LLM and SEO providers needed to do the job. We don't sell your content, we don't train models on it, and you can export or delete everything at any time.
1. Who we are
AutoInk (“AutoInk”, “we”, “us”) operates the content pipeline available at autoink.io and app.autoink.io. This policy explains what data we handle when you use the product, what we do with it, and what choices you have. If you have any question about this policy, write to hello@autoink.io.
2. What we collect
We only collect what we need to run the pipeline and the workspace you're paying for.
2.1 Account data
- Email, name, and password — password is hashed with Argon2id and never stored in plaintext.
- OAuth identifiers (Google / GitHub / Microsoft sub-IDs) if you sign in with social login.
- Multi-factor authentication secrets (TOTP) if you enable MFA.
2.2 Workspace and project content
- Keywords, drafts, articles, and run history you create in the console.
- Publishing credentials (CMS API tokens, GitHub installation IDs, Notion integration tokens) — encrypted at rest with AES-256-GCM, only decrypted at the moment of a publish call.
- GEO citation snapshots — the per-engine results we record when AutoInk asks ChatGPT, Claude, Gemini, Perplexity, Grok, and Google AIO whether they're citing your articles.
2.3 Usage and product telemetry
- Server logs (request method, path, IP, status code, latency) for debugging and abuse detection.
- Product analytics events through PostHog — which pages you visit, which buttons you click, in aggregate.
- Web traffic through Google Analytics on the marketing site only (autoink.io). The console (app.autoink.io) does not run Google Analytics.
2.4 Billing
Subscription and top-up payments are handled by Stripe. We never see or store your card number, CVV, or full bank details — Stripe holds those under PCI-DSS. We do receive the charge metadata (amount, currency, customer ID, last four digits) so we can show you a billing history.
3. Where we store it
| Category | Storage | Encryption |
|---|---|---|
| Account, workspace, billing ledger | Postgres (Neon, EU or US region depending on workspace creation) | TLS in transit, AES-256 at rest |
| Publishing credentials, OAuth tokens | Same Postgres, separate encrypted column | AES-256-GCM application-layer encryption |
| Uploaded files (logos, OG images) | Object storage on the same VPS volume as the app | Filesystem-level only; no public listing |
| Payment data | Stripe (we never see it) | PCI-DSS |
| Email content (verification, password reset, invites) | Resend (delivery only) | TLS |
4. Who processes data on our behalf
AutoInk uses a small list of subprocessors to deliver the product. We pick each one because the alternative is rolling our own — and rolling your own SMTP is not how you get reliable emails.
| Subprocessor | Purpose | What they see |
|---|---|---|
| Neon | Database hosting | All structured workspace data (encrypted at rest) |
| Stripe | Payments and subscription lifecycle | Email, name, payment instrument |
| Resend | Transactional email | Email address, message body |
| Cloudflare | CDN, DDoS protection, TLS termination | Request metadata, IP |
| Anthropic | Claude drafting and GEO checks | Prompt and response per call (Anthropic 30-day retention, no training) |
| OpenAI | ChatGPT GEO checks, occasional drafting | Prompt and response per call (OpenAI 30-day retention, no training on API) |
| Google (Gemini API) | Gemini drafting and GEO checks | Prompt and response per call |
| DeepSeek | Default drafting model on Free / Solo | Prompt and response per call |
| Perplexity | Perplexity GEO checks | Query per call |
| xAI | Grok GEO checks | Query per call |
| DataForSEO | SERP and AI Overview scrapes | Search query per call |
| PostHog | Product analytics | Anonymised event stream |
| Google Analytics | Marketing-site traffic only | Page-view events on autoink.io |
We will publish a versioned subprocessor list at /legal/subprocessors when we add or remove vendors. Subscribe to hello@autoink.io if you'd like a heads-up email.
5. How your content reaches the AI engines
AutoInk is a content pipeline, so the work necessarily involves sending content to large-language-model providers. Here is exactly when that happens:
- Drafting: when you start a run, AutoInk sends the keyword, the project's tone settings, and any context documents you supplied to the drafting model (DeepSeek by default, Claude or OpenAI on higher tiers). The model returns a draft. We store the draft and the cost in your workspace.
- GEO checks: AutoInk sends the search prompt — not your draft — to each answer engine and records whether your published URL appears in the citations. Your unpublished drafts are never sent to the GEO engines.
- Judge re-check: when a structured GEO scan returns “not cited”, AutoInk asks a cheap LLM (Gemini Flash by default) whether the answer engine actually used your content without naming it. This call sends the question and the engine's response, not your draft.
We never knowingly send your data to a provider that uses API calls for model training. As of this writing, Anthropic, OpenAI, and Google have all committed in their API terms to not training on inference traffic by default; we re-verify this every time we add a model. If a provider's policy changes, we'll cut them and let you know.
6. Cookies and similar technologies
- Essential cookies: session token (HTTP-only, Secure, SameSite=Lax), CSRF token. The console doesn't work without these. No consent prompt is required because they're strictly necessary.
- Analytics cookies: PostHog (product analytics) and Google Analytics (marketing site only). You can opt out via your browser's Do-Not-Track preference; we honour it.
7. How long we keep things
- Account and workspace data: as long as your account is open. Deleting your account removes them.
- Server logs: 30 days, then rotated out.
- Billing records: 7 years after the last transaction, to satisfy financial reporting obligations.
- Backup snapshots: 30 days of point-in-time recovery on the database. Beyond that, the only copy is what's live.
8. Your rights
Depending on where you live, you have some or all of the following rights. We honour all of them globally because it's simpler and right.
- Access: every article, run, and citation you've created can be exported as Markdown + JSON from the console.
- Correction: edit any of your data inline, or email us if a field isn't user-editable.
- Deletion: delete an article, a project, a workspace, or your whole account from Settings. Hard-deletion happens within 30 days. Stripe billing records are kept for the legal-retention period above.
- Portability: same export endpoints serve as a portability mechanism. Markdown + JSON is universal.
- Object: write to hello@autoink.io if you want us to stop processing a specific category of data; we'll comply where lawfully possible.
9. How we secure your data
Argon2id password hashing, AES-256-GCM credential encryption, parameterised SQL throughout, MFA available on every account, SSRF defences on outbound HTTP, and a hash-chained billing ledger with daily ECDSA-signed attestations. Full technical breakdown lives at autoink.io/security.
If you find a vulnerability, please report it to security@autoink.io — we follow coordinated disclosure and won't pursue good-faith research.
10. Children
AutoInk is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has signed up, write to hello@autoink.io and we'll delete the account.
11. International transfers
AutoInk is operated from outside the EU. If you're in the EU/UK, your data is transferred to the United States and other regions where our subprocessors operate. We rely on Standard Contractual Clauses or equivalent transfer mechanisms with each subprocessor.
12. Changes to this policy
When we make a change that affects your rights, we'll email every account holder and update the “last updated” date at the top. Material changes take effect 30 days after the email goes out, so you have time to react.
13. Contact
Privacy questions: hello@autoink.io. Security disclosures: security@autoink.io. We aim to respond within two business days.