Last updated June 12, 2026
Inkling is a competitive-intelligence service for businesses. It monitors publicly available professional profile and company information and alerts our customers when something changes — a departure, a promotion, a new hire, a shift in hiring. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights available to you.
The Service is provided by [Company legal name — pending], a [State of incorporation — pending] company ("Inkling," "we," "us," or "our"). This Policy covers our websites at inkling.co (including the signed-in application), our APIs, and the emails we send (together, the "Service").
This Policy describes our practices for four groups of people. You may be in more than one:
Account information. When you create an account we collect your name, email address, and a password (stored only in hashed form). You may optionally add a profile photo and time zone. If you sign in with Google, we receive your name and email address from Google; we never see your Google password.
Billing information. Payments are processed by Stripe. Your card details are provided directly to Stripe and are not stored on our systems; we store your Stripe customer and subscription identifiers, your plan, and your billing history.
Team configuration and content. We store the workspace you set up: the companies and profiles your team chooses to monitor, alert and digest preferences, team member roles and invitations, and any integrations you configure (for example, a Slack webhook URL you provide).
Communications. If you contact support, reply to our emails, or complete an in-product survey (for example, the cancellation survey), we keep that correspondence and feedback.
Usage and device data. We collect log and security data (IP address, browser type, sign-in timestamps and IP addresses, pages viewed, actions taken) and product analytics events describing how features are used. See Section 8 (Cookies and analytics).
If you request a sample briefing or other content from our website, we collect the email address you submit, the source of your request, and whether our emails to you are delivered and opened. Every such email contains a one-click unsubscribe link, and unsubscribing is permanent. Website visits are measured as described in Section 8.
This is the core of the Service, so we describe it precisely.
What we collect. Our monitoring database contains professional information about companies and the people who work at them: name, current and past job titles and employers, professional headline and summary, education, skills, certifications, languages, location (city or region), public profile URL and photo, follower and connection counts, and indicators a person has chosen to publish (such as "open to work"). For companies, we collect public firmographic information such as name, industry, size, locations, and open roles. We retain a history of snapshots and the changes we detect between them (for example, "title changed from X to Y").
Where it comes from. This information originates from publicly available sources — principally public professional networking pages and public company pages — retrieved on our behalf through licensed third-party data providers. Our customers do not supply this information; they only select which companies and profiles to monitor. We do not collect information from private profiles, private messages, or other non-public sources.
What we derive. We classify roles by seniority and function, detect changes between snapshots, and generate aggregate statistics (such as a company's hiring trend). For some monitored professionals, our systems also derive a likely work email address — for example, by combining a person's name with their employer's publicly observable email format — and periodically check with an email-verification service whether that address is deliverable. We use deliverability status only as a signal that a person may have changed roles and to keep our own outreach lists accurate. Derived email addresses and verification results are internal: they are not displayed in the product, not included in any export, API response, or webhook, and not sold or licensed to anyone.
What we deliberately do not collect. The monitoring database is limited to professional context. We do not collect government identifiers, financial account information, health information, biometric data, precise geolocation, or information about a person's private life, and we do not enrich profiles from data brokers of consumer information.
Your information may appear in Inkling because a customer monitors your employer or your public profile, or because our systems identified you as a professional at a company in a market we cover. In plain terms:
We send a limited volume of business email introducing Inkling to professionals in markets we cover. Recipients are selected from our own monitoring database based on professional role and company — never from any customer's watchlist or account activity. How this works is described publicly at inkling.co/trust/outbound. Each email identifies us, says why you received it, and includes a one-click unsubscribe that is honored permanently, plus our postal address. We record delivery and engagement events (delivered, opened, clicked, replied, unsubscribed) through our email delivery providers. To have your information deleted entirely, email [email protected].
We use personal information to:
Lawful bases (EEA/UK). Where the GDPR or UK GDPR applies, we rely on the following bases:
| Processing | Lawful basis |
|---|---|
| Providing the Service to customers; accounts and billing | Performance of a contract |
| Maintaining the professional monitoring database | Legitimate interests (competitive intelligence from public professional sources) |
| Our own B2B outreach and lead communications | Legitimate interests; consent where required by local law |
| Product analytics and improvement | Legitimate interests |
| Security, abuse prevention, audit | Legitimate interests; legal obligation |
| Tax, accounting, and compliance records | Legal obligation |
We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share personal information only:
With service providers acting on our instructions under contracts that limit their use of the data:
| Function | Provider(s) |
|---|---|
| Cloud hosting and storage (United States) | Heroku (Salesforce) / Amazon Web Services |
| Payment processing | Stripe |
| Transactional and notification email | Postmark (ActiveCampaign) |
| Outreach email delivery | Smartlead |
| Email deliverability verification | DeBounce |
| Product analytics and session replay (public pages only) | PostHog |
| Error monitoring | Sentry |
| Professional-profile data retrieval | Licensed data providers |
| AI-assisted classification and briefing generation | Anthropic |
| Sign-in with Google |
At your direction — for example, when your team configures Slack delivery, alerts are sent to the webhook URL you provide; when you use the API or webhooks, data flows to the systems you designate.
For legal reasons — to comply with law or legal process, to enforce our agreements, or to protect the rights, safety, and property of Inkling, our customers, or others.
In a corporate transaction — if we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy's commitments.
We may also share aggregated or de-identified information that does not identify any person (for example, "tracking N profiles across M companies").
We use a first-party session cookie that is essential for signing in and keeping your session secure. We use PostHog for product analytics: page views, feature usage, and events that help us understand and improve the Service. Analytics is tied to your identity only after you sign in. On our public and sign-up pages only, we may record session replays to diagnose usability problems; all keystroke and form input is masked in these recordings, and replay is not enabled inside the signed-in application.
We do not use advertising cookies or pixels and do not track you across other websites. Because we do not sell or share personal information for cross-context behavioral advertising, there is no such activity to opt out of; where the law treats a universal opt-out signal such as Global Privacy Control as a required opt-out mechanism, we honor it. You can also block or delete cookies in your browser settings; the Service requires the session cookie to sign in.
We keep personal information only as long as needed for the purposes above:
We protect personal information with encryption in transit (TLS) and at rest on our managed infrastructure, hashed passwords, optional two-factor authentication, role-based access within teams, HMAC-signed webhooks, and least-privilege access controls for our personnel. No method of transmission or storage is completely secure, but we work to protect your information and will notify you of incidents as required by law.
We are based in the United States and the Service is hosted there. If you access the Service from elsewhere, your information is transferred to the United States. Where we receive personal data from the EEA, the United Kingdom, or Switzerland, we rely on appropriate safeguards, including standard contractual clauses with our service providers, or other lawful transfer mechanisms.
Everyone. You can access and update account information in your settings, unsubscribe from any commercial email via the link in its footer, manage notification preferences in-product, and contact us at [email protected] to request access, correction, deletion, or a copy of your personal information. We will verify your request (typically by confirming control of the relevant email address) and respond within the time required by applicable law. We will not discriminate against you for exercising your rights.
EEA, UK, and Switzerland. You have the rights of access, rectification, erasure, restriction, portability, and objection — including the right to object at any time to processing based on legitimate interests, such as our monitoring database (Section 4) and our outreach (Section 5). Where processing is based on consent, you may withdraw it at any time. You may also lodge a complaint with your supervisory authority, though we would welcome the chance to address your concern first.
U.S. states (California, Colorado, Connecticut, Virginia, Utah, and others). Depending on your state, you have rights to know/access, correct, delete, and obtain a portable copy of your personal information, and to appeal a refusal by replying to our response or emailing [email protected] with "Appeal" in the subject line. You may use an authorized agent, in which case we may require proof of authorization. We do not sell personal information, share it for cross-context behavioral advertising, or use it for targeted advertising or for profiling that produces legal or similarly significant effects.
California categories. In the preceding 12 months we have collected the following categories of personal information (sources and purposes are described in Sections 1–6; each category is disclosed only to the service providers listed in Section 7):
| Category | Examples |
|---|---|
| Identifiers | Name, email address, IP address, account identifiers |
| Commercial information | Subscription, plan, and billing history |
| Internet or network activity | Usage logs, analytics events, email engagement |
| Professional or employment information | Monitored-profile fields described in Section 3; customer job context |
| Inferences | Seniority/function classification; derived business-contact signals (Section 3) |
| Sensitive personal information | Account log-in credentials (used only to authenticate you) |
We use sensitive personal information only to provide the Service and never to infer characteristics. Much of the monitored-professional information described in Section 3 is publicly available information within the meaning of California law; the rights in this section are available to monitored professionals regardless.
The Service is for business use and is not directed to anyone under 16. We do not knowingly collect personal information from children, and our monitoring database is limited to professional profiles.
When we make material changes, we will notify customers by email or in-product notice before the changes take effect and update the date at the top of this page. The current version always lives at inkling.co/privacy.
[Company legal name — pending]
Inkling (Staging), 123 Test St, San Francisco, CA 94105
Privacy requests: [email protected]
Everything else: [email protected]