This Privacy Policy explains how personal data is collected, used, shared, retained, and protected when you use Inpray.
Data controller: Inpray (independent individual operator)
Controller address: United Kingdom (full postal address available on lawful request)
Privacy contact: hello@inpray.com
We may collect account data (name, email, hashed password), profile preferences (language, theme), conversation content, reminders, AI-feedback metadata, usage/governance logs (including request counters, estimated token usage, and abuse-prevention events), and technical logs necessary for service reliability and security.
We process data to provide authentication, enable chat and reminders, improve quality and safety, enforce budget and abuse controls, troubleshoot incidents, and communicate essential service updates.
Depending on context, processing is based on contractual necessity, legitimate interests (security, product integrity, and fraud/abuse prevention), legal obligations, and where required, consent (for optional communications or optional data processing features).
User prompts and selected context are sent to AI providers to generate outputs and speech. Current provider: OpenAI API. We also rely on hosting and infrastructure providers to run the Services. Data is shared only to the extent necessary to deliver functionality.
Inpray uses essential cookies required for authentication, security, and core functionality. Optional analytics cookies (Google Analytics) are used only after consent. You can review details in the Cookie Policy and update your preferences at any time.
Data may be processed in countries outside your own jurisdiction, including outside the UK/EEA. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent lawful transfer mechanisms.
We retain data only for as long as necessary for the purposes listed above and to satisfy legal, security, and audit obligations. Deleted sessions may remain restorable for a limited retention window before permanent removal.
Account and profile data are retained while your account is active. Deleted sessions are restorable for up to 30 days before permanent deletion. Essential security and operational logs are typically retained for up to 12 months, unless a longer period is required by law.
We apply reasonable technical and organizational measures, including access controls, password hashing, and operational monitoring. However, no internet-based system can be guaranteed fully secure.
Subject to applicable law, you may request access, rectification, deletion, restriction, objection, and portability of your personal data, and may withdraw consent where consent is the legal basis. You may also lodge a complaint with your local supervisory authority.
The Services are intended for adults only (18+). We do not knowingly offer accounts to minors. If you believe a minor account exists, contact us at the privacy email above to request review and removal.
For privacy requests, contact: hello@inpray.com. Data Protection Officer: Not appointed (small-scale operation).
We may update this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be communicated through the Services and/or by email where practical.
