Inner Arc logo

InnerArc

Privacy Policy

Last Updated: December 5, 2025

This Privacy Policy describes how Inner Arc Software Ltd(trading as InnerArc) (“we,” “our,” or “us”) collects, uses, and protects your personal data when you use our website, application, and services (“Service”).

InnerArc is a private, AI-powered video journaling platform. Users record videos, which are processed securely on our infrastructure to generate transcripts, summaries, themes, and insights. We treat your recordings and personal data with strict confidentiality and do not use them to train AI models.

By using the Service, you agree to the practices described in this Privacy Policy. If you have questions, you may contact us using the details below.

Table of Contents

1. Information We Collect

We collect only the data necessary to operate the Service. This includes:

  • Account Data: Email address, hashed password, and optional profile details.
  • Recordings (Video & Audio): When you create an entry, we collect the video/audio you record. These files are encrypted at rest in AWS S3.
  • AI-Derived Data: Transcripts, summaries, themes, and insights generated automatically by our self-hosted models (Whisper.cpp and gpt-oss-20b). None of this data is sent to external AI providers.
  • Technical Logs: Minimal logs containing request metadata (including your user ID and IP address) for security, debugging, and operational purposes. These logs are stored in Grafana Cloud.
  • Device & Connection Data: Basic technical information such as browser type, operating system, and connection details needed to deliver the Service.
  • Cookies: Our logged-in application uses essential cookies only. Our public marketing pages may also use analytics cookies (such as Google Analytics), as explained in our Cookie Policy. See our Cookie Policy.

2. How We Use Your Information

We use your information only for the following purposes:

  • To operate and maintain your account.
  • To store your recordings securely and generate playback files.
  • To generate transcripts, summaries, and themes using self-hosted AI models.
  • To enforce recording limits (e.g., 60-minute max per entry).
  • To maintain system security and prevent unauthorised access.
  • To comply with legal or regulatory requirements.

We do not use analytics tracking or behavioural profiling in the logged-in application. Our public pages (such as signup and login) may use Google Analytics as described in our Cookie Policy.

We do not manually review your recordings or AI-generated content.

3. Subscriptions & Payments

Payments for premium plans are handled by Stripe. We do not store your full card details. Stripe may collect billing data needed to process your payment.

For details, review Stripe’s Privacy Policy.

4. User-Generated Content

All recordings and associated data you create are private to your account. We do not share, view, or access your content except:

  • to store and process it as part of the Service, or
  • if required by law.

Recordings automatically stop when plan limits are reached (e.g., 60 minutes per entry, or 4 hours per 24-hour period for Premium).

5. Sharing and Disclosure

We only share your data with subprocessors essential to providing the Service:

  • AWS S3 - encrypted storage of video/audio and derived data.
  • Supabase - managed Postgres database for account and metadata.
  • Stripe - payment processing.
  • Postmark - transactional emails.
  • Grafana Cloud - storage of technical logs containing user ID and request metadata.

We do not send your video, audio, transcripts, or summaries to any external AI provider. All AI processing is performed on infrastructure controlled by Inner Arc Software Ltd.

We may disclose information if required to comply with law or defend our legal rights.

6. Data Retention

We retain personal data only as long as necessary to provide the Service. You may request permanent deletion at any time via support email. Upon request, we delete recordings, transcripts, summaries, themes, and account data from our systems and storage.

7. Security

We use industry-standard security measures, including encryption at rest, secure upload channels, and strict access controls. While no system is completely secure, we work continuously to protect your data.

8. Your Rights

You may request access, correction, deletion, or restriction of your personal data. Currently, deletion requests are handled manually through support.

9. Data Protection (UK & EU GDPR)

We comply with the UK GDPR and, where applicable, the EU GDPR. Our lawful bases include contractual necessity, legitimate interests, and consent.

Where personal data is transferred outside the UK/EEA, we use appropriate safeguards.

UK residents may contact the ICO. EEA residents may contact their national supervisory authority.

10. Children’s Privacy

The Service is not intended for children under 13. If we learn that such data has been collected, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. The “Last Updated” date indicates the most recent changes.

12. Contact Us

If you have questions, concerns, or requests, contact:

Inner Arc Software Ltd
86–90 Paul Street
London
EC2A 4NE
United Kingdom
[email protected]