The full experience lives on desktop.

InoraInora

Privacy Policy

Last updated: June 3, 2026

This page describes how Inora ("we", "us") handles information when you use our website and notebook product. It is meant to be clear and honest about what the app actually does today, not a full legal compliance package. Ask counsel if you need advice for your situation.

Information we collect

Account and session data. When you sign up or sign in, we store account identifiers (such as username), a hashed credential, session records, and settings tied to your account. Auth uses an httpOnly session cookie on our domain.

Content you create. This includes notebooks, sections, versions, folders, workspaces, media references, and legacy scroll style documents, essentially the notes and structure you build inside Inora. If you publish a notebook or scroll, we store the publish state and a public link identifier so the published view can be served.

Feedback chat. If you use in app feedback chat, we store your messages and limited assistant replies (including non AI acknowledgements when daily AI replies are unavailable). Product feedback may be sent to third party AI APIs when you are within usage limits. See below.

Uploads. Files you upload are stored in our cloud storage bucket (via Supabase Storage) and linked to your account.

Billing. If you purchase a paid plan, payment and subscription metadata are handled through Razorpay. We store plan status and related billing fields on your account; we do not store full card numbers on our servers.

Contact form. Messages sent through our contact page (name, email, and message body) are delivered to our team, typically via Resend email.

Technical and usage data. We collect data needed to run the service: IP address, browser and device characteristics, request logs, error reports, and in product search and indexing derived from your content to power search inside your account. Where configured, we use product analytics (PostHog) and error monitoring (Sentry). Both are optional and only active when the relevant environment keys are set.

How we use information

We use information to:

  • Provide, maintain, and improve Inora (editing, sync, trash, search, publish).
  • Authenticate you, manage sessions, and protect against abuse (including login rate limiting).
  • Run AI assisted features you invoke, including feedback chat, generation, and smart rendering pipelines, by sending relevant prompts and context to our AI providers.
  • Process payments and show billing history where paid plans are offered.
  • Respond to support and contact requests.
  • Understand reliability and usage in aggregate (analytics/monitoring, when enabled).
  • Meet legal obligations and enforce our terms.

We may also disclose information if required by law, to protect users and the public, or in connection with a merger, acquisition, or asset sale, with notice where practical.

We do not sell your personal information as a standalone product.

Retention

We keep information while your account is active and as needed to provide the service. Deleted notebooks and scrolls may sit in trash for a retention period before permanent removal, per product rules.

If you delete your account from account settings (with username confirmation), we delete your user record and associated notebooks, scrolls, folders, generations, sessions, and settings from our database. Feedback chat data tied to your account is removed via database cascade. Some billing or webhook records may persist where needed for audits or processor requirements.

Backups, logs, and provider side copies may linger for a limited time after deletion. We work to expire them on a reasonable schedule.

Security

We use access controls, encrypted transport (HTTPS), hashed credentials, and other measures appropriate for an early stage SaaS product. No online service can guarantee perfect security; please use a strong password and keep your session private.

Your choices

You can update account settings in the product, revoke sessions from session settings, and delete your account from account settings. Depending on where you live, you may have rights to access, correct, delete, or export certain information. Contact us for requests we cannot handle in app.

You can limit analytics by using browser controls or ad/tracker blockers; Sentry and PostHog only run when we configure them for an environment.

Children

Inora is not directed to children under the age where parental consent is required in your region, and we do not knowingly collect their personal information.

International transfers

Inora is operated from infrastructure focused on India in parts of the stack (for example Supabase region and Razorpay). If you use Inora from elsewhere, your information may be processed in India, the United States, or other countries where we or our providers run systems.