Invook ("Invook", "we", "our", "us") provides a shared Canvas and Drive where users can generate, store, and collaborate on AI-generated assets ("Services").
We are committed to protecting your privacy and handling your data transparently and securely.
This Privacy Policy explains how we collect, use, store, share, and protect personal data in compliance with:
- India's Digital Personal Data Protection Act, 2023 (DPDP Act)
- EU General Data Protection Regulation (GDPR)
- UK GDPR
- California Consumer Privacy Act (CCPA/CPRA)
- Other applicable international data protection laws
1. Scope
This Privacy Policy applies to:
- Visitors to our website
- Users of Invook (free and paid plans)
- Workspace members and collaborators
- Clients invited into shared spaces
2. Information We Collect
2.1 Information You Provide
- Name
- Email address
- Organization name
- Profile information
- Billing information (processed via third-party payment providers)
- Content uploaded to Invook:
- Files (documents, images, videos, links)
- Prompts
- AI-generated outputs
- Comments and collaboration data
2.2 Automatically Collected Information
- IP address
- Device type
- Browser information
- Usage analytics
- Log data
- Error diagnostics
2.3 AI-Generated Data
When you generate assets using Invook:
- Prompts
- Input files
- Output files
- Metadata related to generation
These are stored within your workspace unless otherwise specified.
3. How We Use Your Information
We use your data to:
- Provide and maintain the Services
- Authenticate users
- Enable collaboration in shared workspaces
- Store and retrieve AI-generated assets
- Improve product performance
- Provide customer support
- Comply with legal obligations
- Prevent fraud or misuse
We do not sell personal data.
4. AI Model Processing
Invook integrates third-party AI infrastructure providers.
Your inputs may be processed by the following subprocessors strictly to provide the Services:
AI & Infrastructure Subprocessors
- Amazon Web Services (AWS) – Core cloud infrastructure
- AWS Bedrock – Claude model inference
- Fal.ai – Image and video model processing
- Groq – Speech-to-text processing
- Supabase – Authentication and database services (standard and vector storage)
- Microsoft Azure – Windows code signing
- GitHub – Code repository and deployment infrastructure
These subprocessors process data only as necessary to provide functionality.
We require all subprocessors to maintain appropriate security and confidentiality standards.
5. Data Storage & Security
Invook implements technical and organizational safeguards, including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted cloud storage
- Access controls and role-based permissions
- Secure authentication systems
- Infrastructure hosted on reputable cloud providers
We take reasonable steps to protect your information, but no system is 100% secure.
6. Data Ownership
You retain ownership of:
- Files you upload
- Prompts you submit
- AI outputs generated within your workspace
Invook does not claim ownership over user content.
Unless explicitly stated:
- We do not use your private workspace data to train third-party AI models.
- Your content is processed only to provide the Services.
7. Data Retention
We retain personal data:
- As long as your account remains active
- As necessary to provide Services
- As required by law
- For legitimate business purposes (e.g., security, fraud prevention)
You may request deletion of your account and associated data.
8. International Data Transfers
Invook operates globally.
Your data may be processed in:
- India
- United States
- Other countries where our subprocessors operate
Where required, we implement:
- Standard Contractual Clauses (SCCs)
- Lawful transfer mechanisms under GDPR
- Safeguards under India's DPDP Act
9. Your Rights
Depending on your jurisdiction, you may have the right to:
Under GDPR / UK GDPR:
- Access your data
- Correct inaccurate data
- Delete your data
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
Under India DPDP Act:
- Right to access information about processing
- Right to correction and erasure
- Right to grievance redressal
- Right to nominate a representative
Under CCPA/CPRA:
- Know what personal data is collected
- Request deletion
- Opt out of sale/sharing
- Non-discrimination for exercising rights
To exercise rights, contact: support@thinkingsoundlab.com
10. Children's Privacy
Invook is not intended for individuals under 18.
We do not knowingly collect personal data from minors.
11. Cookies & Analytics
We may use cookies and similar technologies to:
- Maintain sessions
- Improve user experience
- Analyze usage patterns
- Secure the platform
You may control cookies through browser settings.
12. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated via:
- Email notification
- Website notice
- Platform notification
13. Contact Information
For privacy-related inquiries:
Invook
Email: support@thinkingsoundlab.com
Address: Ashok Vihar Colony, Bypass Road, Gaya, Bihar, 823001
14. Data Protection Officer / Grievance Officer (India)
In compliance with India's DPDP Act:
Grievance Officer:
Email: support@thinkingsoundlab.com
Response Timeline: As required under applicable law
15. Legal Basis for Processing (GDPR)
We process data under the following lawful bases:
- Contract performance
- Legitimate interest
- Consent
- Legal obligation
16. Technical Stack Disclosure (Transparency)
Invook is built using:
Frontend:
- React 19
- React Flow
- ShadCN UI
- Electron
- Node.js 22
- Zustand
Backend & Development:
- Python 3.11 / 3.12
- Rust
- JavaScript
- HTML/CSS
Infrastructure:
- AWS
- Supabase
- Azure
- Fal.ai
- Groq
- AWS Bedrock
These technologies do not independently collect personal data beyond what is necessary to operate the Services.