How it works
One script. One attribute. Your users stay in control.
Inkwell sits beside the text fields you already have. It finds UK personal and sensitive data, asks the user to review it, and replaces confirmed values before your application submits the text.
-
Register your website
When checkout opens, enter the exact production website where Inkwell will run, such as
https://app.example.com. We will normalise it to its origin— protocol, hostname and any non-default port—and issue a public application ID.Checkout is not open yet. This is the planned automatic activation flow.
-
Add the Inkwell script
Load the pinned browser bundle once. Cross-origin loading and Subresource Integrity are already supported by the current production build.
Script tag <script defer src="https://www.studentradar.com/inkwell/embed/inkwell-embed.global.118f7b352a52.js" integrity="sha256-EY97NSpSjDGWgrDu8D5v5wiUaogS6gu4eS/kfYs8CvE=" crossorigin="anonymous" ></script> -
Mark the text fields
Add one data attribute to an ordinary textarea. Your existing form and styling stay under your control.
Ordinary HTML form <form id="support-note" action="/submit" method="post"> <textarea id="note" name="note" data-inkwell-redact required></textarea> <button type="submit">Send</button> </form> -
Review before submission
Gate submission until the local scan has completed. If Inkwell finds personal data, the user confirms the proposed redactions first; the form then submits the redacted textarea value.
Submission gate <script> window.addEventListener("DOMContentLoaded", () => { const form = document.querySelector("#support-note"); const field = document.querySelector("#note"); let reviewPassed = false; const inkwell = window.InkwellEmbed .attachInkwellRedactionTriggers(document, { trigger: "manual", onConfirm() { reviewPassed = true; form.requestSubmit(); } }); form.addEventListener("submit", async (event) => { if (reviewPassed) { reviewPassed = false; return; } event.preventDefault(); const findings = await inkwell.scanElement(field); if (findings.length === 0) { inkwell.close(); reviewPassed = true; form.requestSubmit(); } }); }); </script>This example protects one textarea. Repeat the scan for every field that can carry free text before allowing a multi-field form to submit.
The privacy boundary
The detector stays local. Licensing stays separate.
No document text is sent to Inkwell. Detection and redaction run in the browser.
The future licence check will send only the public application ID, current website origin and bundle version—never text, findings, snippets or identifier counts.
What you need
A small frontend change, not a new data pipeline.
- Permission to add one external script to your Content Security Policy.
- The production website origin you want to license.
- A textarea or supported text field to mark for review.
- A human-confirmation step before sensitive text is submitted.