Privacy Policy
What This Policy Covers — Plain Language Summary
InsightStack prioritizes transparency regarding data handling. Key points include:
- Your conversations are never stored in full. Full conversation content is processed and permanently deleted; only structured insights are retained.
- Only the structured excerpts and insights are kept. Structured excerpts remain stored until deletion by the user.
- Your data is never used to train AI models. Customer data never trains AI models under any circumstances.
- You own your data. Users retain ownership of their data and may export or delete it anytime.
- We are transparent about our sub-processors. Anthropic's API serves as the primary sub-processor under enterprise-grade commitments.
For questions, contact info@insight-stack.ai.
1. About This Policy
This Privacy Policy outlines how InsightStack, LLC collects, uses, stores, and protects information through its platform and services. The policy applies to all customers and users. InsightStack operates as a B2B platform where customers are companies and professionals. When customers upload content containing third-party personal data, InsightStack functions as a data processor while the customer acts as the data controller.
By using the Platform, you accept these practices. Disagreement requires discontinuing use.
2. Information We Collect
2.1 Account and Contact Information
Registration requires name, business email, company name, and other account setup details. This information manages accounts, facilitates communication, and enables support services.
2.2 Customer Conversation Data
Users may upload customer conversations like interview transcripts or email threads for processing. InsightStack extracts structured insights and excerpts; the full conversation content undergoes immediate permanent deletion and is never retained.
2.3 Billing and Payment Information
Stripe, Inc. handles payment processing. InsightStack does not store complete credit card or bank information but retains billing records including transaction history, subscription tier, and payment status for compliance purposes.
2.4 Usage and Technical Information
The Platform automatically collects technical data: IP address, browser type, device type, operating system, visited pages, and feature usage. This information operates and improves the Platform, troubleshoots issues, and ensures security.
2.5 Communications
Support correspondence and related information are retained by InsightStack.
3. Data Architecture: How We Handle Customer Conversations
InsightStack's architecture prioritizes privacy and data minimization:
- Uploaded conversations transmit securely to the processing pipeline
- AI processing (using Anthropic's API per Section 5) extracts structured insights, pain points, feature requests, and relevant excerpts
- Full conversation content undergoes permanent deletion post-processing; raw conversations remain unstored
- Only structured excerpts and derived insights persist in user accounts until deletion or account termination
4. How We Use Your Information
InsightStack uses collected information to:
- Provide, operate, and maintain Platform features
- Process and analyze conversation data, returning structured insights
- Manage accounts, subscriptions, and billing
- Communicate regarding accounts, updates, and support
- Detect, investigate, and prevent security incidents and Platform misuse
- Comply with legal obligations and enforce Terms of Service
- Improve reliability, performance, and functionality using aggregated, non-identifiable technical data
Your Content — including any excerpts or insights derived from your conversations — is never used to train, fine-tune, or otherwise improve any artificial intelligence or machine learning model.
5. Third-Party Processors and Sub-Processors
InsightStack engages limited trusted third-party service providers to operate the Platform. Users authorize this engagement by using the Platform. A current sub-processor list with roles and data commitments is maintained at www.insight-stack.ai/sub-processors.
At least 30 days' advance notice precedes material sub-processor additions via email or in-platform notification.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Raw customer conversations (full) | Deleted immediately after processing — not stored |
| Extracted excerpts and insights | Until user deletion or 30 days post-termination |
| Account and contact information | Duration of account + 30-day post-termination grace period |
| Billing records | 7 years (tax and financial law requirement) |
| Usage and technical logs | 12 months |
Deleted excerpts and insights are removed from accounts and systems. Upon account termination, remaining excerpts are deleted following the 30-day retrieval period in the Terms of Service.
7. Data Security
InsightStack implements industry-standard security measures:
- TLS encryption for data in transit
- Encryption for data at rest
- Access controls limiting employee access to customers with legitimate operational needs
- Regular security assessments and monitoring
No system is entirely secure. Security breaches affecting user data trigger required legal notifications.
8. Data Sharing and Disclosure
InsightStack does not sell, rent, or trade personal data or Content. Information sharing occurs only in limited circumstances:
- With sub-processors for Platform provision
- In response to valid legal process or compliance requirements
- To protect rights, property, or safety of InsightStack, customers, or others
- In connection with mergers, acquisitions, or asset sales (with notice; data remains subject to this Policy)
9. Customer Responsibilities Regarding Third-Party Data
As a B2B platform, conversation participants are not direct users. When uploaded content contains third-party personal information, customers act as data controllers and bear responsibility for:
- Ensuring legal rights to share conversation content with third-party platforms
- Obtaining required consent from participants for third-party AI processing
- Complying with applicable privacy laws regarding third-party personal data notice and consent
- Responding to privacy rights requests from customers or conversation participants
InsightStack processes third-party personal data solely per customer instructions as data controller.
10. Your Rights and Choices
InsightStack Customers possess the following data rights:
- Access: Review stored excerpts and insights through the Platform anytime
- Deletion: Remove individual excerpts or insights anytime; request account deletion with associated data via info@insight-stack.ai
- Export: Download stored excerpts and insights through the Platform
- Correction: Update account information via account settings
California residents possess additional CCPA rights including knowledge, deletion, and sales opt-out rights. InsightStack does not sell personal information. Exercise rights by contacting info@insight-stack.ai.
EU and UK residents possess GDPR and UK GDPR rights including access, rectification, erasure, processing restrictions, and supervisory authority complaint filing. Contact info@insight-stack.ai to exercise these rights.
11. Changes to This Policy
InsightStack may update this Policy periodically. At least 30 days' advance notice precedes material changes via email or in-platform notification. The effective date reflects the most recent revision. Continued Platform use after changes constitutes acceptance of the updated Policy.
12. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or data practices:
InsightStack, LLC
Email: info@insight-stack.ai
Website: www.insight-stack.ai