Privacy Policy

This Privacy Notice explains how we use your personal information when you use the Service, either as an individual customer, through AI agents, or when you access the Service through one of our enterprise customers' accounts. We are the data controller of your personal information when we use it as described in this Privacy Notice, meaning that we determine and are responsible for how your personal information is processed.

Our Service allows customers to submit, manage or otherwise use content relating to others, including data generated by AI agents, end users of applications built and managed through the Service, or their employees and contractors ("Customer Data"). We use such Customer Data primarily as a processor, meaning we process such Customer Data on behalf of and under the instructions of the relevant customer, in accordance with our data processing agreements. This Privacy Notice does not apply to our processing of Customer Data in our capacity as a processor. If you are an end user of an application built on InsForge, please refer to the privacy notice of the relevant InsForge customer for information about how your data is handled.

This Privacy Notice does not apply to information about our employees or contractors, or to aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you.

• California - Your California Privacy Rights: If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of personal information to third parties for their direct marketing purposes. We do not sell your personal information as defined under the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, the right to request deletion of your personal information, the right to correct inaccurate personal information, and the right to opt-out of the sale or sharing of personal information. To exercise these rights, contact us at [email protected]. We will not discriminate against you for exercising any of these rights.
• Nevada: We do not sell your personal information within the meaning of Chapter 603A of the Nevada Revised Statutes. However, if you would like to submit an opt-out request, please contact us at [email protected].
• European Economic Area, United Kingdom or Switzerland: If you are located in the EEA, UK, or Switzerland, please see Section 11 - European-Specific Disclosures below for additional privacy disclosures, including lawful bases for processing, international data transfer mechanisms, and your rights regarding personal information.
• Note for International Visitors: Personal information may be transferred to, stored and processed in countries other than where it was collected. Our Services are primarily hosted in and provided from the United States. Where we transfer personal information internationally, we use appropriate safeguards as described in Section 12 - International Data Transfers.

We collect personal information in connection with your visits to and use of the Service, including information from AI agents operating on your behalf.

We may share your personal information in the following instances:

• Service Providers: We share information with third-party service providers who help deliver or improve our Services. These providers are contractually bound to use personal information only as instructed and subject to confidentiality obligations. Our key service providers include:
  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and compute
  • Payment Processing: Stripe for payment and billing
  • Analytics: Mixpanel for product analytics
  • Error Monitoring: Sentry for error tracking and performance monitoring
  • Email: Resend for transactional email delivery
  • Authentication: GitHub for SSO authentication
• AI Service Partners: We may share data with AI service providers (such as OpenAI, Anthropic, or other AI model providers) solely to provide AI-powered features of our Service, subject to appropriate data protection agreements. We do not permit AI service partners to use your data for training their models.
• Legal Requirements: We may share information as required by law, to comply with legal process, or to protect the rights, property, or safety of InsForge, our customers, or others.
• Business Transfers: We may transfer information in connection with any merger, acquisition, or sale of assets, with reasonable efforts to ensure consistent treatment of personal information.
• With Your Consent: We may share information for any other purpose with your prior authorization.
• Aggregated/Anonymized Data: We may share aggregated or anonymized information that does not reasonably identify you directly or indirectly.

We do not sell your personal information to third parties. We do not share your personal information with third parties for their direct marketing purposes.

Depending on your location, you may have the following rights with respect to your personal information. To exercise any of these rights, please contact us at [email protected].

Exercising Your Rights

To submit a request, email [email protected] with the subject line "Data Subject Request." We will respond to verified requests within 30 days. We may require you to verify your identity before fulfilling a request by providing information associated with your account. If we cannot verify your identity, we may be unable to fulfill the request.

You may also designate an authorized agent to make a request on your behalf, provided the agent can demonstrate valid authorization (such as a signed power of attorney or your direct written confirmation).

Email Communications

You may receive emails regarding Service updates, products, or promotional offers. Our marketing emails include tracking technologies to assess engagement. You can unsubscribe using the links in our emails. Note that you cannot unsubscribe from certain service-related communications.

Modifying Account Information

You can modify certain account information through your account settings. If you have provided consent for AI-powered services, you can update preferences or withdraw consent through account settings. For User Content, you can use Service features to edit or delete information.

AI Agent Data Management

You can manage AI agent configurations, review agent activity logs, and control data sharing preferences for AI-powered features through your account dashboard.

We and our third-party partners automatically collect usage information through tracking technologies including cookies, web beacons, and similar technologies.

Cookies We Use

Information We Collect Automatically

• Device and software information (IP address, browser type, operating system)
• Mobile device identifiers and location information (where permitted)
• Usage patterns and navigation behavior
• AI agent interaction patterns and performance metrics

How We Use This Data

• Remember user preferences and settings
• Provide custom content and AI agent recommendations
• Monitor Service effectiveness and AI agent performance
• Analyze usage patterns and demographic information
• Diagnose technical problems
• Provide and enhance our services

Managing Your Preferences

You can manage cookie preferences through your browser settings. Note that blocking cookies may negatively impact your experience with AI-powered features. We honor "Do Not Track" signals sent by your browser; when detected, we will disable non-essential tracking technologies.

We retain personal information for the length of time needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law. The specific retention period depends on the nature and sensitivity of the information, the purposes for which it is processed, and applicable legal requirements.

You may request deletion of your personal information at any time. We take data deletion seriously and have established the following procedure:

We implement commercially reasonable physical, technical, and organizational measures to protect the security of personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and multi-factor authentication for internal systems
• Regular security assessments, penetration testing, and vulnerability scanning
• Incident response procedures with defined escalation paths
• Employee security awareness training
• Audit logging and monitoring of access to personal information

However, no security system is completely secure, and we cannot guarantee the absolute security of your information.

Security Breach Notification

In the event of a security breach that affects your personal information, we will investigate the incident promptly and take appropriate steps to contain and remediate the breach. Where required by applicable law, we will notify affected individuals and relevant data protection authorities without undue delay, and in any event within the timelines required by applicable law (such as 72 hours under GDPR for authority notification). Our notification will include the nature of the breach, the categories of data affected, likely consequences, and the measures we have taken or propose to take to address the breach.

Our Site may provide links to third-party websites or services, including AI model providers and development tools. We are not responsible for the practices of these third parties. Your interactions with third-party services are subject to their respective terms and policies. We encourage you to review the privacy notices of any third-party services you access through our Site.

Our services are not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will delete it promptly. Contact us at [email protected] if you believe we have collected information from a child under 13.

We reserve the right to change this Privacy Notice from time to time. We will notify you of material changes through appropriate means, such as email notification to the address associated with your account or prominent notice on our Site, at least 30 days before the changes take effect. The "Last Modified" date at the top of this page indicates when this Privacy Notice was last revised. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Notice.

Legal Bases for Processing

If you are located in the EEA, UK, or Switzerland, we process your personal information only where we have a valid legal basis to do so:

• Contract Performance: Processing necessary to provide the Service to you, including account creation, authentication, service delivery, and payment processing.
• Legitimate Interests: Processing necessary for our legitimate business interests, including service improvement and analytics, fraud prevention and security, customer support, and enforcing our Terms of Service. We balance our interests against your rights and will not process where your interests override ours.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including marketing communications, non-essential analytics and tracking technologies, and data sharing for AI-powered services. You may withdraw your consent at any time.
• Legal Obligation: Processing necessary to comply with our legal obligations, including tax and accounting requirements, law enforcement disclosures, and regulatory compliance.

Your European Privacy Rights

In addition to the rights described in Section 3, EEA, UK, and Swiss residents have the right to lodge a complaint with their local supervisory authority:

• EU: Contact your local Data Protection Authority. A list of EEA DPAs is available at ec.europa.eu/justice/data-protection
• UK: The Information Commissioner's Office (ICO) at ico.org.uk
• Switzerland: The Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch

InsForge is headquartered in the United States, and our Service is primarily hosted in the United States. If you are accessing the Service from outside the United States, your personal information will be transferred to the United States and potentially to other countries where our service providers operate.

Where we transfer personal information from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards to protect your information, including:

• Standard Contractual Clauses (SCCs): We use SCCs approved by the European Commission and the UK Information Commissioner's Office to govern transfers of personal information to the United States and other countries.
• Data Processing Agreements: We maintain data processing agreements with all sub-processors that include appropriate data transfer mechanisms and security obligations.
• Supplementary Measures: We implement additional technical and organizational safeguards, including encryption and access controls, to ensure the continued protection of transferred data.

You may request a copy of the relevant transfer mechanisms by contacting us at [email protected].

For inquiries about this Privacy Notice, to exercise your data subject rights, or to raise a privacy concern, please contact us:

• Privacy Inquiries: [email protected]
• General Inquiries: [email protected]

We are committed to resolving complaints and concerns about your privacy and our collection and use of your personal information. If you are unsatisfied with our response, you have the right to lodge a complaint with the appropriate data protection authority in your jurisdiction.