Skip to main content
All CollectionsPricing, Security, Privacy and Terms
Privacy Policy and GDPR Compliance
Privacy Policy and GDPR Compliance

Updated March 19, 2023

Updated over a year ago

At Insight Engine™ ("Service"), we take privacy and the security of your data very seriously, so we'd like to be transparent with you about how we collect, utilize and protect it.

A lot of what you'll read in this document is designed to address various laws and regulations such as the GDPR.  That said, we'd like to take a moment to share a few philosophies that guide how we treat data and privacy now and going forward:

  • Data you provide us, or that is collected on your behalf, is owned entirely by you and will be available to you on demand as well as removed on demand.

  • We consider data a liability and only collect and share the minimum amount required to provide you with a great service.

We've made an effort to make this document as clear and easy to understand as we can, but if you have any questions, please don't hesitate to reach out.

If you do not agree with this policy, please do not access or use our Service.

Who this policy applies to

  • Our Customers who have signed up for our Service

  • End-Users of our Customers who interact with our Service

What this policy covers

The goal of this policy is to help you understand:

  • What data we collect from you

  • What data we collect automatically

  • How we use data we collect

  • How we share data we collect

  • How we store and secure data we collect

  • How you can access and manage your data

  • Other important privacy information

What data we collect from you

We collect data about you when you provide it to us by using our Service, as described below.

  • Account and profile information - We collect information about you when you register for the Service, such as name and email address, as well as other various settings and contact information.

  • Content you provide through our Service - When using our Service we collect various information about your company and the data you are interacting with.

  • Information you provide through our support channels - If you elect to use our customer support, we will collect any information you choose to share with us.

  • Payment information - If you are elect to pay via credit card, we will collect payment information such as credit card numbers and expiration dates.

What data we collect automatically

By using the Service there is some information we get from you automatically.

  • Your use of the Service - When you use the Service we track certain information to help us better understand how you're using the Service, such as what features you use and how frequently.

  • Device and connection information - We collect various pieces of information about your network connection, such as IP address, so that we can protect the Service against abuse.  We also collect information about your device such as what type it is (laptop, tablet, etc) and what browser you're running so that we can improve the quality of the Service, as well as resolve any issues you may encounter.

  • Cookies and other tracking technologies - Our Service uses cookies so that we can recognize you after you sign in.  They also help us identify you when resolving issues.

How we use data we collect

How we use your data depends on how you utilize the Service.  These are the purposes for which we use your data.

  • To provide the Service and customize your experience - We use your information to provide the Service and tailor it to your needs.

  • For product development and research - To improve our Service, we will often look at our customer data to better understand what it is you're using the Service for.  

  • For customer support - We use your information to resolve technical issues and to respond to requests for assistance.

  • For safety and security - We use information about you to verify your account and to monitor for suspicious or fraudulent behavior.

How we share data we collect

Our Service inherently requires sharing some of your data with other Service users and some third parties in order to function.

Sharing with other Service users on your private team

  • For collaboration - We must share some of your data with other users on your team as part of the collaboration features of our platform.

  • For administration - For certain kinds of accounts we will share your information with the administrator(s) of the account.  For example your name and email are shared with your account administrator.

Sharing with third parties

Third parties that we share data with do so under direct instruction from us, and abide by policies designed to protect your information.

  • Service providers - We work with a few third-party service providers to enable customer support, hosting/development, payment processing and communications.

  • Integration partners - If you choose to take advantage of our various integrations, we will share the minimum amount of data with them to perform the desired task.

  • Legal / law enforcement - In exceptional circumstances we may share information about you with a third party if we believe sharing is necessary to comply with applicable laws, regulations or governmental requests.

How we store and secure data we collect

We use extreme care when handling your data and always use industry standards where applicable.

How we store and transmit data

  • We store your data in Amazon Web Services data centers located in the United States.  You can read more about their physical security here.

  • We always use secure connections (TLS/SSL) to transmit data in between Service users and third parties.

  • All non-essential ports and external network interfaces blocked by default

  • All account passwords are stored as one-way hashes

  • All client-side communication, sessions, and input are validated server-side

  • All media assets are securely encrypted on Amazon S3 using signed URLs

  • All data is backed up in multiple remote data centers distributed across the country

  • In the event of server failure, all critical systems have redundant failovers to limit service disruptions

  • We encrypt all data stored in our databases at rest

  • Payment data is stored with our billing provider, Stripe, which is PCI-DSS compliant

  • Access to our database is limited to a select group of employees.

We make an effort to protect your data through a number of security measures, however please remember that no system is 100% secure.

How long we keep data

We keep user data for varying lengths of time, depending on the type of data and how you've configured our Service.

  • Account data - We retain account data for the lifetime of the account, as it's mandatory to use the Service.  We also retain any data necessary to comply with legal obligations and resolve disputes.

  • Content you provide - If your account is deactivated, we retain some of your content so that other Service users that you have collaborated with will be able to continue using the Service in an expected manner.

  • User data - By default we retain favorites, comments, etc. data for the lifetime of the account.

  • Payment data - We retain payment data for the lifetime of the account as it's mandatory in order to use our Service.

Notification of security breach

We will notify you within 72 hours of becoming aware of a security breach or configuration weakness which could have allowed your data to be exposed.

How you can access and manage your data

We strongly believe in giving you access to export or delete your data at will.

Your rights

You have several rights that can be exercised at any time:

  • The right to request a copy of your data in a structured, electronic format

  • The right to object to our use of your data

  • The right to request deletion of your data ("Right to be forgotten")

In some cases we may not be able to comply with requests, such as a situation where compliance would result in another user's personal data being exposed, or where we are prohibited by law.

In situations where you have asked us to share your data with a third party, you may need to contact those parties to have your request fulfilled.

If you have unresolved concerns or feel your rights were infringed, you may have the right to complain to a data protection authority in your country of residence.

How to make a data request

In some cases we have automated tools to help you obtain or delete your data, and in other cases you'll need to make a data request to our customer support team.

To make a data request, please login to your account and use the customer support tools.  Alternatively, you can send us an email from the address you used to create the account.

In some situations we may ask for additional proof of identity so we can ensure the privacy of our other customers.

How to access and update your data

Our Service allows you to access and update your information from within the Service.  For example, you can access your profile information from your account.

How to delete your data

If you would like to have account data deleted, please make a data request.  Please note that we may need to retain certain data within your profile for record keeping purposes or to comply with our legal obligations. This may take up to 30 days per request as allowed in Article 12.3 of the GDPR.

Opt out of communications

You may opt out of receiving promotional communications from us by using the unsubscribe link at the bottom of each email.  Even after you opt out of promotional emails, you will continue to receive transactional emails from us.

Data portability

Data portability is the ability to obtain some of your data in a format you can move from one Service to another.  Should you request it, we will provide you with an electronic file of your account data.

Other important privacy information

Changes to this policy

We may change this policy from time to time.  Any changes will be posted to this page, and if they are significant, we will notify you via email and within the Service.  We will also keep previous versions of this policy which are available upon request.  You are advised to review this policy periodically for any changes.

If you disagree with any changes to this policy, you will need to stop using the Service.

Contact Us

If you have any questions, concerns, or data requests, please reach out by logging in to our Service and using the chat tool, or by emailing us at info@insightengine.org.

Full Privacy and Terms of Service

Review our full privacy policy [UPDATE LINK] and terms [UPDATE LINK].

Did this answer your question?