Privacy Policy

1. Introduction

Insyte ("we," "our," or "us") operates the Insyte sales intelligence platform available at insyte.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, or use our Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Definitions

"Personal Data" means any information that relates to an identified or identifiable individual, such as your name, email address, or IP address.
"Business Data" means company and professional contact information sourced from publicly available sources that we aggregate and provide through the Service.
"Usage Data" means information collected automatically when you use the Service, such as pages visited, features used, and actions taken.
"User" or "you" means anyone who accesses or uses the Service, whether as a registered account holder or a website visitor.

3. Information We Collect

3.1 Account Information You Provide

When you register for an account or sign in using Google OAuth, we collect:

Name — Your full name as provided by your Google account or entered during registration.
Email address — Your primary email address used for authentication, account communications, and service notifications.
Profile picture — Your Google account profile picture, displayed within the Service for personalization purposes.
Company name — Your organization name, if provided during onboarding.

3.2 Payment Information

When you subscribe to a paid plan or purchase credits, payment is processed securely by our payment processor, Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We may receive and store:

Last four digits of your card number (for display purposes)
Card brand and expiration date
Billing address
Transaction history and invoice records

3.3 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

Usage Data — Pages visited, features used, searches performed, credits consumed, buttons clicked, and other interactions with the Service.
Device Information — Browser type and version, operating system, screen resolution, and device type (desktop, mobile, tablet).
Log Data — IP address, access times, referring URL, and pages viewed.
Cookies & Similar Technologies — See Section 9 (Cookie Policy) for details.

3.4 Business Data from Public Sources

Insyte aggregates company and professional contact information from publicly available sources to power its sales intelligence platform. This Business Data may include company names, website URLs, industry classifications, employee counts, publicly listed business email addresses, job titles, and other professional information. This data is collected independently of your use of the Service and is not derived from your personal account.

4. Google OAuth & Limited Use Disclosure

Insyte offers sign-in via Google OAuth for a convenient and secure authentication experience. When you choose to sign in with Google, we request access to the following Google API scopes:

email — To retrieve your email address for account identification and communication.
profile — To retrieve your name and profile picture for account personalization.

How We Use Google User Data

Data obtained from Google APIs is used solely for the following purposes:

Authentication — To create and sign you into your Insyte account.
Account personalization — To display your name and profile picture within the Service.
Communication — To send you account-related notifications, such as password resets, billing updates, and important service announcements.

What We Do NOT Do

We do not sell Google user data to third parties.
We do not use Google user data for advertising or marketing purposes unrelated to the Service.
We do not transfer Google user data to third parties except as necessary to provide the Service (e.g., our authentication infrastructure), with your explicit consent, or as required by law.
We do not request access to any Google API scopes beyond email and profile.
We do not access, store, or process any data from Google Workspace apps (Gmail, Google Drive, Google Calendar, etc.).

Insyte's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 To Provide the Service

Create and manage your account
Authenticate your identity when you sign in
Process transactions and manage subscriptions
Deliver the features and functionality of the Service, including company search, contact enrichment, and AI research
Provide customer support and respond to your inquiries

5.2 To Improve & Optimize the Service

Monitor and analyze usage patterns and trends to improve user experience
Identify and fix bugs, errors, and performance issues
Develop new features and functionality

5.3 To Communicate with You

Send transactional emails (account confirmations, billing receipts, usage alerts)
Send product updates and announcements relevant to your use
Send promotional communications (only with your consent; you can opt out at any time)

5.4 To Ensure Security & Compliance

Detect and prevent fraud, abuse, and security threats
Enforce our Terms of Service
Comply with legal obligations

6. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your Personal Data under the following legal bases:

Performance of a Contract — Processing necessary to provide the Service to you under our Terms of Service (e.g., account management, payment processing).
Consent — Processing based on your explicit consent, such as sending marketing communications or using Google OAuth for authentication. You may withdraw consent at any time.
Legitimate Interests — Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and performing analytics, provided these interests are not overridden by your data protection rights.
Legal Obligation — Processing necessary to comply with applicable laws and regulations.

7. Data Sharing & Third-Party Services

We do not sell your Personal Data. We may share your information with the following categories of third parties, solely for the purposes described in this Privacy Policy:

7.1 Service Providers

Provider	Purpose	Data Shared
Supabase	Database hosting & authentication	Account data, application data
Stripe	Payment processing	Billing information, transaction details
Google OAuth	User authentication	Email, name, profile picture
PostHog	Product analytics	Usage data (anonymized where possible)
Typesense	Search infrastructure	Business Data (indexed for search)
Vercel	Application hosting	Log data, request metadata

7.2 Other Disclosures

We may also disclose your information:

Legal requirements — When required by law, regulation, or legal process.
Protection of rights — To protect our rights, privacy, safety, property, or that of our users or others.
Business transfers — In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred to the successor entity.
With your consent — When you explicitly authorize us to share your information.

8. Data Retention

We retain your data for the following periods, unless a longer retention period is required or permitted by law:

Data Category	Retention Period
Account information	Duration of your account, plus 90 days after deletion request
Payment & billing records	7 years (for tax and legal compliance)
Usage & analytics data	24 months from collection
Server logs	90 days
Customer support records	3 years from resolution
Marketing consent records	Duration of consent plus 3 years after withdrawal

When your data is no longer needed for the purposes for which it was collected, we will securely delete or anonymize it.

9. Cookie Policy

We use cookies and similar tracking technologies to operate the Service and collect Usage Data.

9.1 Types of Cookies We Use

Type	Purpose	Duration
Essential	Required for authentication, session management, and core functionality. The Service cannot function properly without these.	Session / up to 30 days
Analytics	Help us understand how users interact with the Service (e.g., PostHog). Used to improve features and user experience.	Up to 12 months
Preferences	Remember your settings and preferences, such as theme and language.	Up to 12 months

9.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking essential cookies may impair your ability to use the Service.

10. Data Security

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it, including:

Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).
Encryption at rest — Sensitive data stored in our databases is encrypted at rest using AES-256 encryption.
Authentication security — We use industry-standard OAuth 2.0 protocols for authentication and securely store session tokens.
Access controls — Access to user data is restricted to authorized personnel on a need-to-know basis, with role-based access controls.
Infrastructure security — Our Service is hosted on secure, SOC 2-compliant infrastructure with automatic updates and monitoring.
Incident response — We maintain procedures for detecting, reporting, and responding to data breaches, and will notify affected users as required by law.

While we strive to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

11. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. Our servers and third-party service providers may be located in the United States, European Union, or other jurisdictions.

When we transfer Personal Data outside of the EEA or UK, we ensure that appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where the destination country provides an adequate level of data protection
Other legally recognized transfer mechanisms as applicable

12. Your Rights

12.1 Rights Under GDPR (EEA & UK Users)

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation:

Right of access — Request a copy of the Personal Data we hold about you.
Right to rectification — Request correction of inaccurate or incomplete Personal Data.
Right to erasure — Request deletion of your Personal Data, subject to legal retention obligations.
Right to restrict processing — Request that we limit the processing of your Personal Data under certain conditions.
Right to data portability — Request your Personal Data in a structured, commonly used, machine-readable format.
Right to object — Object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@insyte.ai. We will respond within 30 days.

12.2 Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know — You may request information about the categories and specific pieces of Personal Data we have collected, the sources, the purposes, and the third parties with whom we share it.
Right to delete — You may request deletion of your Personal Data, subject to certain exceptions.
Right to opt-out of sale — We do not sell your Personal Data. If this ever changes, we will provide an opt-out mechanism.
Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

12.3 Exercising Your Rights

You can exercise your privacy rights by contacting us at privacy@insyte.ai. We may ask you to verify your identity before processing your request. We will respond within the timeframes required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA requests).

13. Children's Privacy

The Service is intended for users who are at least 18 years of age. We do not knowingly collect Personal Data from anyone under the age of 18. If we become aware that we have inadvertently collected Personal Data from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us at privacy@insyte.ai.

14. Third-Party Links & Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read the privacy policies of any third-party services you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you by email or through a prominent notice on the Service prior to the changes becoming effective.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@insyte.ai
General inquiries: support@insyte.ai
Address: Dubai, United Arab Emirates