Insight EngineBack

Privacy Policy

Last updated · 2026-05-15

This Privacy Policy explains what information Insight Engine (“we”) collects, how we use it, and what choices you have. Plain English; no dark patterns.

What we collect

  • Account data. Email address, optional name, and authentication identifiers (Google / GitHub OAuth tokens or password hash).
  • Idea content. The text of every idea you submit, the founder profile (background, budget, audience, etc.) you save, and the resulting analysis reports.
  • Usage data. Timestamps of page loads and analyses, the credit balance and transaction history on your account.
  • Payment metadata. When you buy credits, Stripe handles the card transaction. We receive a confirmation event with the amount, your email, and a Stripe customer/session ID. We never see your card number.

How we use it

  • To run the analysis you requested and show you the result.
  • To bill the correct number of credits and prevent abuse.
  • To send transactional email (sign-in links, receipts, a notification when an analysis completes).
  • We do not sell your data, share it with advertisers, or use your idea content to train AI models.

Third-party processors

To deliver the service, your data passes through these vendors:

  • Hosting + database. Our application servers and SQLite database run on a self-hosted VPS in the EU.
  • Payments. Stripe (Ireland / United States) handles checkout and stores payment instruments.
  • Research engine.Idea content and your founder profile are sent to a third-party AI research provider (Google Cloud / generativelanguage.googleapis.com) so the system can browse the open web and produce a structured report. The provider’s own data handling rules apply to inputs in transit. Per their published terms, inputs are not used to train models for the API endpoints we use.
  • Transactional email. Sent via a third-party SMTP provider (specific provider listed at launch).

Each processor is bound by its own privacy terms; we choose providers with explicit no-training and EU data-handling commitments where feasible.

What you control

  • Access. Every analysis, transaction, and profile field on your account is visible to you in the app.
  • Export. You can download your idea history and reports as JSON / Markdown from the account page.
  • Deletion. You can delete individual ideas, or your entire account (which removes ideas, analyses, and the credit ledger). Deletion is permanent and cannot be undone.
  • Consent.Magic-link sign-in is opt-in; you can sign out at any time. We don’t use third-party analytics, tracking pixels, or ad cookies.

Cookies

We set a single, first-party session cookie for sign-in. We do not set analytics, advertising, or fingerprinting cookies. Closing your browser or signing out clears the session.

Data retention

  • Active analyses and reports: kept while your account is active.
  • Per-analysis pipeline logs: 30 days, then deleted automatically.
  • Credit transactions: kept for 7 years for tax / audit purposes.
  • Deleted accounts: idea content removed within 7 days; transaction logs anonymized but retained 7 years.

Where the data lives

Application data is stored on servers in the European Union. Some processors (Stripe, our research provider) operate globally; cross-border transfers happen under their published transfer mechanisms.

Children

Insight Engine is not directed at people under 16. We don’t knowingly collect data from minors.

Changes

We’ll update this policy when our practices change. Material changes are emailed to active accounts. The “Last updated” date at the top reflects the most recent revision.

Contact

Privacy questions, data requests, or complaints: write to support@insightengine.example.