Privacy Policy

Account information: When you register, we collect your name, email address, and a hashed password. If you sign in with Google, we receive your name and email from Google's OAuth service.

Uploaded files: Files you upload (CSV, XLSX, XLS, JSON) are stored in secure cloud storage (Vercel Blob) and are associated with your account. We use these files solely to provide the analysis service you request.

Usage data: We collect anonymised usage metrics such as number of analyses performed, file sizes, and feature interactions to improve the product.

Payment information: Payments are processed by Lemon Squeezy. We never see or store your full card number. We receive subscription status and customer IDs from Lemon Squeezy to manage your plan.

Contact messages: If you submit the contact form, we store your name, email, company, subject, and message.

To provide, operate, and improve the InsightWorker service.

To process your subscription and manage billing through Lemon Squeezy.

To send transactional emails (e.g. password reset, subscription receipts) via our SMTP provider.

To respond to support requests and contact form submissions.

To monitor service health and prevent abuse.

We do not sell your personal data to third parties.

Anthropic: File content and your prompt are sent to the Anthropic API to generate AI analysis. Anthropic's data usage policy applies. We do not allow Anthropic to use your data for model training.

Vercel: Our hosting and blob storage provider. Your files are stored on Vercel's infrastructure.

Lemon Squeezy: Our payment processor. They handle all payment data under their own privacy policy.

Neon (PostgreSQL): Our database provider. Account and metadata are stored in Neon's managed PostgreSQL service.

Uploaded files are retained as long as your account is active. You can delete files at any time from the dashboard.

Analysis history is retained for the lifetime of your account.

If you delete your account, all associated files, analyses, and personal data are permanently removed within 30 days.

All data is encrypted in transit using TLS and at rest using AES-256 encryption.

File access is restricted by user authentication — you can only access files associated with your account.

Passwords are hashed using bcrypt and never stored in plain text.

We perform regular security reviews of our infrastructure and dependencies.

We use session cookies to maintain your login state (via NextAuth.js JWT sessions).

We do not use advertising or tracking cookies.

You can clear cookies at any time through your browser settings, which will log you out of InsightWorker.

Access: You can view your account data in the dashboard settings at any time.

Deletion: You may request deletion of your account and all associated data by contacting us.

Portability: You can export your analysis history and uploaded data from the dashboard.

Correction: You can update your name and email in dashboard settings.

If you are located in the EU/EEA, you have additional rights under the GDPR including the right to object to processing and the right to lodge a complaint with a supervisory authority.

InsightWorker is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. The date of the latest revision is always shown at the top of this page.

If you have any questions or requests regarding this Privacy Policy, please contact us through the contact form on our website or email us directly.