Start a Free Trial

Privacy Policy

InSync Analytics Incorporated, a Delaware corporation, and its affiliates (collectively or individually, as applicable, referred to as "InSync Analytics", "we", "us", "our") respect your right to privacy. Your access to and use of the products and services of InSync Analytics — including the InSync MCP server and any AI-integrated features available through InSync Analytics password-protected websites accessible on www.insyncanalytics.com and other internet-based products and services ("Products and Services") — shall be governed by the following privacy policy ("Privacy Policy").

This Privacy Policy explains how we collect, share, transfer and use personal information about you, and how you can exercise your privacy rights. It applies to interactions we have with you via our websites, applications, MCP integrations, and other products and services — including events, where you otherwise contact us, and where we otherwise display or link to this Privacy Policy, or in the course of our receipt of products or services from you or your employer.

This Privacy Policy applies to all versions of the Services, including test, alpha, beta, trial or free versions, and applies to any data that we collect as part of our sales and marketing efforts relating to the Service.

This Privacy Policy does not apply to information collected by us offline or through any other means, including on any third-party site or through any application or content (including advertising) that may link to or be accessible from our Website.

Other privacy policies may apply when you use, access or visit third-party websites that may be linked via the Service. You should read those other privacy policies carefully.

InSync Analytics acts as the data controller for personal data collected under this Privacy Policy, except where we process data on behalf of our customers as a data processor.

In addition to this Privacy Policy, we have established Terms of Service that set forth the general rules and policies governing your use of the Services.

We do not sell personal data or share it for cross-context behavioral advertising.

Information We Collect and Why We Collect It

Our Services collect information about you in the following ways:

(a) Registration Data and Access Data
  • In order to access the Services, during the registration process, either you or your employer will be required to provide InSync Analytics with certain information, including your name, your employer, title, business address, business telephone number and business email address ("Registration Data"). This Registration Data will be shared only with those Content Providers requested, by you or your employer, to authorize your use of the Services.
(b) Data You Provide to InSync Analytics
  • If you contact us with a technical question, we may request and collect from you certain information about your systems, such as: (a) your browser type, version and settings; (b) connectivity information; and (c) browser plug-in information.

Information That We Collect From You Automatically

InSync Analytics may collect information automatically from your device, including information regarding how you use our Products and Services. Information we collect automatically includes your log-in events (when, how and for how long you log into and use certain Services), IP or MAC address, device make, model and operating system, mobile network information, internet service provider, unique device identification number, advertising ID, browser type and language, geographic location (e.g. country or city level location or time zone) and other technical information.

InSync Analytics collects limited interaction metadata necessary to understand system usage and improve service performance. Such data does not include user-generated content and is limited to high-level interaction signals.

API Logging and Monitoring

We maintain limited logging for operational reliability, security, and troubleshooting purposes. This includes:

  • Non-sensitive request parameters (excluding user-generated content and prompts wherever feasible)
  • Response status codes and timestamps
  • API usage metrics (e.g., number of API hits)

Such logs are strictly limited to technical and operational metadata and do not include user conversation content or generated outputs, except for transient, in-memory processing required to generate responses, which is not logged or persisted.

API logs are retained for a maximum period of one (1) month, after which they are deleted or anonymized.

Access to these logs is strictly restricted and controlled, and logs are accessed solely for legitimate purposes such as:

  • Troubleshooting errors or service disruptions
  • Monitoring system performance
  • Ensuring security and preventing misuse

Logs are not used for profiling, marketing, or model training purposes, nor are they used to derive behavioral insights about individual users.

How We Use and Share Your Information

We will only use or share your personal data when the law allows us to do so. We also employ appropriate security and technological controls to protect against unauthorized access to your personal information. We may use or disclose the information we collect for the following purposes:

(a) To Provide the Services and Information
  • To allow us to provide you with the products and services you have requested
  • To provide you with access to or from linked sites
  • For our own internal business and/or research and development purposes
  • In connection with our client services and client management systems
(b) To Your Employer
  • We provide personal information to your employer for purposes such as to fulfil and enforce our contract with them, to inform them of potential group training needs, to inform them of Products and Services use by certain categories of users, and for pricing purposes.
(c) Marketing
  • We may provide you with information about our products and services where permitted by law or with your consent. You may opt out of receiving marketing email from us by following the instructions in each email.
(d) With Your Consent
  • We may use and share your personal data when we have your consent to do so.
(e) Legal Basis for Processing

We process personal data under the following lawful bases:

Basis Application
Contractual Necessity To provide our Services and fulfill agreements with customers
Legitimate Interests To improve Services, ensure security, and manage client relationships
Consent For marketing communications and certain optional features
Legal Obligations To comply with applicable laws and regulations
(f) Legitimate Interests

We may process your personal data where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. These include:

  • Fulfilling contractual obligations to Third Party Content Providers for entitlement and usage
  • Business transfers (merger, acquisition, bankruptcy proceedings, etc.) — in which case your information would remain subject to the applicable privacy policy in effect at the time of transfer
  • Meeting applicable law, regulation, subpoena, legal process, or governmental request
  • Enforcing applicable Terms of Use, including investigation of potential violations
  • Detecting, preventing, or otherwise addressing fraud, security, or technical issues
  • Protecting against harm to the rights, property or safety of InSync Analytics, our users, customers, or the public
(g) Data Minimization and AI Processing

We adhere to a strict data minimization principle and collect only the data necessary to provide, secure, and improve our Services.

In connection with AI-powered features:

  • We do not log, store, or retain user conversation content, prompts, or outputs beyond what is necessary for real-time processing
  • We do not collect or retain extraneous conversation data, including for debugging or analytics purposes, unless anonymized and not attributable to an individual
  • Monitoring and observability systems are configured to capture metadata only, excluding user-generated content wherever feasible
  • All logging systems are configured by default to exclude sensitive fields and user-generated content

Third-Party Processors (Sub-Processors)

We use trusted third-party service providers to operate, deliver, and improve our Services. These providers may process personal data on our behalf under contractual obligations, including data protection commitments.

Sub-Processor Purpose
Google (Gemini) AI model processing and tool planning
Amazon Web Services (AWS) Cloud infrastructure and hosting
Langfuse Observability and performance monitoring (configured to retain only minimal operational metadata and exclude user conversation content)
Amazon Cognito User authentication and identity management
ClickHouse Data storage and analytics

All sub-processors are bound by contractual obligations, including data protection agreements, and process data only for specified purposes.

International Data Transfers

Where personal data is transferred outside of your jurisdiction, including from the European Economic Area (EEA) to the United States, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to providers located in jurisdictions deemed to have adequate data protection

These safeguards ensure your personal data remains protected in accordance with applicable data protection laws.

Applicants for Employment

If you apply for employment with InSync Analytics, we collect information that you provide to us when you complete and submit your employment application, and any information you provide to us as a follow-up. We may use this information to process and evaluate applications, conduct background checks, assist with onboarding, conduct internal research, and determine terms of potential employment. We may share this information with affiliates and service providers who assist us in the application process.

Your Privacy Rights

If you have questions about personal information we have about you, contact us at compliance@insyncanalytics.com.

You have the right to:

  • Obtain a copy of your personal data
  • Request correction, erasure, or restriction of processing of your personal data
  • Object to processing based on legitimate interests
  • Object to any direct marketing by InSync Analytics
  • Withdraw consent at any time (where processing is based on consent)
  • Data portability
  • Make a complaint at any time to the appropriate data protection authority in your country of residence

You can close your online user account by emailing us at compliance@insyncanalytics.com.

Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this Privacy Policy:

Data Type Retention Period
Account and Registration Data Duration of customer relationship + up to 6-7 years (legal, tax, audit)
Usage and Log Data Up to 30 days (technical metadata only, excluding user-generated content)
Support and Communication Data Up to 2-3 years
Marketing Data Until you withdraw consent or opt out

We may retain data longer where required by law, regulation, or legal process. Where possible, data is anonymized or aggregated.

Security of Information

We use commercially reasonable physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee the security of any information you transmit to us.

We implement strict access controls and audit mechanisms to ensure that system logs are accessed only by authorized personnel and solely for troubleshooting, security, and operational purposes.

Infrastructure and Endpoint Ownership

We maintain ownership or authorized control over all domains, APIs, and infrastructure used to deliver our Services. We implement internal controls to ensure that:

  • All production endpoints are registered and monitored
  • Third-party services are contractually authorized
  • Unauthorized infrastructure is not used

California Privacy Rights

InSync Analytics does not sell personal information. We also do not share personal information for cross-context behavioral advertising.

The California Consumer Privacy Act ("CCPA") provides eligible California residents with specific rights with respect to our collection and use of personal information. This section supplements the Privacy Policy and applies solely to eligible residents of California as of January 1, 2020.

Your California Rights include:

We maintain ownership or authorized control over all domains, APIs, and infrastructure used to deliver our Services. We implement internal controls to ensure that:

  • Right to Know - Request disclosure of the categories and specific pieces of personal information we have collected about you over the last 12 months
  • Right to Delete - Request deletion of your personal information, subject to certain exceptions
  • Right to Non-Discrimination - We will not discriminate against you for exercising any of your privacy rights
To exercise your CCPA rights, submit a verifiable consumer request by:

We maintain ownership or authorized control over all domains, APIs, and infrastructure used to deliver our Services. We implement internal controls to ensure that:

We will make our best effort to respond within 45 days of receipt (up to 90 days with notice). In the preceding twelve (12) months, InSync Analytics has not sold your personal information to any third parties.

Changes to Our Privacy Policy

InSync Analytics' Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your consent in accordance with applicable law. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice. We will also keep prior versions of this Privacy Policy in an archive for your review.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: compliance@insyncanalytics.com

We will respond in accordance with applicable data protection laws.

See Also

Terms of Service

©Copyright 2025 InSync Analytics Corp. All Rights Reserved.