Legal
Privacy Policy
Last updated: July 6, 2026
1. What this policy covers
This policy explains what data InsightBase (“we”, “us”) collects when you use our website, dashboard app, and embedded SDK, why we collect it, and the choices you have. It applies to account holders, their organization members, and visitors to our marketing site.
2. Information we collect
Account information. Name, work email, password (stored as a bcrypt hash, never in plain text), and organization name when you register.
Datasource credentials. When you connect a Postgres, MongoDB, or other database, your connection credentials are encrypted at rest with AES-256-GCM before storage and decrypted only in memory when a query needs to run. We never log plaintext credentials.
Dashboard content. The manifests, generated queries, dashboard layouts, and schema metadata (table/column names, inferred types) needed to build and render your dashboards. We do not copy or retain the row-level data returned by your queries beyond what’s needed to render the requested view.
Usage & log data. IP address, browser user-agent, and timestamps for login events and API requests, used for security auditing and abuse prevention.
Billing information. If you subscribe to a paid plan, payment details are collected and processed directly by Stripe — we receive a customer ID, subscription status, and plan tier, never your full card number.
3. How we use your information
- To operate your account, connected datasources, and generated dashboards.
- To generate SQL/MQL queries and dashboard layouts using AI models (see Section 4).
- To send transactional email — welcome messages, login notifications, invitations, and alert notifications you configure.
- To detect fraud, abuse, and security incidents, and to enforce our terms of service.
- To process subscription payments and communicate billing status.
4. AI processing
Schema descriptions and dashboard manifests you provide are sent to Anthropic (for query generation and layout composition) and Voyage AI (for schema embeddings used in search) as sub-processors. Row-level data from your connected databases is only sent to these providers when it is directly relevant to answering a query you requested — we do not use your data to train models, ours or theirs.
5. Sub-processors
We share data with a small number of vetted service providers strictly to deliver the product: Anthropic and Voyage AI (AI processing, above), Stripe (payment processing), and our transactional email provider (Mailtrap or Resend, depending on environment). Each is bound by its own data protection terms and only receives the minimum data needed for its function.
6. Data retention
Account and dashboard data is retained for as long as your account is active. Deleting a dashboard, datasource, or your account removes the associated records from our primary database; encrypted credentials are deleted immediately on datasource removal. Backups are retained for a limited period for disaster recovery and are purged on a rolling schedule.
7. Your rights
You can access, correct, export, or delete your account data at any time from Settings, or by contacting us at the address below. Organization owners can additionally manage member access and revoke invitations or embed tokens at any time.
8. Security
Datasource credentials are encrypted at rest (AES-256-GCM) and all traffic to and from InsightBase is encrypted in transit (TLS). See our Security page for details on how we protect your data.
9. Changes to this policy
We’ll update this page if our practices change and, for material changes, notify account owners by email. The date below reflects the last update.
10. Contact
Questions about this policy or your data? Email us at privacy@insightbase.io or visit our contact page.