Privacy policy

Feb 12, 2026

This Privacy Policy explains how we collect, use, disclose, and protect information when you visit intoflow.ai or use the Intoflow platform and related services (the “Service”).

This Policy applies to:

  • Customers / Users who create accounts and use the Service for research;

  • Participants / Respondents who take part in interviews or otherwise provide data through the Service;

  • Website visitors who browse our site.

If you do not agree with this Policy, please do not use the Service.


1) Information We Collect

1.1 Information you provide (Customers / Users)

  • Account information: name (if provided), email address, password (stored as a hash), profile settings.

  • Workspace information: workspace/project name, team member invites, roles/permissions.

  • Research content: briefs, goals, hypotheses, interview guides, instructions, tags, notes, outputs, reports, presentations.

  • Uploads and materials: transcripts, documents, spreadsheets, links, and any other files or content you upload for analysis.


1.2 Information provided by Participants / Respondents

Depending on the research setup, Participants may provide:

  • Interview responses (text, audio, video, or other formats).

  • Recordings (if the interview flow involves audio/video recording).

  • Information voluntarily entered by the Participant (e.g., name or contact details, only if they choose to provide them).

Important: Please do not share sensitive information (e.g., passwords, bank details, government IDs, medical details) in the Service. If such information is included in recordings or transcripts, it will be processed as part of the content provided.


1.3 Information collected automatically

  • Technical data: IP address (typically in logs), device type, browser type, operating system, language, time zone, session identifiers.

  • Usage data: pages and features used, in-product actions, timestamps, performance metrics, error logs.

  • Cookies and similar technologies (see Section 6).


1.4 Payments

The Service currently does not accept payments through the platform, so we do not collect or process payment card details or other payment credentials.


2) How We Use Information

We use information to:

  • Provide and operate the Service (accounts, workspaces, research workflows, collaboration).

  • Generate research outputs (transcripts, insights, summaries, reports, presentations).

  • Improve the Service (product analytics, debugging, performance, quality).

  • Communicate with you (service messages, support, updates).

  • Protect the Service (security monitoring, abuse prevention, incident response).

  • Comply with legal obligations where applicable.


3) Roles: Controller vs. Processor (B2B Context)

In most B2B use cases:

  • The Customer (your company/team) is the Data Controller for Participant data because you determine the purpose and content of the research.

  • Intoflow acts as a Data Processor, processing data on the Customer’s instructions to provide the Service.


    If you are a Participant and want to exercise your rights, contacting the Customer who invited you is often the fastest path. You can also contact us (see Section 14).


4) How We Share Information

We may share information with:

  1. Your team — users within your workspace according to your access settings.

  2. Service providers — vendors who help us run the Service (hosting, storage, analytics, logging, email delivery) and who process data only as necessary to provide their services.

  3. AI providers — if you use features that rely on third-party AI processing (e.g., summarization, insight extraction). In those cases, content may be processed under that provider’s terms and safeguards.

  4. Legal and safety disclosures — if required by law or to protect rights, safety, and integrity of the Service.

  5. Business transfers — if the Service is involved in a merger, acquisition, reorganization, or asset sale, information may be transferred to a successor, subject to reasonable safeguards.


5) AI Processing and Model Training

We may use your content (such as transcripts, recordings, briefs, and research outputs) to:

  • provide AI-powered features you request (e.g., summarization, structuring, reporting);

  • maintain and improve the reliability and quality of Service features (e.g., fixing errors, improving results).

We do not use your research content to train or publish “open” models in a way that makes your content available to the public or to other customers without your permission.


6) Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential functions (authentication, security, session management),

  • Functional preferences (remembering settings),

  • Analytics (understanding usage and improving the Service),

  • Marketing (only if enabled and applicable).

You can control cookies through your browser settings. Disabling essential cookies may impact core functionality.


7) Data Security

We implement reasonable technical and organizational measures designed to protect information, which may include:

  • encryption in transit (TLS),

  • access controls and least-privilege permissions,

  • monitoring and logging,

  • abuse prevention mechanisms.


    No method of transmission or storage is 100% secure.


8) Data Retention

We retain information:

  • for as long as your account is active and needed to provide the Service;

  • longer when required for legal compliance, security, dispute resolution, or legitimate operational needs.

You may request deletion (see Section 10). Some technical logs may be retained for a limited period for security and debugging.


9) International Data Transfers

We may process and store information in different countries depending on our infrastructure and vendors. Where required, we take steps intended to ensure an appropriate level of protection for transferred data.


10) Your Rights and Choices

Depending on your location, you may have rights to:

  • access your information,

  • correct inaccurate information,

  • request deletion,

  • restrict or object to processing,

  • receive a copy (portability),

  • withdraw consent (where processing is based on consent).

To submit a request, contact us (see Section 14).

If you are a Participant, we may route your request to the Customer who controls the research, when appropriate.


11) Children

The Service is not intended for children, and we do not knowingly collect personal information from children.


12) Third-Party Links and Integrations

The Service may contain links to third-party sites or integrations (e.g., calendars, video tools, cloud docs). Their privacy practices are governed by their own policies.


13) Changes to This Policy

We may update this Policy from time to time. The latest version will be posted on this page with the updated date.


14) Contact Us

For privacy questions or requests, contact:

privacy@intoflow.ai (help@intoflow.ai)