Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account data: Name, email address, password (hashed), and role/title
• Company context: Company name, description, industry, team size, and any uploaded documents
• User content: Documents, reports, queries, and other content you create using the Service
• Communications: Information you provide when contacting support or providing feedback

1.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken, timestamps, and session duration
• Device data: Browser type, operating system, screen resolution, and IP address
• Cookies: Essential session cookies for authentication (see Section 8)

1.3 Information from Third-Party Integrations

When you connect third-party services (Jira, Linear, Slack, Notion, GitHub, Google Calendar, databases, etc.), we access data from those services solely to provide functionality within our platform. This may include project data, issues, messages, calendar events, and database query results. We access this data in real-time via OAuth and API connections. We do not store your third-party credentials.

2. How We Use Your Information

We use your information exclusively to:

• Provide, maintain, and improve the Service
• Generate documents, reports, and insights tailored to your company context
• Authenticate your identity and secure your account
• Communicate with you about your account, updates, and security alerts
• Detect, prevent, and address fraud, abuse, and technical issues
• Comply with legal obligations

We do not sell, rent, or lease your personal information to third parties. We do not use your data for advertising or marketing purposes beyond service-related communications.

3. Artificial Intelligence and Your Data

We do not use your data to train, fine-tune, or improve AI models. This is a core commitment.

• Your company context and generated documents are processed in real-time to provide the Service and are not retained for model training
• AI processing is performed by our third-party AI provider (Anthropic). We transmit only the minimum data necessary to generate the requested output
• AI-generated content is stored as part of your account data and is subject to the same protections as all other User Content
• We do not aggregate, anonymize, or repurpose your content for model improvement

4. Database Connections and Query Safety

If you connect a database to the Service:

• All queries are executed in read-only mode. We cannot and do not modify, delete, insert, or update data in your database
• Database credentials are encrypted at rest and in transit using AES-256 and TLS 1.3 respectively
• Query results are used solely to inform your documents and reports and are not stored beyond the active session unless explicitly saved by you
• We do not access database tables or schemas beyond what is necessary to execute your requested queries

5. Data Sharing and Disclosure

We may share your information only in the following limited circumstances:

• Service providers: With trusted vendors who process data on our behalf (hosting, AI processing) under strict contractual obligations
• Legal compliance: When required by law, subpoena, court order, or governmental regulation
• Safety: To protect the rights, property, or safety of the Company, our users, or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users

We do not share, sell, or disclose your data to advertisers, data brokers, or any third parties for marketing purposes.

6. Data Storage and Security

• All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
• Passwords are hashed using bcrypt with salt
• Access to production systems is restricted to authorized personnel with multi-factor authentication
• We conduct regular security reviews and follow industry-standard practices
• In the event of a data breach, we will notify affected users within 72 hours as required by applicable law

7. Data Retention and Deletion

We retain your data for as long as your account is active and as needed to provide the Service. Upon account deletion:

• Your account data, company context, and generated documents will be permanently deleted within 30 days
• Integration connections will be revoked immediately
• Backups containing your data will be purged within 90 days
• We may retain certain data where required by law, regulation, or legitimate business interest (e.g., billing records, fraud prevention)

8. Cookies and Tracking

We use only essential, first-party cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, advertising cookies, or pixel tags. We do not participate in cross-site tracking. We do not share data with advertising networks or data brokers.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Export: Export your documents and data in standard formats at any time
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Portability: Receive your data in a structured, machine-readable format

To exercise any of these rights, contact us at support@inversion.app. We will respond within 30 days.

10. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence. Where we transfer data internationally, we implement appropriate safeguards including standard contractual clauses, encryption, and compliance with applicable data protection regulations including GDPR and CCPA where applicable.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via email and/or a prominent notice within the Service at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

13. Contact Information

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at: