Privacy Policy

1. The short version

We do not store your underlying business data. When you ask a question, we read the data needed to answer it from the data source you connect, process it in memory, and return the result. We do not keep a copy of your source tables.

We do store the account and configuration data needed to run the service for you (your login, your chat history, the reports and dashboards you choose to save, your connection settings and your AI provider key). Sensitive items (data-source credentials and AI keys) are encrypted at rest.

AI analysis runs on your own AI provider key (BYOK). Your question and the relevant schema are sent to the AI provider you choose, under that provider's terms.

We never sell your data and we do not use your business data to train any AI model.

2. Information we collect

Account data — name, email, password (stored only as a secure bcrypt hash), and your plan tier.

Content you create and save — conversations/messages in Chat, and any reports, dashboards and pinned charts you explicitly save. Saved items include the generated chart data and the SQL used to produce them.

Data-source connection settings — the details you enter to connect a database, Google Sheet or uploaded file. Connection strings/credentials are encrypted at rest (AES-256-GCM).

AI provider keys (BYOK) — the API key you add for your chosen provider, stored encrypted at rest (AES-256-GCM) and shown back to you only masked.

Your business data (transient) — data pulled from your source to answer a question is processed in memory and returned to you. It is not persisted by us, except where it appears inside a report/chart you choose to save.

Technical & diagnostic data — error reports and performance data (via Sentry), product-usage analytics (pages viewed and features used, via PostHog), and standard server logs. We do not collect or store payment card details — payments are handled by Lemon Squeezy.

3. How we use it

To operate the service: authenticate you, run your queries, render charts/dashboards/reports, and deliver email/other channel features you enable.

To secure the service: prevent abuse, debug errors, and protect accounts.

To communicate: transactional emails (e.g. password reset, billing) via Resend.

We do not use your business data, questions, or saved content to train AI models, and we do not use your data for advertising.

4. AI processing (BYOK)

Intellrise does not provide the AI model. You connect your own API key for a provider you choose (e.g. Google Gemini, OpenAI, Anthropic). To answer a question we send that provider your question text and the relevant schema/metadata (table and column names, descriptions, and limited sample values where needed) so it can generate a query. Your provider processes this under its own terms and privacy policy.

5. Sub-processors

We rely on the following providers to run Intellrise: Neon (PostgreSQL database hosting), Render (application hosting), Resend (transactional email), Sentry (error & performance monitoring), PostHog (US — product analytics), Lemon Squeezy (payments / Merchant of Record), and your chosen AI provider (AI query generation, BYOK).

6. Security

Encryption in transit (HTTPS/TLS) for all traffic. Data-source credentials and AI keys encrypted at rest (AES-256-GCM). Passwords stored only as bcrypt hashes. Per-user tenant isolation: your data and connections are scoped to your account. No method is 100% secure, but we work to protect your information and will notify you of a material breach as required by law.

7. Data retention & deletion

We keep account and saved content while your account is active. You can delete saved reports, dashboards, conversations, connections and AI keys at any time in the app. If you close your account, we delete your account data and saved content within a reasonable period, except where we must retain limited records for legal/financial obligations. Transient business data is not retained.

8. Your rights

Depending on your location (e.g. Malaysia PDPA, EU/UK GDPR) you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise them, email contact@intellrise.com.

9. International transfers

Our providers may process data outside your country. Where required, transfers are covered by the providers' standard contractual clauses or equivalent safeguards.

10. Changes & contact

We may update this policy as the product evolves; we'll post the new date above and, for material changes, notify you. Questions or requests: contact@intellrise.com. Intellrise Technologies (SSM Reg. No. 202603145414 / LA0090055-W), Malaysia.