Privacy Policy

Effective Date: 2026-06-06

This Privacy Policy ("Policy") details how InsightLoop ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information. This Policy is fully compliant with leading global data privacy regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws.

1. Our Roles: Data Controller vs. Data Processor

When you register and manage your account, we act as the Data Controller for your personal registration and billing information.
When you use our platform to conduct interviews with third-party respondents and collect their data, you act as the Data Controller, and we act strictly as a Data Processor. It is your absolute legal obligation to ensure you have obtained explicit, lawful consent from your respondents before using our services to process their data.

2. Scope of Information Collection & Cookie Policy

  • Information You Provide: Account credentials (name, email, hashed password), corporate details, and contact information.
  • Payment Information: We utilize compliant third-party payment gateways (e.g., Stripe). We never directly process or store your full credit card numbers or CVV codes.
  • Telemetry and Cookies: We use essential cookies to maintain login sessions. Analytics cookies are used only with your consent to optimize user experience. Our systems automatically log IP addresses, device models, User-Agent strings, and operational logs strictly for cybersecurity and anti-fraud purposes.

3. Purpose and Legal Basis for Processing

We process your data strictly under the following lawful bases:

  • Contractual Necessity: To deliver our core AI interview and reporting services to you.
  • Legal Obligations: To comply with court subpoenas, financial auditing requirements, and Anti-Money Laundering (AML) regulations.
  • Legitimate Interests: To prevent fraud, enhance network security, and perform aggregated, anonymized statistical analysis to improve our software, provided these interests do not override your fundamental rights.

4. Third-Party Sharing and Cross-Border Transfers

We unequivocally promise never to "sell" your personal data. Your data is shared only when strictly necessary:
(1) Infrastructure Providers: Encrypted hosting via AWS or Google Cloud;
(2) LLM Providers: To facilitate automated interviews, necessary anonymized text is routed through OpenAI or Anthropic APIs. We have executed Enterprise Data Processing Agreements (DPAs) with these providers that strictly prohibit them from using your data to train their models (Zero Data Retention / No Training Policy).
For cross-border data transfers, we rely on Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms to ensure equivalent levels of data protection.

5. Data Retention and Security Measures

We retain your personal data until 30 days after account deletion, unless applicable law mandates longer retention (e.g., 7 years for tax records). We deploy TLS 1.3 for data-in-transit, AES-256 encryption for data-at-rest, strict Role-Based Access Control (RBAC), and conduct regular penetration testing.

6. Your Privacy Rights

Regardless of your jurisdiction, you may exercise the following absolute rights by contacting ling_cui0215@163.com / hdd_aye@163.com:

  • Right of Access & Portability: Obtain a copy of your data in a structured, machine-readable format (e.g., JSON).
  • Right to Rectification & Erasure (Right to be Forgotten): Correct inaccuracies or mandate the complete deletion of your account and associated data.
  • Right to Object & Opt-Out: Opt-out of non-essential marketing communications and analytical tracking.

7. Children's Privacy

Our platform is a B2B service not directed at individuals under the age of 16. If we discover inadvertent collection of a child's data, we will execute immediate erasure protocols.

For compliance inquiries, contact our Data Protection Officer (DPO) at: ling_cui0215@163.com / hdd_aye@163.com