Privacy Policy

Insite FYI ("we," "us," or "our") operates the Insite.fyi platform, an AI-powered chat widget service that enables businesses to deploy intelligent chatbots on their websites. This Privacy Policy explains how we collect, use, store, and protect information when you use our service.

Our platform is operated from India under the Information Technology Act, 2000. Our infrastructure is hosted in the European Union (GCP Europe) to ensure high availability and data protection standards.

Scope

This policy applies to two categories of individuals:

• Dashboard Users (Customers) — Businesses and individuals who create an account on Insite.fyi to build and manage AI-powered chatbots.
• Website Visitors (End Users) — People who interact with chatbot widgets embedded on our customers' websites.

Information We Collect

From Dashboard Users

• Email address (used for authentication and account communication)
• Password (stored as a bcrypt hash — we never store plaintext passwords)
• Workspace name and configuration settings
• Chatbot configuration, custom Q&A pairs, and training content
• Uploaded documents (PDF, DOCX, TXT, MD — max 15 MB per file, up to 10 files per upload). These files are processed into vector embeddings for AI retrieval; raw files are not retained after processing.
• Website URLs submitted for content scraping and chatbot training

From Website Visitors

• Device identifier (a randomly generated UUID assigned to each device)
• Email address (only if voluntarily provided during a chat conversation)
• Conversation messages exchanged with the chatbot
• Browser metadata: user agent, screen resolution, referrer URL, page URL, and browser language
• Session data related to the chat interaction

Information We Do Not Collect

• We do not use any third-party analytics, advertising, or tracking services
• We do not collect payment or financial information (billing features are not yet active)
• We do not use tracking pixels, fingerprinting, or similar surveillance technologies

How We Use Your Information

• Providing and maintaining the Insite.fyi platform and chatbot services
• Authenticating users and securing account access
• Processing chatbot queries using AI to generate relevant responses
• Sending transactional emails (account verification, password recovery, lead notifications)
• Generating anonymized, aggregated analytics to improve service quality
• Monitoring and enforcing rate limits to prevent abuse
• Responding to support inquiries and legal requests

AI Processing

Conversation messages are processed by Google Gemini API to generate chatbot responses. We may change or add AI providers in the future to improve service quality. When we do, this policy will be updated accordingly.

Your conversation data is processed in real-time to generate responses and is not used to train third-party AI models. Uploaded documents are converted into vector embeddings for retrieval-augmented generation (RAG) — the original file content is not shared with AI providers.

Third-Party Services

We use the following third-party services to operate our platform:

Cookies

We use essential cookies only for authentication purposes. We do not use any analytics, advertising, or third-party tracking cookies. For full details, please refer to our Cookie Policy.

Data Storage and Security

• Data is stored on EU-hosted infrastructure (Supabase PostgreSQL and Qdrant on GCP Europe)
• Passwords are hashed using bcrypt with industry-standard salt rounds
• Authentication is handled via secure JWT tokens with short-lived access tokens and rotating refresh tokens
• All data in transit is encrypted via HTTPS/TLS
• Tenant isolation is enforced at the database level through row-level security policies

PII Filtering

Our platform includes an optional PII (Personally Identifiable Information) filtering feature that can detect and redact sensitive data such as email addresses, phone numbers, and other personal identifiers from indexed content. This feature is available to customers and can be enabled on a per-chatbot basis.

Your Rights

You have the right to:

• Request access to the personal data we hold about you
• Request correction of any inaccurate personal data
• Request deletion of your personal data
• Withdraw consent for data processing where consent is the legal basis

To exercise any of these rights, please contact us at support@insite.fyi. We will respond to your request within 30 days.

GDPR Considerations

We host our core infrastructure in the European Union and follow practices aligned with the principles of the General Data Protection Regulation (GDPR). We are actively working toward full GDPR compliance.

If you are located in the European Economic Area (EEA), you may exercise your rights under GDPR — including the right to access, rectification, erasure, data portability, and objection to processing — by contacting us at support@insite.fyi.

Data Retention

• Account data is retained for as long as your account is active
• Conversation data is retained for the purpose of service operation and customer analytics
• Upon a verified deletion request, we will remove your personal data within 30 days
• Anonymized and aggregated data may be retained indefinitely for service improvement

Children's Privacy

Our service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.