Privacy Policy

Last updated: April 2026

This privacy policy explains how Inslytic collects, processes, and stores personal data. Inslytic is a pre-incorporation project preparing for EU (Estonia) registration via the e-Residency programme. We are committed to full transparency and GDPR compliance.

1. Data Controller

Inslytic (pre-incorporation, EU-based)
Email: privacy@inslytic.com

2. What Data We Collect

We collect the following categories of data:

  • Account data: Email address, used for authentication via magic link or Google OAuth. No passwords are stored.
  • Analytics data: Anonymized usage events (page views, clicks, custom events) collected from our customers' end users through the Inslytic SDK. This data is associated with anonymous identifiers, not personal identities.
  • Technical data: Browser type, operating system, device type, and country-level geolocation derived from IP addresses. IP addresses themselves are never stored.

3. Legal Basis for Processing

  • Account data: Contract performance (Art. 6(1)(b) GDPR) — necessary to provide you with the Inslytic service.
  • Analytics data: Legitimate interest (Art. 6(1)(f) GDPR) — to provide product analytics insights to our customers. Where required by applicable law, processing is based on consent (Art. 6(1)(a) GDPR).
  • Technical data: Legitimate interest (Art. 6(1)(f) GDPR) — to ensure service security, stability, and to provide aggregated analytics.

4. Data Retention

  • Analytics data: Automatically deleted after 2 years via a time-to-live (TTL) policy on our database.
  • Account data: Retained for as long as your account remains active. Upon account deletion, your data is removed within 30 days.

5. Data Subject Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data ("right to be forgotten").
  • Port your data to another service in a structured, commonly used format.
  • Object to processing based on legitimate interest.
  • Restrict processing in certain circumstances.

To exercise any of these rights, contact us at privacy@inslytic.com.

6. Sub-processors and Data Transfers

All data processing and storage infrastructure is located exclusively within the European Union. We do not transfer data outside the EU. All sub-processors are EU-based.

7. Cookies

Inslytic uses only essential session authentication cookies required to keep you logged in. We do not use any tracking cookies, advertising cookies, or third-party analytics cookies.

8. Data Protection Officer

For data protection inquiries, contact our DPO at dpo@inslytic.com.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email at least 30 days before they take effect.

10. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Estonia, this is the Andmekaitse Inspektsioon (aki.ee).