Insights7 Privacy Policy
Insights7 Corporation (“Insights7,” “we,” “us”) respects your privacy. This Policy explains how we collect, use, and share Personal Data when you interact with our websites, SaaS platform, and communications (the “Services”).
1. CONTACT & DATA-PROTECTION OFFICER
Email: privacy@insights7.com
Mail: 2660 15th Street NW, St Paul, MN 55112
2. WHAT WE COLLECT AND WHY
| Category | Examples | Purpose | Retention |
| Account Data | Name, email, company name | Create and manage user accounts | Life of account + 30 days |
| Billing Data | Tokenized payment method, billing address | Process payments; meet legal obligations | 7 years |
| Usage Logs | IP address, device, feature usage | Security monitoring; analytics; product improvement | 12 months |
| Backups | Encrypted snapshots | Disaster-recovery resilience | 30 days |
| Support Tickets | Chat or email threads | Resolve issues; improve support | 24 months |
| Marketing Data | Email engagement (single opt-in) | Send newsletters and offers | Until opt-out |
Deleted user-initiated data is purged from active systems within four (4) hours.
3. LAWFUL BASES FOR PROCESSING (GDPR ARTICLE 6)
- Contract – Provide and maintain the Services
- Legitimate Interest – Secure and improve the Services
- Consent – Send marketing emails (single opt-in)
- Legal Obligation – Fulfil tax, accounting, and other statutory requirements
4. HOW WE SHARE DATA
We share personal data only when necessary with the sub-processors listed below; each is bound by written data-processing terms.
| Sub-Processor | Function | Location | Safeguard |
| Heroku (Salesforce) | Application hosting | USA | Standard Contractual Clauses (SCCs) / EU–US Data Privacy Framework (DPF) |
| Amazon Web Services | Infrastructure | USA | SCCs / DPF |
| Mailgun | Transactional email | USA | SCCs / DPF |
| New Relic | Monitoring & error logging | USA | SCCs / DPF |
Updates & Objection Rights – We will post any new sub-processor at https://insights7.com/subprocessors and notify account administrators 30 days in advance. You may object in writing within that window. If your objection is reasonable and we cannot reach a mutually acceptable resolution within 30 days, you may terminate the affected Services and receive a pro-rated refund of prepaid fees.
We do not sell personal data.
5. INTERNATIONAL TRANSFERS
Data is stored in AWS us-east-2 (Ohio, USA). Cross-border transfers rely on the EU–US Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum, as applicable.
6. YOUR PRIVACY RIGHTS
| Region | Statute |
| EU / UK | General Data Protection Regulation (GDPR) |
| California | California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) |
| Colorado | Colorado Privacy Act (CPA) |
| Virginia | Virginia Consumer Data Protection Act (VCDPA) |
| Connecticut & Utah | Applicable state privacy acts |
Depending on your location, you may access, correct, delete, restrict, or port your personal data and object to certain processing.
How to exercise your rights – Submit a request via email to privacy@insights7.com. We verify identity and respond within 30 days (45 days for CCPA).
7. SECURITY & BREACH NOTIFICATION
We employ TLS 1.2+, AES-256 encryption at rest, strong password hashing, input sanitisation, CSRF tokens, role-based access controls, and annual penetration testing. No Internet transmission is perfectly secure. If we become aware of a personal-data security incident likely to pose a risk to individuals’ rights and freedoms, we will notify affected customers without undue delay and in any event within 72 hours.
8. CHILDREN
The Services are not directed to children under 13, and we do not knowingly collect data from them.
9. CHANGES TO THIS POLICY
We may update this Policy periodically. Material changes will be emailed to account owners and posted at least 30 days before taking effect. Prior versions are archived for 3 years.
Last updated: 07/30/2025