Data Privacy Policy

1. Introduction

Insyra Analytics ("Insyra," "we," "us," or "our") is a data analytics platform operated by Insyra LLC. We help nonprofits and small businesses make sense of their data through automated analysis, segmentation, and plain-language recommendations. This Data Privacy Policy explains how we collect, use, store, protect, and share your data when you use our platform at insyra.io.

We built Insyra with data privacy as a core design principle. We believe your data belongs to you, and our role is to help you understand it, not to monetize, share, or exploit it.

2. Data We Collect

2.1 Account Information

When you sign up for Insyra, we collect your first name, last name, and email address. You can sign in using either Google Authentication (in which case Google handles all authentication and we receive no password) or with an email and password (in which case Firebase Authentication stores your password using scrypt hashing). We never see or store your plaintext password.

2.2 Uploaded Data

You may upload files containing donor records, customer data, financial information, campaign data, expense records, and other organizational data. This data is uploaded directly from your browser to our cloud storage. We do not pre-screen, review, or filter your data before it is stored.

2.3 Usage Data

We use Google Analytics (GA4) to collect anonymized usage data including page views, feature usage, browser type, and general location (city-level). IP addresses are anonymized by Google Analytics. This data is used solely to improve the product and is never linked to your uploaded data.

3. How We Use Your Data

Your uploaded data is used exclusively to provide you with analytics, insights, and recommendations within the Insyra platform. Specifically:

• All statistical analysis, segmentation, and computation is performed by our Python analytics engine. The Python engine processes your data server-side to generate metrics, charts, and insights.
• AI (Anthropic's Claude API) is used for natural-language interpretation, structured content extraction (e.g. PDF table extraction), and generation tasks (e.g. proposing calculated-column formulas, suggesting A/B test designs). AI does not perform numerical analysis on your dataset. All statistical computation runs in our Python analytics engine. The specific features that use AI are listed in Section 5.
• We never use your data to train AI models.
• We never sell, rent, license, or share your data with third parties for their own purposes.
• We never use your data for advertising, profiling, or marketing purposes.

4. Data Storage and Security

4.1 Infrastructure

Your data is stored on Google Firebase (Firestore and Cloud Storage) in the nam5 (United States multi-region) data center. Our application is hosted on Vercel, and our Python analytics engine runs on Render. All infrastructure providers maintain SOC 2 Type II certifications.

4.2 Encryption

All data is encrypted in transit using TLS 1.2+ (HTTPS). All data is encrypted at rest using AES-256 encryption, handled automatically by Google Cloud and Firebase. This encryption is always active and cannot be disabled.

4.3 Access Controls

Each user account is fully isolated. Other users cannot access, view, or query your data through any product feature. Access controls are enforced at three independent layers: database security rules (Firestore), storage security rules (Cloud Storage), and application-level authorization checks.

File uploads go directly from your browser to Firebase Cloud Storage over HTTPS. They are not stored or routed through any intermediate server. File downloads pass through our backend (Vercel) for authorization verification and audit logging.

4.4 Administrative Access

User data is accessible only to authorized Insyra LLC administrators for the purposes of user account approval, customer support, and system maintenance. All administrative access is currently held by Shivali Sharma (founder, Insyra LLC) via her primary work account (info@insyra.io) and a personal backup account used solely for break-glass recovery. No other individual or third party has administrative access.

Administrative access is controlled at both the application level (via environment configuration) and infrastructure level (via Google Cloud IAM and Firebase Console permissions). We use the principle of least privilege for all access controls.

5. AI and Third-Party Data Processing

When you use features that involve AI processing, portions of your data are sent to Anthropic's Claude API.

5.1 Anthropic's Data Handling

Anthropic retains API inputs and outputs for up to 30 days for abuse detection and safety monitoring, then deletes them. Anthropic does not use API data to train their AI models. We do not currently have a Zero Data Retention (ZDR) enterprise agreement with Anthropic. For Anthropic's full privacy policy, visit anthropic.com/privacy.

5.2 What Data is Sent to AI

When you use AI features (Ask Insyra chat, PDF table extraction, column detection, calculated-column generator, A/B test ideas, spending recommendations, narrative summaries), portions of your data relevant to the specific feature are sent to Anthropic's Claude API for processing. We send only the data necessary for the function. For example, column names and a sample of rows for column detection, or the full PDF content for PDF table extraction. We never send your entire dataset to AI for processing. All numerical analysis is performed by Python, and AI is used only for interpretation and natural language generation.

6. Sub-Processors

We use the following third-party services to deliver the Insyra platform. Each handles specific data as described and is bound by their own privacy commitments:

7. Data Retention and Deletion

Automatic file deletion: Uploaded files are automatically deleted 7 days after upload. This is enforced by an automated cleanup process that runs every 24 hours. You can re-upload files at any time. If you need to preserve analysis results, export them before the 7-day window closes.

Manual file deletion: You can also delete individual uploaded files at any time through the My Files panel in the application. Deleted files are permanently removed from both Firebase Storage and our database.

Account deletion: To request full account deletion (including your Firebase Auth account and all associated data), email info@insyra.io. We will process deletion requests within 30 days. Self-service account deletion is on our product roadmap.

8. Data Sharing

We do not sell, rent, or share your data with any third party except as described in Section 6 (Sub-Processors), which are used solely to operate the platform.

We may disclose data if required by law, subpoena, court order, or government request. In such cases, we will notify you unless legally prohibited from doing so.

9. Your Rights

You have the right to:

• Access your data at any time through the Insyra platform
• Download individual analysis results as CSV files through the Insyra interface
• Delete individual files at any time
• Request full account and data deletion by emailing info@insyra.io
• Request a complete account data export (all uploaded files plus account metadata) by emailing info@insyra.io. We will process export requests within 30 days.
• Be informed of any data breach that may affect your data

10. Data Breach Notification

In the event of a data breach that affects your personal or organizational data, we will notify you via email within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the data affected, the steps we are taking, and recommendations for your protection.

11. Changes to This Policy

We may update this Data Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform before the changes take effect. Your continued use of Insyra after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Data Privacy Policy or how your data is handled, contact us at:

Insyra LLC

Email: info@insyra.io

Website: insyra.io

Location: Poway, CA