Privacy Policy

This Privacy Policy explains how InstantViewAI, Inc. ("InstantViewAI", "we", "us") handles personal data when you visit our website at instantview.ai or use our product. We're an EU-first company and we built our data practices to meet the GDPR baseline regardless of where you are.

1. Who is the controller

For data collected through this marketing website, the controller is InstantViewAI, Inc. For data processed inside the product on behalf of a customer, InstantViewAI acts as a processor and the customer is the controller — terms are set in our Data Processing Agreement (DPA).

Contact for privacy questions: privacy@instantview.ai.

2. What we collect

On the website

• Form submissions — name, work email, company, role, and anything you write in a free-text field when you request a demo, ROI numbers, or trust documents.
• Analytics — if you accept the cookie banner, two third-party tools run:
  • Google Analytics 4 measures aggregate usage (pages viewed, country, device class, referrer). IP addresses are anonymised.
  • Microsoft Clarity records anonymised session replays and click/scroll heatmaps so we can see where the design confuses people. Clarity automatically masks input fields and any element you'd type into; we do not enable any of Clarity's optional identification features.
  We do not use advertising or remarketing cookies. Both tools are off by default and only run after you click "Accept all" on the banner.
• Server logs — short-lived request logs for security, abuse prevention, and uptime monitoring.

Inside the product

Customer billing and inventory data ingested from cloud providers (e.g. GCP BigQuery billing exports), product user identities (via Keycloak), and audit-trail events. Details and processing terms live in the DPA.

3. Why we use it (legal bases)

• Contract / pre-contract — to reply to your demo request, send the materials you asked for, and operate the product you signed up for.
• Legitimate interest — to keep the service secure, prevent abuse, and improve documentation.
• Consent — for analytics cookies. You can withdraw consent anytime via Cookie settings.
• Legal obligation — to meet tax, accounting, and other compliance requirements.

4. Who we share it with

We share personal data only with the subprocessors we need to run the service. Today the main ones are:

• Google Cloud Platform — hosting, BigQuery, Cloud Storage, KMS (EU regions by default).
• Mailjet — transactional email and report delivery.
• Google Analytics 4 — anonymised website analytics, only when you accept cookies.
• Microsoft Clarity (Microsoft Corporation) — anonymised session replays and behaviour heatmaps for the marketing site, only when you accept cookies. Data is processed on Microsoft Azure infrastructure (primarily United States). Subject to Microsoft's cookie and consent documentation and Standard Contractual Clauses for international transfers.
• Keycloak — identity and authentication, self-hosted by us per customer realm.

A current subprocessor list is included in our DPA and available from trust@instantview.ai. We do not sell personal data.

5. Where data lives

EU data residency is the default. Customer data stays in EU regions unless a customer explicitly chooses US residency at onboarding. Service account keys and other secrets are encrypted at rest using GCP KMS envelope encryption.

6. How long we keep it

Marketing form submissions: up to 24 months from last contact, unless you ask us to delete sooner. Analytics: 14 months. Customer product data: per the DPA — typically deleted within 30 days of contract end. Audit-trail records: kept for the contractual term to support customer audits.

7. Your rights

You can request access, correction, deletion, restriction, portability, or object to processing. To exercise any of these, email privacy@instantview.ai. We respond within 30 days. You also have the right to complain to your supervisory authority — for EU users, that's the national Data Protection Authority of your residence.

8. Cookies

This site uses a small number of cookies. Analytics cookies fire only if you accept them. See the Cookie Policy for the full list.

9. Security

We've designed the product to be audit-ready: read-only cloud access, tenant isolation, KMS encryption, immutable audit log, SOC 2 Type II audit in progress. Details are on the Security & Trust page.

10. Children

InstantViewAI is a B2B product. We do not knowingly collect data from anyone under 16.

11. Changes

We'll update this policy when our practices materially change and post the new effective date at the top of this page. For substantial changes affecting existing customers we'll also notify the account's primary contact.

12. Contact

InstantViewAI, Inc.
[Registered address — placeholder]
Privacy contact: privacy@instantview.ai
Trust documents (DPA, SOC 2 progress letter, subprocessor list): trust@instantview.ai