Appintellectlocal

Appintellect — Privacy Policy

DRAFT — NOT LEGALLY REVIEWED. Fill in {{placeholders}}, have counsel review, then remove this banner.

Last updated: 2026-04-23

This policy explains what Appintellect ({{LegalEntity}}) collects, why, how long we keep it, and what rights you have over it. It covers:

  1. Pilot customers — the organizations we issue API keys to.
  2. Dashboard visitors — anyone loading the web UI.
  3. End users of a pilot customer's application — people whose data may transit our systems indirectly when a pilot customer runs a crawl against an app those users use.

For end users: you do not have a direct relationship with us. Your relationship is with the application owner (our pilot customer), and they are the controller of any data about you that reaches us. We act as a processor on their behalf. See dpa.md for the terms that govern that processor relationship.

1. What we collect

From pilot customers (the organizations using Appintellect)

  • Contact details — organization name, primary contact email, billing contact (if applicable)
  • API keys — we generate these; we store a hash, not the key itself
  • Configuration — spend cap, retention preference, Gemini API key (stored encrypted at rest in our backend)
  • Service telemetry — request logs, error traces, usage metrics tied to your organization

From crawl activity (driven by a pilot customer)

  • Screenshots of the application under test — stored as image blobs
  • Accessibility tree snapshots — the structural description of each screen
  • Application logslogcat / os_log lines emitted during the crawl (WARN level and above by default)
  • Anomalies — crashes, log errors, visual differences we detect
  • AI provider usage — per-call token counts and cost, tied to your Gemini key

What we deliberately do not collect:

  • Raw app binaries after the crawl completes (the Desktop Agent holds them locally; we only receive the crawl outputs)
  • Your Gemini API key is written to our backend encrypted; we do not log it and we do not transmit it to third parties other than Google when making inference calls on your behalf

From dashboard visitors

  • Standard web-request metadata (IP, user agent, request path, timing) retained for {{dashboard_log_retention_days}} days for security and debugging. No advertising trackers. No third-party analytics during the pilot.

2. Why we collect it

  • Provide the service — render your dashboards, run crawls, surface anomalies
  • Enforce the spend cap you set — we need per-tenant usage to do this
  • Debug and support — when you report a broken run we need logs to diagnose
  • Security — detect and respond to abuse, key compromise, unauthorized access

We do not use your crawl contents to train machine-learning models, ours or anyone else's.

3. Where it lives

  • Primary backend: Google Cloud Platform, us-east1 region
  • Blob storage: Google Cloud Storage, us-east1
  • AI inference: Google Gemini API (routed through your own key)

See subprocessors.md for the current list.

4. How long we keep it

Data Default retention Why
Crawl screenshots, logs, anomalies {{default_retention_days}} days Enough for regression comparison across sprints
AI usage events (the spend ledger) 13 months Lets you answer "why was my cap blown last quarter"
Dashboard request logs {{dashboard_log_retention_days}} days Security + debugging
Account metadata (org, contact) Life of the account + 90 days Re-open handling, billing disputes

You can delete project data earlier via DELETE /projects/{id} on the API or the dashboard's delete button. The AI usage ledger is preserved with the run_id detached when the parent run or project is purged — so your spend audit trail survives the deletion of the thing that caused the spend.

5. Who we share it with

  • Sub-processors listed in subprocessors.md. Each is contractually bound to confidentiality + data-protection terms at least as strict as ours.
  • Law enforcement, only under a legally binding order we cannot lawfully refuse, and only the narrowest data the order requires. We will notify you unless the order prohibits it.
  • No one else. We do not sell data. We do not share it with advertising networks. We do not ship it to marketing partners.

6. Your rights

Depending on where you are (GDPR / UK GDPR / CCPA / other regional frameworks), you may have rights to:

  • Access — a copy of the personal data we hold about you
  • Correct — fix inaccuracies
  • Delete — erase data (subject to legal-retention carve-outs like tax records)
  • Port — export in a common machine-readable format
  • Object / restrict — limit how we process your data
  • Withdraw consent — where processing is based on consent
  • Complain — to your local data protection authority

Requests go to {{privacy_contact_email}}. We respond within 30 days. For end users of a pilot customer's app, we forward the request to the pilot customer (the controller) unless there is a specific reason we must handle it directly.

7. Security

  • Encryption in transit — TLS 1.3 for every public endpoint
  • Encryption at rest — GCP-managed keys for the database + blob store; application-level encryption for customer-provided Gemini keys
  • Access control — per-tenant API keys; internal access gated by SSO + 2FA; audit logs on production data access
  • Backups — daily, encrypted, 30-day rolling
  • Incident response — we notify affected customers within 72 hours of confirming a breach involving their data

See the security overview for detail.

8. International transfers

If you are in the EU / UK / Switzerland, your data transits to the US (GCP us-east1). We rely on the EU-US Data Privacy Framework for EU transfers and the UK Extension for UK transfers. Standard Contractual Clauses are available on request as a fallback.

9. Children

The Service is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child's data has reached us through a pilot customer's crawl, email {{privacy_contact_email}} and we will coordinate deletion with the controller.

10. Changes to this policy

We notify active pilot contacts by email at least 30 days before a material change takes effect. Non-material changes (typo fixes, clarifying language) may be made without notice — the "Last updated" date at the top always reflects the current version.

11. Contact

  • Privacy questions / rights requests: {{privacy_contact_email}}
  • Data protection officer: {{dpo_contact}} (if appointed; otherwise the privacy contact handles DPO duties)
  • Postal: {{company_postal_address}}