Privacy Policy

Last updated: February 27, 2026

This Privacy Policy describes how Individu ("we", "us", "our", or the "Company") collects, uses, stores, shares, and protects information about you when you use our website, applications, and services (collectively, the "Services"). We process personal information under different legal bases depending on the purpose, including contract necessity, legitimate interests, legal obligations, and consent where required by law. Where consent is required, we request it separately.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

  • Name
  • Email address
  • Password (stored securely using industry-standard hashing)
  • Profile picture (optional)

Profile Information:

  • Age and parental-permission attestations you provide during signup or legal re-consent
  • Country/region signals inferred from request headers (when available) for compliance and fraud-prevention purposes
  • Gender (optional)
  • Timezone preferences
  • Theme/appearance preferences

Payment Information:

  • Payment information is collected and processed by our payment processor
  • We do not store your full credit card number, CVV, or other sensitive payment details on our servers
  • We receive only transaction confirmations and subscription status from our payment processor

Communications:

  • Messages you send through the AI chat interface
  • Support requests and correspondence
  • Feedback and suggestions you provide

Tasks and Content:

  • Tasks you create, including titles, descriptions, due dates, and priorities
  • Artifacts and visual content generated through the Services
  • Chat conversation history and titles

Waitlist Information:

  • Phone number
  • Country code

1.2 Information Collected Automatically

Device and Browser Information:

  • Device type and model
  • Operating system and version
  • Browser type and version
  • Screen resolution
  • Language preferences

Usage Information:

  • Features used and interactions with the Services
  • Time spent on various features
  • Chat message usage (e.g. messages per month), used for plan limits and analytics; the base plan includes 2,500 messages per month
  • Chat message frequency and patterns (anonymized)
  • Error logs and performance data

Session Information:

  • IP address
  • User agent string
  • Session tokens and identifiers
  • Login timestamps
  • Session duration

Log Data:

  • Server logs including request timestamps
  • API calls and responses (excluding content)
  • Error messages and stack traces

1.3 Information from Third-Party Services

When you connect third-party applications through our integrations, we may collect and process:

OAuth and Authentication Data:

  • Access tokens and refresh tokens
  • Token expiration information
  • Authorized scopes and permissions

Data from Connected Services: We access data from connected services only as necessary to fulfill your requests. Depending on which services you connect and what you ask the AI to do, this may include:

| Service Category | Data Types | |-----------------|------------| | Email | Email messages, contacts, calendar events, attachments | | Calendar | Events, attendees, meeting details, availability | | Project Management | Projects, tasks, documents, comments, team members | | Communication | Messages, channels, contacts, conversation history | | Development | Repositories, code, issues, pull requests, deployments | | Design | Files, projects, comments, design assets | | Business | Customers, transactions, tickets, contacts | | Storage | Files, folders, shared documents | | Media | Videos, playlists, channel information |

The specific third-party applications available for connection may change over time. Important: We only access data from third-party services when you explicitly authorize the connection and request specific actions. We do not continuously sync or store bulk data from these services unless required for the specific feature you're using.

1.4 Information from Voice Input

When you use voice features:

  • Audio is sent to our speech-to-text provider for transcription
  • We receive the transcribed text
  • We do not store audio recordings after transcription is complete
  • Transcriptions are stored as part of your chat history

1.5 AI-Generated Information

The AI assistant maintains "working memory" about you to provide personalized assistance, including:

  • Your preferences and interests
  • Facts you've shared about yourself
  • Context from previous conversations
  • Task and project patterns

2. How We Use Your Information

2.1 To Provide and Operate the Services

  • Create and manage your account
  • Authenticate your identity and maintain session security
  • Process your messages and generate AI responses
  • Execute actions on third-party services on your behalf
  • Create and manage tasks, reminders, and triggers
  • Generate personalized briefings and recommendations
  • Store and retrieve your conversation history
  • Create and display artifacts and visual content

2.2 To Communicate With You

  • Send transactional emails (account verification, password resets)
  • Provide customer support
  • Notify you of important changes to the Services or these policies
  • Send subscription and billing notifications

2.3 To Improve and Develop the Services

  • Analyze usage patterns to improve features
  • Debug and fix issues
  • Develop new features and services
  • Train and improve AI models (with your consent; see Section 7)
  • Conduct research and analytics

2.4 For Security and Fraud Prevention

  • Detect, prevent, and respond to fraud, abuse, or security incidents
  • Enforce our Terms of Service
  • Protect the rights, property, and safety of Individu and our users
  • Monitor for and prevent unauthorized access
  • Investigate violations of our policies

2.5 For Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Establish, exercise, or defend legal claims
  • Comply with tax and financial reporting requirements

2.6 With Your Consent

  • For any other purposes for which you have given us explicit consent

2.7 When Information Is Required

Some information is required for us to provide the Services (for example, account credentials, age/permission attestations, authentication/session data, legal acceptance records, and billing-related information for paid plans). If you do not provide required information, we may be unable to create your account, provide core functionality, or process paid subscriptions.

3. Information Sharing and Disclosure

3.1 We Do Not Sell or Share Personal Information for Cross-Context Behavioral Advertising

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We also do not share personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. privacy laws.

3.2 Service Providers

We share information with third-party service providers who perform services on our behalf. Categories of providers include:

| Category | Purpose | Data Shared | |----------|---------|-------------| | Infrastructure & hosting | Servers, serverless functions, file storage | Account data, chat content, files | | Database | Data storage and queries | All database-stored information | | Payment processing | Subscriptions and billing | Email, subscription status, payment method | | AI / machine learning | Chat and content generation | Chat messages, context for AI processing | | Speech-to-text | Voice input transcription | Audio input for transcription | | Search | Web and image search | Search queries | | Email delivery | Transactional and notification email | Email address, email content | | Integration middleware | Third-party app connections | OAuth tokens, integration requests |

The specific providers we use may change from time to time. These providers are contractually obligated to use your information only to provide services to us and to maintain appropriate security measures. A current list of sub-processors is available upon request at privacy@individu.ai.

3.3 Third-Party Integrations (At Your Direction)

When you connect third-party services and request the AI to interact with them, we share necessary information with those services to fulfill your requests. This sharing is governed by the privacy policies of those third-party services.

3.4 Shared Content

When you share conversations or artifacts:

  • Public sharing: Content is viewable by anyone with the link
  • Restricted sharing: Content is viewable only by email addresses you specify
  • Forking: Users who access shared content may copy it to their accounts

You control what content you share and with whom.

3.5 Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:

  • Comply with legal obligations, subpoenas, court orders, or legal processes
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public
  • Protect against legal liability

3.6 Business Transfers

In connection with a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.7 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This data may be used for industry analysis, research, and other purposes.

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure infrastructure operated by our hosting and database service providers, which may be located in the United States and other jurisdictions where our providers operate.

4.2 Security Measures

We implement industry-standard security measures, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Secure password hashing using modern algorithms
  • Access controls and authentication for our systems
  • Regular security assessments and monitoring
  • Secure handling of OAuth tokens and credentials

4.3 Two-Factor Authentication

We offer two-factor authentication (2FA) to add an extra layer of security to your account. We strongly encourage you to enable 2FA.

4.4 Security Incidents

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

4.5 No Absolute Security

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.

5. Data Retention

5.1 Retention Periods

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this policy:

| Data Type | Retention Period | |-----------|------------------| | Account information | Until account deletion | | Chat conversations | Until account deletion or manual deletion | | Tasks | Until account deletion or manual deletion | | Artifacts | Until account deletion or manual deletion | | Working memory | Until account deletion or manual clearing | | OAuth tokens | Until integration disconnected or account deletion | | Usage logs | 90 days | | Server logs | 30 days | | Waitlist data | Until converted to account or manual removal |

5.2 Account Deletion

When you delete your account:

  • Your personal data is deleted from our active systems within 30 days
  • Backups containing your data may persist for up to 90 days
  • Anonymized or aggregated data may be retained indefinitely
  • Data we are required to retain for legal purposes will be kept as required

5.3 Data Deletion Requests

You may request deletion of specific data (such as conversations or tasks) without deleting your entire account. See Section 9 for how to exercise your rights.

6. Cookies and Analytics

6.1 Essential First-Party Cookies

We use essential first-party cookies required to operate the Services, including:

  • Authentication/session cookies used to keep you signed in and secure your account
  • App preference cookies used for core functionality (for example, interface state preferences)

These cookies are necessary for the Services to function and are not used for cross-site advertising.

6.2 Cookie-Free Analytics

We use Vercel Analytics for product analytics. Vercel Analytics is cookie-free in our implementation.

6.3 Cookie Controls

Because we currently use essential first-party cookies and cookie-free analytics, we do not provide a separate in-product cookie consent banner or non-essential cookie toggle at this time.

You can still manage cookies through your browser settings, but blocking essential cookies may prevent core features (such as authentication) from working.

6.4 Do Not Track and Global Privacy Control

We do not currently respond to "Do Not Track" (DNT) or Global Privacy Control (GPC) browser signals. You can exercise applicable privacy rights through the channels listed in Section 9.

7. AI Processing and Model Improvement

7.1 Service Operation

We process your inputs and related context to generate responses and operate product features.

7.2 Product Improvement

We may use aggregated and de-identified information to improve reliability, safety, and core product functionality.

7.3 Third-Party AI Providers

When you use the Services, your messages are sent to our AI provider(s) for processing. These providers:

  • May have their own data practices and policies
  • Are contractually prohibited from using your data to train their models without consent
  • Process data according to our data processing agreements

8. International Data Transfers

8.1 Transfer Mechanisms

If you are located outside the United States, your information may be transferred to and processed in the United States, where our servers and service providers are located.

We ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with service providers
  • Compliance with applicable data protection frameworks

8.2 European Users (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland:

  • We process your data under lawful bases including consent, contract performance, legitimate interests, and legal obligations
  • Contract performance: account creation and authentication, service delivery, third-party integrations requested by you, subscription billing and account administration
  • Legitimate interests: securing the Services, preventing abuse, improving reliability and core product functionality, and internal analytics to improve user experience
  • Legal obligations: tax, accounting, fraud-prevention, and responses to lawful requests by public authorities
  • Consent: processing where consent is required by applicable law
  • You have additional rights as described in Section 9
  • We have implemented appropriate safeguards for data transfers
  • You can withdraw consent at any time for consent-based processing without affecting prior lawful processing
  • We do not use solely automated decision-making that produces legal or similarly significant effects on individuals

8.3 California Users (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, including categories and specific pieces of personal information
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to opt-out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
  • Right to non-discrimination for exercising your rights
  • Right to use an authorized agent to submit requests on your behalf, subject to verification requirements

9. Your Privacy Rights

9.1 General Rights

Depending on your location, you may have the following rights:

| Right | Description | |-------|-------------| | Access | Request a copy of your personal information | | Correction | Request correction of inaccurate data | | Deletion | Request deletion of your personal information | | Portability | Receive your data in a portable format | | Restriction | Request limitation of processing | | Objection | Object to certain processing activities | | Withdrawal of consent | Withdraw consent at any time |

9.2 How to Exercise Your Rights

You can exercise your rights by:

  • Using the account settings in the Services
  • Using the in-app "Export my data" action for a direct JSON data export
  • Contacting us at privacy@individu.ai
  • Submitting a request through our support channels

We will respond to requests within the time required by applicable law. This is typically within 30 days for GDPR-based requests and may be up to 45 days for certain U.S. state law requests (with extensions where permitted by law). We may need to verify your identity before processing your request.

If we deny your request, we will explain the basis for the denial. Where required by applicable U.S. state law, we will provide instructions for appealing a denial and the available timelines for that appeal.

9.3 Account Settings

You can directly manage your data through your account:

  • Update profile information
  • Change password and security settings
  • Delete conversations and tasks
  • Disconnect third-party integrations
  • Clear working memory
  • Download your data
  • Delete your account

9.4 Complaints

If you have concerns about our privacy practices, please contact us first. You also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

10.1 Age Restrictions

The Services are not directed to children under 13. During signup and legal re-consent, users must confirm they are at least 13 years old and, where required by local law, that they have parent or legal guardian permission.

10.2 Parental Consent

If you are at least 13 but below the minimum age in your country to consent to online services, you may use the Services only with required parent or legal guardian permission, where permitted by law. If you are below the age of majority in your jurisdiction, parent or legal guardian permission may also be required.

10.3 Discovery of Child Data

If we discover that we have collected personal information from a user under 13, or from a user who did not have legally required parental authorization for their age and jurisdiction, we will take appropriate action, which may include account restriction or deletion. If you believe we may have collected information from such a user, please contact us at privacy@individu.ai.

11. Third-Party Links and Services

11.1 External Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11.2 Third-Party Integrations

When you connect third-party services:

  • Those services have their own privacy policies
  • We are not responsible for their data practices
  • You should review their policies before connecting
  • Disconnecting an integration may not delete data already shared with that service

11.3 Search Results and Images

Web search results and images displayed in the Services come from third-party sources. We do not control the content or privacy practices of these sources.

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date at the top
  • We will notify you via email or in-app notification at least 30 days before changes take effect
  • We will obtain your consent where required by law

12.2 Review

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.

13. Data Processing Agreement

13.1 Business Customers

If you use the Services on behalf of an organization that requires a Data Processing Agreement (DPA), please contact us at legal@individu.ai to request one.

13.2 Sub-Processors

A list of our sub-processors (third-party service providers who process personal data on our behalf) is available upon request.

14. Specific Data Categories

14.1 Sensitive Personal Information

We may process the following categories of sensitive personal information:

  • Account login credentials (protected by encryption and hashing)
  • Biometric data (voice input for transcription - not stored)
  • Precise geolocation (only if explicitly shared)

14.2 Categories of Sources

We collect personal information from:

  • You directly (account registration, usage)
  • Automated collection (essential first-party cookies, logs)
  • Third-party services (when you authorize integrations)

14.3 Categories of Recipients

Personal information may be shared with:

  • Service providers (hosting, email, payments, AI processing)
  • Third-party services (at your direction through integrations)
  • Legal authorities (when required by law)

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Privacy Inquiries: Email: privacy@individu.ai

General Legal: Email: legal@individu.ai

Data Protection Officer: Email: dpo@individu.ai

Support: Email: support@individu.ai

Company details (data controller, Netherlands):

  • Chamber of commerce (KVK): 97860891
  • VAT ID (btw-id): NL005293287B03

Response Times

We aim to respond to all privacy-related inquiries within:

  • General questions: 7 business days
  • Data access requests: 30 days
  • Data deletion requests: 30 days
  • Urgent security matters: 24-48 hours

16. Additional Disclosures

16.1 Voice Data

When using voice features:

  • Audio is transmitted securely to our speech-to-text provider for transcription
  • We do not retain audio recordings after transcription
  • You can disable voice features at any time
  • Transcribed text is stored as part of your chat history

16.2 AI Memory

The AI's working memory:

  • Contains information you've shared in conversations
  • Is used to personalize your experience
  • Can be viewed in your account settings
  • Can be cleared at any time
  • Is deleted when you delete your account

16.3 Automated Triggers

If you set up automated triggers:

  • Your trigger configuration is stored securely
  • Actions are executed on your behalf
  • You can view, modify, or delete triggers at any time
  • Trigger execution logs are retained for 90 days

16.4 Shared Conversations

When you share a conversation:

  • Only content up to the share timestamp is visible
  • Recipients may fork (copy) the conversation
  • You can revoke sharing at any time
  • Forked copies remain with users who copied them

16.5 Profile Pictures

Avatar images you upload:

  • Are stored on our secure file storage infrastructure
  • Are publicly accessible via URL
  • Are deleted when you remove or replace them
  • Are deleted when you delete your account

This Privacy Policy was last updated on February 27, 2026.