This Privacy Policy describes how Individu ("we", "us", "our", or the "Company") collects, uses, stores, shares, and protects information about you when you use our website, applications, and services (collectively, the "Services"). We process personal information under different legal bases depending on the purpose, including contract necessity, legitimate interests, legal obligations, and consent where required by law. Where consent is required, we request it separately.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
Name
Email address
Password (stored securely using industry-standard hashing)
Profile picture (optional)
Profile Information:
Age and parental-permission attestations you provide during signup or legal re-consent
Country/region signals inferred from request headers (when available) for compliance and fraud-prevention purposes
Gender (optional)
Timezone preferences
Theme/appearance preferences
Payment Information:
Payment information is collected and processed by our payment processor
We do not store your full credit card number, CVV, or other sensitive payment details on our servers
We receive only transaction confirmations and subscription status from our payment processor
Communications:
Messages you send through the AI chat interface
Support requests and correspondence
Feedback and suggestions you provide
Tasks and Content:
Tasks you create, including titles, descriptions, due dates, and priorities
Artifacts and visual content generated through the Services
Chat conversation history and titles
Waitlist Information:
Phone number
Country code
1.2 Information Collected Automatically
Device and Browser Information:
Device type and model
Operating system and version
Browser type and version
Screen resolution
Language preferences
Usage Information:
Features used and interactions with the Services
Time spent on various features
Chat message usage (e.g. messages per month), used for plan limits and analytics; the base plan includes 2,500 messages per month
Chat message frequency and patterns (anonymized)
Error logs and performance data
Session Information:
IP address
User agent string
Session tokens and identifiers
Login timestamps
Session duration
Log Data:
Server logs including request timestamps
API calls and responses (excluding content)
Error messages and stack traces
1.3 Information from Third-Party Services
When you connect third-party applications through our integrations, we may collect and process:
OAuth and Authentication Data:
Access tokens and refresh tokens
Token expiration information
Authorized scopes and permissions
Data from Connected Services:
We access data from connected services only as necessary to fulfill your requests. Depending on which services you connect and what you ask the AI to do, this may include:
The specific third-party applications available for connection may change over time. Important: We only access data from third-party services when you explicitly authorize the connection and request specific actions. We do not continuously sync or store bulk data from these services unless required for the specific feature you're using.
1.4 Information from Voice Input
When you use voice features:
Audio is sent to our speech-to-text provider for transcription
We receive the transcribed text
We do not store audio recordings after transcription is complete
Transcriptions are stored as part of your chat history
1.5 AI-Generated Information
The AI assistant maintains "working memory" about you to provide personalized assistance, including:
Your preferences and interests
Facts you've shared about yourself
Context from previous conversations
Task and project patterns
2. How We Use Your Information
2.1 To Provide and Operate the Services
Create and manage your account
Authenticate your identity and maintain session security
Process your messages and generate AI responses
Execute actions on third-party services on your behalf
Create and manage tasks, reminders, and triggers
Generate personalized briefings and recommendations
Notify you of important changes to the Services or these policies
Send subscription and billing notifications
2.3 To Improve and Develop the Services
Analyze usage patterns to improve features
Debug and fix issues
Develop new features and services
Train and improve AI models (with your consent; see Section 7)
Conduct research and analytics
2.4 For Security and Fraud Prevention
Detect, prevent, and respond to fraud, abuse, or security incidents
Enforce our Terms of Service
Protect the rights, property, and safety of Individu and our users
Monitor for and prevent unauthorized access
Investigate violations of our policies
2.5 For Legal Compliance
Comply with applicable laws and regulations
Respond to legal requests and court orders
Establish, exercise, or defend legal claims
Comply with tax and financial reporting requirements
2.6 With Your Consent
For any other purposes for which you have given us explicit consent
2.7 When Information Is Required
Some information is required for us to provide the Services (for example, account credentials, age/permission attestations, authentication/session data, legal acceptance records, and billing-related information for paid plans). If you do not provide required information, we may be unable to create your account, provide core functionality, or process paid subscriptions.
3. Information Sharing and Disclosure
3.1 We Do Not Sell or Share Personal Information for Cross-Context Behavioral Advertising
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We also do not share personal information for cross-context behavioral advertising as those terms are defined under applicable U.S. privacy laws.
3.2 Service Providers
We share information with third-party service providers who perform services on our behalf. Categories of providers include:
Category
Purpose
Data Shared
Infrastructure & hosting
Servers, serverless functions, file storage
Account data, chat content, files
Database
Data storage and queries
All database-stored information
Payment processing
Subscriptions and billing
Email, subscription status, payment method
AI / machine learning
Chat and content generation
Chat messages, context for AI processing
Speech-to-text
Voice input transcription
Audio input for transcription
Search
Web and image search
Search queries
Email delivery
Transactional and notification email
Email address, email content
Integration middleware
Third-party app connections
OAuth tokens, integration requests
The specific providers we use may change from time to time. These providers are contractually obligated to use your information only to provide services to us and to maintain appropriate security measures. A current list of sub-processors is available upon request at .
3.3 Third-Party Integrations (At Your Direction)
When you connect third-party services and request the AI to interact with them, we share necessary information with those services to fulfill your requests. This sharing is governed by the privacy policies of those third-party services.
3.4 Shared Content
When you share conversations or artifacts:
Public sharing: Content is viewable by anyone with the link
Restricted sharing: Content is viewable only by email addresses you specify
Forking: Users who access shared content may copy it to their accounts
You control what content you share and with whom.
3.5 Legal Requirements
We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:
Comply with legal obligations, subpoenas, court orders, or legal processes
Protect and defend our rights or property
Prevent or investigate possible wrongdoing
Protect the personal safety of users or the public
Protect against legal liability
3.6 Business Transfers
In connection with a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
3.7 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This data may be used for industry analysis, research, and other purposes.
4. Data Storage and Security
4.1 Data Storage
Your data is stored on secure infrastructure operated by our hosting and database service providers, which may be located in the United States and other jurisdictions where our providers operate.
4.2 Security Measures
We implement industry-standard security measures, including:
Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Secure password hashing using modern algorithms
Access controls and authentication for our systems
Regular security assessments and monitoring
Secure handling of OAuth tokens and credentials
4.3 Two-Factor Authentication
We offer two-factor authentication (2FA) to add an extra layer of security to your account. We strongly encourage you to enable 2FA.
4.4 Security Incidents
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
4.5 No Absolute Security
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.
5. Data Retention
5.1 Retention Periods
We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this policy:
Data Type
Retention Period
Account information
Until account deletion
Chat conversations
Until account deletion or manual deletion
Tasks
Until account deletion or manual deletion
Artifacts
Until account deletion or manual deletion
Working memory
Until account deletion or manual clearing
OAuth tokens
Until integration disconnected or account deletion
Usage logs
90 days
Server logs
30 days
Waitlist data
Until converted to account or manual removal
5.2 Account Deletion
When you delete your account:
Your personal data is deleted from our active systems within 30 days
Backups containing your data may persist for up to 90 days
Anonymized or aggregated data may be retained indefinitely
Data we are required to retain for legal purposes will be kept as required
5.3 Data Deletion Requests
You may request deletion of specific data (such as conversations or tasks) without deleting your entire account. See Section 9 for how to exercise your rights.
6. Cookies and Analytics
6.1 Essential First-Party Cookies
We use essential first-party cookies required to operate the Services, including:
Authentication/session cookies used to keep you signed in and secure your account
App preference cookies used for core functionality (for example, interface state preferences)
These cookies are necessary for the Services to function and are not used for cross-site advertising.
6.2 Cookie-Free Analytics
We use Vercel Analytics for product analytics. Vercel Analytics is cookie-free in our implementation.
6.3 Cookie Controls
Because we currently use essential first-party cookies and cookie-free analytics, we do not provide a separate in-product cookie consent banner or non-essential cookie toggle at this time.
You can still manage cookies through your browser settings, but blocking essential cookies may prevent core features (such as authentication) from working.
6.4 Do Not Track and Global Privacy Control
We do not currently respond to "Do Not Track" (DNT) or Global Privacy Control (GPC) browser signals. You can exercise applicable privacy rights through the channels listed in Section 9.
7. AI Processing and Model Improvement
7.1 Service Operation
We process your inputs and related context to generate responses and operate product features.
7.2 Product Improvement
We may use aggregated and de-identified information to improve reliability, safety, and core product functionality.
7.3 Third-Party AI Providers
When you use the Services, your messages are sent to our AI provider(s) for processing. These providers:
May have their own data practices and policies
Are contractually prohibited from using your data to train their models without consent
Process data according to our data processing agreements
8. International Data Transfers
8.1 Transfer Mechanisms
If you are located outside the United States, your information may be transferred to and processed in the United States, where our servers and service providers are located.
We ensure appropriate safeguards for international transfers through:
Standard Contractual Clauses (SCCs)
Data Processing Agreements with service providers
Compliance with applicable data protection frameworks
8.2 European Users (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland:
We process your data under lawful bases including consent, contract performance, legitimate interests, and legal obligations
Contract performance: account creation and authentication, service delivery, third-party integrations requested by you, subscription billing and account administration
Legitimate interests: securing the Services, preventing abuse, improving reliability and core product functionality, and internal analytics to improve user experience
Legal obligations: tax, accounting, fraud-prevention, and responses to lawful requests by public authorities
Consent: processing where consent is required by applicable law
You have additional rights as described in Section 9
We have implemented appropriate safeguards for data transfers
You can withdraw consent at any time for consent-based processing without affecting prior lawful processing
We do not use solely automated decision-making that produces legal or similarly significant effects on individuals
8.3 California Users (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to know what personal information we collect, including categories and specific pieces of personal information
Right to delete your personal information
Right to correct inaccurate personal information
Right to limit use of sensitive personal information
Right to opt-out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
Right to non-discrimination for exercising your rights
Right to use an authorized agent to submit requests on your behalf, subject to verification requirements
9. Your Privacy Rights
9.1 General Rights
Depending on your location, you may have the following rights:
Right
Description
Access
Request a copy of your personal information
Correction
Request correction of inaccurate data
Deletion
Request deletion of your personal information
Portability
Receive your data in a portable format
Restriction
Request limitation of processing
Objection
Object to certain processing activities
Withdrawal of consent
Withdraw consent at any time
9.2 How to Exercise Your Rights
You can exercise your rights by:
Using the account settings in the Services
Using the in-app "Export my data" action for a direct JSON data export
Contacting us at
Submitting a request through our support channels
We will respond to requests within the time required by applicable law. This is typically within 30 days for GDPR-based requests and may be up to 45 days for certain U.S. state law requests (with extensions where permitted by law). We may need to verify your identity before processing your request.
If we deny your request, we will explain the basis for the denial. Where required by applicable U.S. state law, we will provide instructions for appealing a denial and the available timelines for that appeal.
9.3 Account Settings
You can directly manage your data through your account:
Update profile information
Change password and security settings
Delete conversations and tasks
Disconnect third-party integrations
Clear working memory
Download your data
Delete your account
9.4 Complaints
If you have concerns about our privacy practices, please contact us first. You also have the right to lodge a complaint with your local data protection authority.
10. Children's Privacy
10.1 Age Restrictions
The Services are not directed to children under 13. During signup and legal re-consent, users must confirm they are at least 13 years old and, where required by local law, that they have parent or legal guardian permission.
10.2 Parental Consent
If you are at least 13 but below the minimum age in your country to consent to online services, you may use the Services only with required parent or legal guardian permission, where permitted by law. If you are below the age of majority in your jurisdiction, parent or legal guardian permission may also be required.
10.3 Discovery of Child Data
If we discover that we have collected personal information from a user under 13, or from a user who did not have legally required parental authorization for their age and jurisdiction, we will take appropriate action, which may include account restriction or deletion. If you believe we may have collected information from such a user, please contact us at .
11. Third-Party Links and Services
11.1 External Links
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.
11.2 Third-Party Integrations
When you connect third-party services:
Those services have their own privacy policies
We are not responsible for their data practices
You should review their policies before connecting
Disconnecting an integration may not delete data already shared with that service
11.3 Search Results and Images
Web search results and images displayed in the Services come from third-party sources. We do not control the content or privacy practices of these sources.
12. Changes to This Privacy Policy
12.1 Policy Updates
We may update this Privacy Policy from time to time. When we make material changes:
We will update the "Last Updated" date at the top
We will notify you via email or in-app notification at least 30 days before changes take effect
We will obtain your consent where required by law
12.2 Review
We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.
13. Data Processing Agreement
13.1 Business Customers
If you use the Services on behalf of an organization that requires a Data Processing Agreement (DPA), please contact us at to request one.
13.2 Sub-Processors
A list of our sub-processors (third-party service providers who process personal data on our behalf) is available upon request.
14. Specific Data Categories
14.1 Sensitive Personal Information
We may process the following categories of sensitive personal information:
Account login credentials (protected by encryption and hashing)
Biometric data (voice input for transcription - not stored)