Individuindividu
Log InGet Started

Privacy Policy

Last updated: January 27, 2026

This Privacy Policy describes how Individu ("we", "us", "our", or the "Company") collects, uses, stores, shares, and protects information about you when you use our website, applications, and services (collectively, the "Services"). By using our Services, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

  • Name
  • Email address
  • Password (stored securely using industry-standard hashing)
  • Profile picture (optional)

Profile Information:

  • Birthday (optional)
  • Gender (optional)
  • Timezone preferences
  • Theme/appearance preferences

Payment Information:

  • Payment information is collected and processed by our payment processor, Polar.sh
  • We do not store your full credit card number, CVV, or other sensitive payment details on our servers
  • We receive only transaction confirmations and subscription status from Polar.sh

Communications:

  • Messages you send through the AI chat interface
  • Support requests and correspondence
  • Feedback and suggestions you provide

Tasks and Content:

  • Tasks you create, including titles, descriptions, due dates, and priorities
  • Artifacts and visual content generated through the Services
  • Chat conversation history and titles

Waitlist Information:

  • Phone number
  • Country code

1.2 Information Collected Automatically

Device and Browser Information:

  • Device type and model
  • Operating system and version
  • Browser type and version
  • Screen resolution
  • Language preferences

Usage Information:

  • Features used and interactions with the Services
  • Time spent on various features
  • Chat message frequency and patterns (anonymized)
  • Error logs and performance data

Session Information:

  • IP address
  • User agent string
  • Session tokens and identifiers
  • Login timestamps
  • Session duration

Log Data:

  • Server logs including request timestamps
  • API calls and responses (excluding content)
  • Error messages and stack traces

1.3 Information from Third-Party Services

When you connect third-party applications through our integrations, we may collect and process:

OAuth and Authentication Data:

  • Access tokens and refresh tokens
  • Token expiration information
  • Authorized scopes and permissions

Data from Connected Services: We access data from connected services only as necessary to fulfill your requests. Depending on which services you connect and what you ask the AI to do, this may include:

| Service Category | Data Types | |-----------------|------------| | Email (Gmail, Outlook) | Email messages, contacts, calendar events, attachments | | Calendar (Google Calendar, Cal.com) | Events, attendees, meeting details, availability | | Project Management (Notion, Linear, Todoist, Airtable) | Projects, tasks, documents, comments, team members | | Communication (Slack, WhatsApp, Intercom) | Messages, channels, contacts, conversation history | | Development (GitHub, Vercel, Cursor) | Repositories, code, issues, pull requests, deployments | | Design (Figma) | Files, projects, comments, design assets | | Business (Stripe, HubSpot, Zendesk, Polar, Ramp) | Customers, transactions, tickets, contacts | | Storage (OneDrive) | Files, folders, shared documents | | Media (YouTube) | Videos, playlists, channel information |

Important: We only access data from third-party services when you explicitly authorize the connection and request specific actions. We do not continuously sync or store bulk data from these services unless required for the specific feature you're using.

1.4 Information from Voice Input

When you use voice features:

  • Audio is sent to ElevenLabs for transcription
  • We receive the transcribed text
  • We do not store audio recordings after transcription is complete
  • Transcriptions are stored as part of your chat history

1.5 AI-Generated Information

The AI assistant maintains "working memory" about you to provide personalized assistance, including:

  • Your preferences and interests
  • Facts you've shared about yourself
  • Context from previous conversations
  • Task and project patterns

2. How We Use Your Information

2.1 To Provide and Operate the Services

  • Create and manage your account
  • Authenticate your identity and maintain session security
  • Process your messages and generate AI responses
  • Execute actions on third-party services on your behalf
  • Create and manage tasks, reminders, and triggers
  • Generate personalized briefings and recommendations
  • Store and retrieve your conversation history
  • Create and display artifacts and visual content

2.2 To Communicate With You

  • Send transactional emails (account verification, password resets)
  • Provide customer support
  • Notify you of important changes to the Services or these policies
  • Send subscription and billing notifications

2.3 To Improve and Develop the Services

  • Analyze usage patterns to improve features
  • Debug and fix issues
  • Develop new features and services
  • Train and improve AI models (with your consent; see Section 7)
  • Conduct research and analytics

2.4 For Security and Fraud Prevention

  • Detect, prevent, and respond to fraud, abuse, or security incidents
  • Enforce our Terms of Service
  • Protect the rights, property, and safety of Individu and our users
  • Monitor for and prevent unauthorized access
  • Investigate violations of our policies

2.5 For Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Establish, exercise, or defend legal claims
  • Comply with tax and financial reporting requirements

2.6 With Your Consent

  • For any other purposes for which you have given us explicit consent

3. Information Sharing and Disclosure

3.1 We Do Not Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Vercel | Hosting, serverless functions, blob storage | Account data, chat content, files | | Neon | Database hosting | All database-stored information | | Polar.sh | Payment processing | Email, subscription status, payment method | | Google (Gemini) | AI model inference | Chat messages, context for AI processing | | ElevenLabs | Speech-to-text | Audio input for transcription | | Serper | Web and image search | Search queries | | Resend | Email delivery | Email address, email content | | Integrate.dev | Third-party integrations | OAuth tokens, integration requests |

These providers are contractually obligated to use your information only to provide services to us and to maintain appropriate security measures.

3.3 Third-Party Integrations (At Your Direction)

When you connect third-party services and request the AI to interact with them, we share necessary information with those services to fulfill your requests. This sharing is governed by the privacy policies of those third-party services.

3.4 Shared Content

When you share conversations or artifacts:

  • Public sharing: Content is viewable by anyone with the link
  • Restricted sharing: Content is viewable only by email addresses you specify
  • Forking: Users who access shared content may copy it to their accounts

You control what content you share and with whom.

3.5 Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:

  • Comply with legal obligations, subpoenas, court orders, or legal processes
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public
  • Protect against legal liability

3.6 Business Transfers

In connection with a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.7 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This data may be used for industry analysis, research, and other purposes.

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure servers hosted by:

  • Vercel (United States, with global edge network)
  • Neon (cloud database infrastructure)

4.2 Security Measures

We implement industry-standard security measures, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Secure password hashing using modern algorithms
  • Access controls and authentication for our systems
  • Regular security assessments and monitoring
  • Secure handling of OAuth tokens and credentials

4.3 Two-Factor Authentication

We offer two-factor authentication (2FA) to add an extra layer of security to your account. We strongly encourage you to enable 2FA.

4.4 Security Incidents

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

4.5 No Absolute Security

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk.

5. Data Retention

5.1 Retention Periods

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this policy:

| Data Type | Retention Period | |-----------|------------------| | Account information | Until account deletion | | Chat conversations | Until account deletion or manual deletion | | Tasks | Until account deletion or manual deletion | | Artifacts | Until account deletion or manual deletion | | Working memory | Until account deletion or manual clearing | | OAuth tokens | Until integration disconnected or account deletion | | Usage logs | 90 days | | Server logs | 30 days | | Waitlist data | Until converted to account or manual removal |

5.2 Account Deletion

When you delete your account:

  • Your personal data is deleted from our active systems within 30 days
  • Backups containing your data may persist for up to 90 days
  • Anonymized or aggregated data may be retained indefinitely
  • Data we are required to retain for legal purposes will be kept as required

5.3 Data Deletion Requests

You may request deletion of specific data (such as conversations or tasks) without deleting your entire account. See Section 9 for how to exercise your rights.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

| Cookie Type | Purpose | |-------------|---------| | Essential cookies | Required for the Services to function (authentication, security) | | Preference cookies | Remember your settings and preferences (theme, timezone) | | Analytics cookies | Help us understand how you use the Services |

6.2 Third-Party Cookies

Our service providers may set cookies on your device for:

  • Authentication and session management
  • Performance monitoring
  • Analytics

6.3 Cookie Management

You can manage cookies through your browser settings. Note that disabling certain cookies may impair the functionality of the Services.

6.4 Do Not Track

We do not currently respond to "Do Not Track" browser signals. However, you can manage your privacy preferences as described in this policy.

7. AI Training and Your Data

7.1 How We Use Data for AI

We may use anonymized, aggregated conversation data to:

  • Improve AI response quality
  • Detect and fix issues
  • Develop new features

7.2 Your Choices

You can opt out of having your data used for AI training and improvement:

  • Visit your account settings
  • Toggle the "Data for Training" option to off

Opting out:

  • Does not affect your use of the Services
  • Does not delete previously contributed data
  • Takes effect within 30 days

7.3 Third-Party AI Providers

When you use the Services, your messages are sent to third-party AI providers (such as Google Gemini) for processing. These providers:

  • May have their own data practices and policies
  • Are contractually prohibited from using your data to train their models without consent
  • Process data according to our data processing agreements

8. International Data Transfers

8.1 Transfer Mechanisms

If you are located outside the United States, your information may be transferred to and processed in the United States, where our servers and service providers are located.

We ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with service providers
  • Compliance with applicable data protection frameworks

8.2 European Users (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland:

  • We process your data under lawful bases including consent, contract performance, legitimate interests, and legal obligations
  • You have additional rights as described in Section 9
  • We have implemented appropriate safeguards for data transfers

8.3 California Users (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

9. Your Privacy Rights

9.1 General Rights

Depending on your location, you may have the following rights:

| Right | Description | |-------|-------------| | Access | Request a copy of your personal information | | Correction | Request correction of inaccurate data | | Deletion | Request deletion of your personal information | | Portability | Receive your data in a portable format | | Restriction | Request limitation of processing | | Objection | Object to certain processing activities | | Withdrawal of consent | Withdraw consent at any time |

9.2 How to Exercise Your Rights

You can exercise your rights by:

  • Using the account settings in the Services
  • Contacting us at privacy@individu.ai
  • Submitting a request through our support channels

We will respond to requests within 30 days (or sooner as required by law). We may need to verify your identity before processing your request.

9.3 Account Settings

You can directly manage your data through your account:

  • Update profile information
  • Change password and security settings
  • Delete conversations and tasks
  • Disconnect third-party integrations
  • Clear working memory
  • Download your data
  • Delete your account

9.4 Complaints

If you have concerns about our privacy practices, please contact us first. You also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

10.1 Age Restrictions

The Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

10.2 Parental Consent

If you are between 13 and 18 (or the age of majority in your jurisdiction), you must have parental consent to use the Services.

10.3 Discovery of Child Data

If we discover that we have collected personal information from a child under 13 without verification of parental consent, we will delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@individu.ai.

11. Third-Party Links and Services

11.1 External Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11.2 Third-Party Integrations

When you connect third-party services:

  • Those services have their own privacy policies
  • We are not responsible for their data practices
  • You should review their policies before connecting
  • Disconnecting an integration may not delete data already shared with that service

11.3 Search Results and Images

Web search results and images displayed in the Services come from third-party sources. We do not control the content or privacy practices of these sources.

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date at the top
  • We will notify you via email or in-app notification at least 30 days before changes take effect
  • We will obtain your consent where required by law

12.2 Review

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.

13. Data Processing Agreement

13.1 Business Customers

If you use the Services on behalf of an organization that requires a Data Processing Agreement (DPA), please contact us at legal@individu.ai to request one.

13.2 Sub-Processors

A list of our sub-processors (third-party service providers who process personal data on our behalf) is available upon request.

14. Specific Data Categories

14.1 Sensitive Personal Information

We may process the following categories of sensitive personal information:

  • Account login credentials (protected by encryption and hashing)
  • Biometric data (voice input for transcription - not stored)
  • Precise geolocation (only if explicitly shared)

14.2 Categories of Sources

We collect personal information from:

  • You directly (account registration, usage)
  • Automated collection (cookies, logs)
  • Third-party services (when you authorize integrations)

14.3 Categories of Recipients

Personal information may be shared with:

  • Service providers (hosting, email, payments, AI processing)
  • Third-party services (at your direction through integrations)
  • Legal authorities (when required by law)

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Privacy Inquiries: Email: privacy@individu.ai

General Legal: Email: legal@individu.ai

Data Protection Officer: Email: dpo@individu.ai

Support: Email: support@individu.ai

Response Times

We aim to respond to all privacy-related inquiries within:

  • General questions: 7 business days
  • Data access requests: 30 days
  • Data deletion requests: 30 days
  • Urgent security matters: 24-48 hours

16. Additional Disclosures

16.1 Voice Data

When using voice features:

  • Audio is transmitted securely to ElevenLabs for transcription
  • We do not retain audio recordings after transcription
  • You can disable voice features at any time
  • Transcribed text is stored as part of your chat history

16.2 AI Memory

The AI's working memory:

  • Contains information you've shared in conversations
  • Is used to personalize your experience
  • Can be viewed in your account settings
  • Can be cleared at any time
  • Is deleted when you delete your account

16.3 Automated Triggers

If you set up automated triggers:

  • Your trigger configuration is stored securely
  • Actions are executed on your behalf
  • You can view, modify, or delete triggers at any time
  • Trigger execution logs are retained for 90 days

16.4 Shared Conversations

When you share a conversation:

  • Only content up to the share timestamp is visible
  • Recipients may fork (copy) the conversation
  • You can revoke sharing at any time
  • Forked copies remain with users who copied them

16.5 Profile Pictures

Avatar images you upload:

  • Are stored on Vercel Blob storage
  • Are publicly accessible via URL
  • Are deleted when you remove or replace them
  • Are deleted when you delete your account

This Privacy Policy was last updated on January 27, 2026.