プライバシーポリシー

Welcome to GoInsight.AI!

GoInsight.AI is an enterprise-class collaborative AI platform provided by SAND STUDIO PTE. LTD., a Singapore company (registered in Unit 30-15, Level 30, Singapore Land Tower, No.50 Raffles Pl, Singapore 048623), and/or its affiliates (hereinafter referred to as “SAND STUDIO,” “the Company,” or “we”), offering GoInsight.AI SaaS services to business entities.

If you have any questions or concerns about this privacy policy, or if you want to exercise your legal rights, please contact us at dpo@goinsight.ai.

The GoInsight.AI Privacy Policy (hereinafter referred to as “these Rules”) outlines how we collect, use, process, and protect personal data from users and employees and/or other users who are authorized to use GoInsight.AI (hereinafter referred to as “you”) through our website (hereinafter referred to as “Website”) and/or GoInsight.AI services (hereinafter referred to as “Services”).

By using the website and services, or interacting with our business, you agree to our collection, use, processing, and protection of your personal data as described in this privacy policy.

This privacy policy does not apply to third-party products or services developed through the use of our website and/or services, nor to scenarios where third-party products or services integrate our website and/or services to process end-user personal data. We are not aware of the specific user behaviors of third-party products and/or services and are not responsible for their actions. We recommend that you carefully read the privacy policies and relevant rules of third-party product and/or service providers, and ensure that you fully understand and agree to how they collect and use end-users' personal data before using third-party products and/or services.

1. What do we collect and how do we use it?

1.1 We collect personal data directly from you, as well as data that is collected through our websites, services, and other sources, as described below.

1.1.1 This subsection applies to visitors of this website, cloud-hosted services, and exclusive cloud-hosted services. If you fall into any of these scenarios, we collect the following categories of data:

Personal data directly from you
What we collect	How we use it
During registration, setup, and login, we collect the following account information from you: Username Hashed login password Email address IP address Company name Company address Company phone number Full name	To allow you to log in to your account To manage your account information and permissions. To verify your user identity, check account security, and prevent fraud and security risks. To display your account information. To process your orders. To match the correct service permissions to your account. To send notifications on changes, updates, and upgrades related to our services. To prepare contracts and agreements with you. To conduct research on new products, services, and markets. To manage our business operations. To send marketing and promotional materials and seek business cooperation. To comply with applicable laws and administrative regulatory requirements.
Order and Transaction Data Order Number, price, payment date, payment method, business payment account name (We will not store your complete credit card information.) PayPal order information (Recurring ID and order number) Stripe order information (Recurring ID and order number, your ID or your company ID) (If you choose to remember the card number, we will store the last four digits only.) Alipay order information (Recurring ID and order number)	To process orders, and To process payment information.
When you use our website and services, the user content you provide includes: Documents, images, data, and feedback you upload to the service. Input and output data, knowledge base content, and other AI interaction data that you publish, send, receive, and share through our services. If this user's content is stored in our cloud database, we will delete it within 180 days.	To automate decisions (perform functionalities). To transmit data To identify anomalies and errors. To identify, prevent, and address technical or security issues, including: fraud and illegal activities, technical vulnerabilities, abusive behavior, security concerns and other technical problems.
When you use our support channels, we collect the following information: Summaries, screenshots, and any other documents or information that may assist in addressing your issues. Your feedback, consultation requests, suggestions, and opinions. Your contact details, including your email address.	To communicate with you and manage your requests during customer support services. To verify your identity. To conduct research on new products, services, and markets.
When you visit our website, we also collect: Your account details if you register or log in. Your request. The date and time of your visit. The specific page you are viewing. Your IP address	To allow you to log in to your account To communicate with you and manage your requests during customer support services. To identify issues with our website. To monitor the usage of the website.
Data automatically collected through our websites and services
What we collect	How we use it
When you use this website or service, we automatically collect the following information: Your IP address. Your account settings Your account preferences Information on any wrong or crashed statistical data. Relevant details about your device, including: IMEI, IMSI, MAC, Android ID, system version, system language, CPU model, memory and hard drive usage (This content applies to websites and also apps when available). Metadata	To identify and resolve errors and malfunctions in our websites and services. To identify, prevent, and address technical or security issues, including: fraud and illegal activities, technical vulnerabilities, abusive behavior, security concerns and other technical problems. To summarize statistical data To determine service consumption for accurate billing. To maintain and enhance overall performance.
When you use this website or service, we automatically collect the following information: Cookies and similar technologies. On how we use cookies, please refer to our Cookie Policy.	To improve user experience and website performance.
Personal data collected from other sources
What we collect	How we use it
Information related to third-party login ( third-party login support)	To allow you to log in to your account. To verify your user identity, check account security, and prevent fraud and security risks. To display your account information. To send notifications on changes, updates, and upgrades related to our services. To match the correct service permissions to your account. To send marketing and promotional materials.
Data integrated with third-party services and processed by us if our services support such integration.	To collaborate with third-party services. To send marketing and promotional materials. To troubleshoot
Information transmitted by the language model.	To transmit data. To automate decisions (perform functionalities).
Data collected from or provided by third parties, which may include: company name, address, email address, business contact information, questions or feedback, and comments.	To enable contact with your companies for business cooperation opportunities.

1.1.2 This subsection applies to self-hosted services. If you fall into any of these scenarios, we collect the following categories of data:

Data you provide directly and data we automatically collect from our cloud
What we collect	How we use it
During registration, setup, and login, we collect the following account information from you: Username Hashed login password Email address IP address Company name Company address Company phone number Full name We collect the following account authorization information: Your current subscription level, which may include options such as: Professional Edition or Enterprise Edition The duration for which your license is valid. The specific functional modules or features and usage quotas you are permitted to use, which may include: maximum user count limits	To allow you to log in to your account To manage your account information and permissions. To match the correct service permissions to your account. To verify your user identity, check account security, and prevent fraud and security risks. To display your account information. To process your orders. To identify and match your account's subscription level, specific functional permissions, and use quotas. To send notifications on changes, updates, and upgrades related to our services. To prepare contracts and agreements with you. To conduct research on new products, services, and markets. To manage our business operations. Send marketing and promotional materials, and seek business cooperation. To comply with applicable laws and administrative regulatory requirements. To determine service consumption for accurate billing.
(Optional) If you use our cloud-based LLM service, we automatically collect: Metadata of service use, including API call count, timestamp, and number of computing resources/tokens consumed.	To determine service consumption for accurate billing.
In self-hosted mode, we do not collect: knowledge base content stored in your local environment; AI interaction data generated using your self-deployed LLM. For users of our cloud-based LLM service, we do not collect AI interaction data such as queries and responses. We only collect metadata necessary for calculating tokens and quotas.

1.1.3 For on-premises services, we do not collect any data unless you make a specific request.

Under the on-premises service model, GoInsight.AI operates as a software system entirely controlled by your company within its organizational environment. As the system is fully deployed within your company's local infrastructure, we neither access nor collect your personal data—including account information, business content, and data used—as all such data remains under your company's complete control. Data collection may occur solely in response to your request for technical support or upon making special requests, with such interactions governed by a separately executed support agreement. Furthermore, your use of the service is subject to your organization’s policies. We disclaim any responsibility for your organization’s privacy or security practices, which may differ from this policy.

1.2 Model Provider's Personal Data Collection and Rules of Use. In relation to any service model—including cloud-hosted, dedicated cloud-hosted, self-hosted services, or on-premises services—please be advised that upon your selection of artificial intelligence large models (including large language models, LLMs), the data processing activities between you and the model provider, as well as the rules governing the collection, use, transmission, and storage of personal data, will be governed by the model provider's terms of service, privacy policies, data processing agreements, and other legal documents of similar nature (collectively referred to as the “Model Provider's Legal Documents”). As we are not the developer of these LLMs, we cannot be held liable for the Model Provider's Legal Documents, the content they provide, or their privacy and data security practices. We strongly advise you to carefully read and understand these legal documents prior to using third-party AI large models (including LLMs). To maintain transparency and protect your personal data:

1.2.1 Cloud-Based LLMs. Cloud-based LLMs refer to third-party AI large models (including LLMs) that are directly integrated and provided as part of our service for your selection. You may view the list of model providers we employ and provide, along with their privacy rules, via (link).

1.2.2 Enterprise-Owned LLMs. Enterprise-Owned LLMs refer to all AI large models (including LLMs) independently selected, deployed, configured, and integrated into this service by your company. Sources may include, but are not limited to, models developed in-house by your company, models co-developed by your company and third parties, or large language models licensed from other model providers. Given our inability to ascertain the specific types of LLMs selected by your company or associated operation details, we cannot provide a comprehensive list of enterprise-owned LLM types or corresponding privacy policy links. It is important to note that the integration of these enterprise-owned LLMs into our platform is entirely determined by your company, and such LLMs may not be listed among the cloud-based LLM providers. For privacy protection rules concerning enterprise-owned LLMs, please contact your company based on your specific circumstances or independently review the publicly available official privacy policies of such enterprise-owned LLMs.

2. How do we share and disclose personal data?

We may share or disclose personal data we collect under the following circumstances:

Based on Your Consent. We may share and disclose your data with our affiliates, third-party services, or for the specific purpose for which you provided the information to the platform you requested or authorized, provided we have obtained your consent. This includes sharing with third parties you voluntarily choose.
Collaboration with Service Providers. To facilitate the provision of services to you, we may share and disclose data relevant to our operational functions with third-party service providers who process your personal data on our behalf. These service providers may include, but are not limited to: website and application development and operation partners, model providers (including large language model providers), artificial intelligence technology providers, third-party service integrators, third-party login, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, and analytical service providers.
Sharing with Advertising and Analytics Partners. We may share data collected during your use of our website with advertising or analytics partners. This collaboration aids in promoting our website and services and allows us to measure the effectiveness of our advertising campaigns.
Disclosure to Business Partners. We may share and disclose data with business partners, which may include subcontractors, distributors, hosted service providers, integration partners, and referral partners, for the purpose of recommending our products or services to you.
Company Transactions. In the event of company restructuring, merger, division, sale, dissolution, or similar transactions, your data may be disclosed or transferred to buyers or successor entities that can continue to provide services to you.
Legal Compliance. We may share and disclose your data when we believe it is necessary and appropriate to do so in specific circumstances, including: complying with applicable laws, regulations, decisions, judicial orders (including subpoenas); responding to requests or orders from regulatory authorities, law enforcement agencies, or judicial bodies, and inquiries from regulatory or law enforcement agencies; defending against legal claims; protecting the security of our website and services; safeguarding the rights, property, or safety of you, us, or others.
Within Our Group. We may share your personal data with other members of our group to facilitate the storage of data and the provision of services, including but not limited to research and development, security, customer support, and technical assistance.
Anonymous and Aggregated Data. If your personal data is anonymized and aggregated in such a way that it cannot identify you, it may not be considered personal data and may be shared.

3. What are the third-party products and services?

If you use any third-party products and services, including third-party plugins or APIs, on this website or within our services, you agree that we are not responsible for those third-party products and services, whether they are provided by us or chosen voluntarily by you. Third-party products and services are governed by their own privacy policies, which are independent and separate from our policies. By continuing to use such services, you agree that the privacy policies of these third parties will also apply to you during the service process. We strongly recommend that you carefully read and understand the terms and practices of any third-party products and services regarding personal data protection.

To maintain transparency and protect your personal data, please visit (link) to view the list of third-party products and services we use or provide, along with their respective privacy policy links.

If you choose to use any third-party products and services not listed in the above link during your use of our services, please ensure that you read and understand the privacy policy of those third parties before proceeding.

4. How do we ensure data security?

We are dedicated to safeguarding the security of your personal data. We implement reasonable and appropriate technical and organizational measures in accordance with applicable laws. These measures include, but are not limited to: HTTPS encrypted transmission, AES-256 encrypted algorithm to protect databases and file storage, penetration testing and other security measures to protect your data from accidental or unlawful destruction, damage, loss, alteration, and unauthorized access, disclosure, or misuse. However, it is important to note that no application, system, software, network, or transmission method is completely secure, error-free, or indestructible. While we cannot guarantee absolute security for our services or your personal data, we are committed to maintaining data security at a commercially and technically reasonable level.

5. Where is the data transmitted and stored?

5.1 Our core servers and databases are located in the United States. Specifically, this means:

Service mode	Where is the data transmitted and stored
Cloud-hosted service	All data generated through your use of this service will be transmitted to our servers located in the United States for processing and storage.
Exclusive cloud-hosted service	All data generated through your use of this service will be transmitted to our servers located in the United States for processing and storage. Your data will be stored in a separate, logically or physically isolated environment specifically designed for your company.
Self-hosted services	A. We collect only the account information and authorization data necessary for the performance of our services, along with any metadata used by our cloud-based language models. Only this data will be transmitted and stored on our servers in the United States. B. Except as described in Section A, all other data you generate in the service (such as knowledge base content, AI interaction data, etc.) will be stored and processed in an environment controlled by your company. As the data controller, your company retains complete control over this data and is responsible for establishing data transmission rules and storage locations in compliance with applicable laws.
On-premise service	A. In the normal course of service operation, we do not collect, transmit, or store any personal data. B. All data you generate in the service will be stored and processed in an environment controlled by your company. As the data controller, your company retains complete control over this data and is responsible for establishing data transmission rules and storage locations in compliance with applicable laws.

5.2 Data from Third-Party Services. When using products and/or services, website, or content from third parties, your personal data may be transferred to and processed in the countries or regions where these third-party service providers and partners are located. The data protection laws in these jurisdictions may differ from those in your country or region. Particularly, if you opt to use a large language model (LLM), the location of data transmission and storage will depend on the service mode selected by your company, the specific language model chosen, and the transmission and storage mechanisms established by the model provider. If you choose a third-party large language model, your data will be transmitted to the server of the model provider, with the specific storage location determined by that provider, which may be situated in the United States or other countries or regions. This data transmission and storage process is entirely independent of SAND STUDIO and is governed by the agreements between you and/or your company and the model provider.

5.3 International Transmission. In instances of transferring personal data through cloud-hosted services, exclusive cloud-hosted services, and/or self-hosted services on this website, we will adhere to applicable data protection laws. When your data transfer is subject to the regulations of the European Economic Area (EEA), the United Kingdom, or Switzerland, we will implement appropriate protective measures to safeguard your personal data. This may include employing standard contractual clauses for corporate clients, adopting applicable cross-border data transfer mechanisms, or implementing other necessary legal protections. For personal data transmitted under on-premise services, your company bears full responsibility for developing and implementing appropriate protective measures. We encourage you to contact your company administrator for further consultation.

6. How long will the data be stored?

We will retain the personal data we collect from you for a reasonable period of time necessary to achieve the purpose of collection, fulfill legal obligations, and resolve disputes.

6.1 For this website, under the mode of cloud-hosted services, exclusive cloud-hosted services, and/or self-hosted services, we adopt the following rules of storage:

6.1.1 Data while the account is active: as long as your account is valid and active, we will retain the data necessary to provide and maintain our services, including your account information, configuration settings, and data of service use.

6.1.2 Data after account termination: Following the termination of your account, we will retain certain data for a reasonable period for the following purposes:

A. To maintain appropriate business and financial records.

B. To comply with applicable laws, such as those related to finance, taxation, or auditing.

C. To resolve potential disputes, enforce our agreements, or protect our legitimate interests.

D. To send you marketing promotional materials and seek commercial cooperation until you withdraw your consent or refuse further communication.

6.1.3 Handling After the Expiration of the Retention Period. After the expiration of the aforementioned retention period, we will securely delete or irreversibly anonymize your personal data. If technological limitations or unreasonable economic costs prevent us from doing so, we will implement appropriate security measures to isolate the data and cease further processing until deletion or destruction becomes feasible.

6.2 Mode of On-premise Service. If we provide on-premise services to your company, all data within that service is under the control of your company. Consequently, your company is responsible for establishing its own data protection and retention policies. Please consult your company administrator for any related questions, as we cannot directly address them.

7. How do you access and control your personal data?

7.1 Depending on your country/region and applicable laws, you may have the right to:

Access your personal data;
Correct incomplete or inaccurate personal data;
Delete your personal data.
Request to restrict or oppose the processing of your personal data;
Free from discrimination for your exercise of rights; and/or
Complain to regulatory agencies.

7.2 If you want to exercise your rights related to this service, you may access and control your personal data through a visual interface. However, if you are employed by a company or become a team member, your ability to exercise certain rights may be limited by the permissions granted to you by your employer, as well as the company’s privacy policies and internal regulations. Please note that for company users, your data is managed by the organization to which you belong, and their privacy and security practices may differ from this policy. For any data and privacy concerns, please contact the administrator of your company. We will not process requests directly and will first notify your company, following their instructions.

7.3 If you want to exercise your rights related to this website, please send an email to dpo@goinsight.ai. When submitting a request, ensure you provide sufficient information to verify your identity and clearly explain the nature of your request. We will comply with applicable laws and respond to your request after appropriate verification.

8. Children’s Privacy

Our website and services are exclusively available to corporate clients. We do not offer services specifically for children. If you are aware, or have reason to believe, that children have provided us with personal data through our website or services, please contact us immediately at dpo@goinsight.ai. Upon receiving such information, we will take prompt action to delete any personal data we control that pertains to children.

9. Modification and Update

We will regularly review this privacy policy and may post updates on this webpage without prior notice. The effective date of the new policy will be indicated at the top of this section.

If any modification or update to this policy affects your rights, your continued access and use of the website or services after the publication of the revised policy constitutes your acceptance of the modified terms. If you do not agree with the revised privacy policy, please discontinue access to and use of the website and services.

10. How to Contact Us

If you have any questions regarding this privacy policy, you can reach us through the following methods:

Email: dpo@goinsight.ai

Registered address: Unit 30-15, Level 30, Singapore Land Tower, No.50 Raffles Pl, Singapore 048623

Supplementary Terms - Specific Jurisdictions

In the event of a conflict between the relevant supplementary terms applicable to the jurisdiction where you access and use the website and services and the provisions in this privacy policy, the supplementary terms for that specific jurisdiction will take precedence over the conflicting parts. The non-conflicting provisions will remain in effect.

US

If you use our website and services in the following states, the additional terms outlined below will apply: California, Iowa, Nebraska, Delaware, New Hampshire, New Jersey, Virginia, Montana, Texas, Oregon, and Utah.

Your Right

If the applicable laws of the state where you use our website and services provide relevant regulations, you may have one or more of the following rights concerning your personal data:

Right to Know: You have the right to know what personal data we collect about you, including the categories of personal data, its sources, our business purposes for selling or sharing that data, and the types of third parties to whom we disclose it.
Access and Data Portability: You have the right to request a copy of the personal data we have collected about you within the past 12 months.
Right to Delete: You have the right to request the deletion of personal data we have collected from or about you, subject to certain exceptions.
Right to Correct: You have the right to request corrections to any inaccuracies in the personal data we hold about you.
We do not sell the personal data of users in these regions. Your browser may offer a “Do Not Track” option, allowing you to signal to operators of websites, web applications, and services that you do not wish to be tracked across different sites or over time that you do not wish to be tracked across websites. Please note that GoInsight.AI may not currently support “Do Not Track” requests.
Unsubscribe: If you are a business representative, we may use your personal data to contact your company regarding business opportunities and send marketing or promotional materials. You may opt out by unsubscribing or replying to emails, or by contacting us at dpo@goinsight.ai.

To exercise your rights or submit inquiries, please contact us via email. We will verify your identity according to applicable laws before processing your request. Requests must be sent from and verified using the email address associated with your registered account. If you are employed by a company or become a team member, certain rights may be subject to permissions granted by that organization. We will notify the organization and act according to its instructions.

If we make a decision regarding your request, you may respond via email to file an appeal. We will not discriminate against you for exercising your rights. However, please note that certain features or functionalities of our website or services may change as a result, and you may no longer be able to use specific services.

Canada

If you use our website and services in Canada, the additional terms outlined below will apply:

Your Right

If the applicable laws of the federal or provincial jurisdiction where you use our website and services provide relevant regulations, you may have one or more of the following rights concerning your personal data:

Rights to Access: You have the right to access the personal data we hold about you.
Right to Correct: You have the right to request corrections to any inaccuracies in the personal data we hold about you.
Withdrawal of Consent: You have the right to withdraw your consent regarding our collection, use, and disclosure of your personal data at any time.
Unsubscribe: If you are a business representative, we may use your personal data to contact your company regarding business opportunities and send marketing or promotional materials. You may opt out by unsubscribing or replying to emails, or by contacting us at dpo@goinsight.ai.

Brazil

If you use our website and services in Canada, the additional terms outlined below will apply:

Your Righ

If you use our website and services in Brazil, we will respond to and fulfill your requests to exercise your rights in accordance with Brazil's General Data Protection Law (LGPD):

Rights to Access: You can access your personal data and understand the relevant information regarding data processing.
Right to Correct: You have the right to request correction of incomplete, inaccurate, or outdated personal data.
Right to Delete: You can request the anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant personal data.
Right to Information: You have the right to understand the purpose for which your personal data is collected and processed.
Withdrawal of Consent: You can withdraw your consent for the processing of your personal data at any time.
Right to Object: You may object to the use of your personal data for direct marketing, automated decision-making, or profiling purposes.
Right to Know About Automated Decision-Making: You have the right to understand and demand a human review of decisions based on automated processing.

We will verify your identity according to applicable laws before processing your request. Requests must be sent from and verified using the email address associated with your registered account. If you are employed by a company or are a team member of a company, certain rights may be subject to permissions granted by that organization. We will notify the organization and act according to its instructions.

In some cases, we may have legitimate reasons not to comply with certain requests you make regarding your rights. For example, we may choose not to disclose information if doing so could negatively impact our business or risk infringing on our confidential information or intellectual property. If you intend to exercise your rights or have any questions regarding this process, please contact us via email.

European Economic Area, UK, and Switzerland

If you use our website and services in the European Economic Area, the UK, and Switzerland, the additional terms outlined below will apply:

Lawfulness of Data Processing

We only collect, use, and store your personal data within the minimum scope permitted by applicable law.

A. The following table outlines the legal bases for processing your personal data by visitors, cloud-hosted services, and/or exclusive cloud-hosted services on this website:

Personal data category	How to use	Legal basis
During registration, setup, and login, we collect the following account information from you: Username Hashed login password Email address IP address Full name Company information: Company name, address, phone number	Log in to your account and verify your identity. View and manage your account information and permissions. Check the security of your account. Process your orders. Match the correct service permissions to your account. Offer customer support services. Send marketing and promotional materials, and seek business cooperation.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include troubleshooting, customer support, marketing, and promotional activities. To protect our own rights and the rights of third parties, while ensuring that your data protection rights are not infringed upon. To comply with applicable data protection laws and regulations.
We automatically collect the following equipment and network information: The pages you visited Your IP address. Relevant details about your device, including: IMEI, IMSI, MAC, Android ID, system version, system language, CPU model, memory and hard drive usage (This content applies to websites and also apps when available).	Observe and supervise the usage of this website. Identify, troubleshoot, and resolve technical and security issues. Summarize statistical data from the website and services. Understand how services are used. Conduct research on new products, services, and markets. Maintain and optimize the website and services. Improve user experience.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include resolving faults, enhancing stability and security, and improving websites and services.
Order and Transaction Data Order number; Price; Payment date; Payment method; Business payment account name (We will not store your complete credit card information.) PayPal order information (Recurring ID and order number) Stripe order information (Recurring ID and order number, your ID or your company ID) (If you choose to remember the card number, we will store the last four digits only.) Alipay order information (Recurring ID and order number)	Process order and payment information.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To protect our own rights and the rights of third parties, while ensuring that your data protection rights are not infringed upon.
Account settings information: Your account settings information; and Your account preferences.	Identify, troubleshoot, and resolve technical and security issues. Summarize statistical data from the website and services. Improve user experience.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include resolving faults, enhancing safety.
Information About the Use of Websites and Services: Statistical data related to website errors or crashes. Documents, images, data, and feedback that you upload to the service. Metadata User Content Documents, images, data, and feedback that you upload to the service. Input and output content, knowledge base content, and other AI interaction data that you publish, send, receive, and share through our services. (If any of the above user content is stored in our cloud database, it will be deleted within 180 days.)	Automate decisions (perform functionalities). Transmit data Identify anomalies and errors, prevent, and address technical or security issues. Summarize statistical data. Optimize websites and services. Determine service consumption for accurate billing. Maintain and optimize the website and services. Improve user experience.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include resolving faults, enhancing security and stability, and conducting data statistics. To protect our significant interests and those of third parties. To fulfill our legal obligations and comply with applicable laws, regulations, judicial procedures, and mandatory government requirements.
Customer Support Information: Summary of the problem, including screenshots and any other relevant documents or information. Records of feedback, consultations, suggestions, opinions, and requests, including matters, dates, and times.	Customer support services.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include communicating with you and troubleshooting.
Third-Party Data: Information related to third-party login ( third-party login support) Data integrated with third-party services and processed by us if our services support such integration. Information transmitted by the language model. Data collected from or provided by third parties, which may include: company name, address, email address, business contact information, questions or feedback, and comments.	Log in to your account and verify your identity. Display and manage your account information. Collaboration with third party services. Match the correct service permissions to your account. Troubleshoot. Identify, troubleshoot, and resolve technical and security issues. Transmit data. Automate decisions (perform functionalities). Send notifications and marketing materials related to the service. Develop new features and products; and Improve user experience.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include troubleshooting, improving safety and stability, conducting marketing and promotion To fulfill our legal obligations and comply with applicable laws, regulations, judicial procedures, and mandatory government requirements.

B. The following table outlines the legal bases for processing your personal data by self-hosted services on this website:

Personal data category	How to use	Legal basis
During registration, setup, and login, we collect the following account information from you: Username Hashed login password Email address IP address Company name Company address Company phone number Full name We collect the following account authorization information: Your current subscription level, which may include options such as: Professional Edition or Enterprise Edition The duration for which your license is valid. The specific functional modules or features and usage quotas you are permitted to use, which may include: maximum user count limits	Log in to your account and verify your identity. Display and manage your account information and permissions. Match the correct service permissions to your account. Checking account security. Process your orders Send notifications on changes, updates, and upgrades related to our services. Send marketing and promotional materials, and seek business cooperation.	To fulfill our contractual obligations with the company you belong to, provide services, and execute relevant service terms and applicable legal documents. To protect our own rights and the rights of third parties, while ensuring that your data protection rights are not infringed upon. Comply with applicable data protection laws.
(Optional) If you use our cloud-based LLM service, we automatically collect: Metadata	Determine service consumption for accurate billing.	To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents. To pursue our legitimate interests, which include billing.

Personal data category

How to use

Legal basis

During registration, setup, and login, we collect the following account information from you:

Username
Hashed login password
Email address
IP address
Company name
Company address
Company phone number
Full name

We collect the following account authorization information:

Your current subscription level, which may include options such as: Professional Edition or Enterprise Edition
The duration for which your license is valid.
The specific functional modules or features and usage quotas you are permitted to use, which may include: maximum user count limits

Log in to your account and verify your identity.
Display and manage your account information and permissions.
Match the correct service permissions to your account.
Checking account security.
Process your orders
Send notifications on changes, updates, and upgrades related to our services.
Send marketing and promotional materials, and seek business cooperation.

To fulfill our contractual obligations with the company you belong to, provide services, and execute relevant service terms and applicable legal documents.
To protect our own rights and the rights of third parties, while ensuring that your data protection rights are not infringed upon.
Comply with applicable data protection laws.

(Optional) If you use our cloud-based LLM service, we automatically collect:

Metadata

Determine service consumption for accurate billing.

To fulfill our contractual obligations with the company you belong to, provide services and execute relevant service terms and applicable legal documents.
To pursue our legitimate interests, which include billing.

C. The following table outlines the legal bases for processing your personal data by on-premise services on this website:

Personal data category	How to use	Legal basis
We do not collect your personal data. Personal data is fully controlled by your company.	For information on how your personal data is used, please contact the administrator of your company.	For information on how your personal data is used, please contact the administrator of your company.

Your Right

If you use our website and services in the European Economic Area, the UK, and Switzerland, we will respond to and fulfill your requests to exercise your rights in accordance with Brazil's General Data Protection Law (LGPD):

Right to know: You can understand how your personal data is collected and used.
Right to Access: You can request access to your personal data held by us.
Right to correct: You can request correction of inaccurate or incomplete personal data.
Right to delete (Right to be forgotten): You may request the deletion of your personal data in certain circumstances.
Right to Restrict Processing: You may request that we restrict our processing of your personal data in certain circumstances.
Data portability: Where technically feasible, you can request to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another data controller where possible.
Right to object: In certain circumstances, you may object to the processing of your personal data.
Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing. You may choose not to use this service or the suggestion generated from the service.
Right to file complaints with a supervisory authority or government agency.
Unsubscribe: If you are a business representative, we may use your personal data to contact your company regarding business opportunities and send marketing or promotional materials. You may opt out by unsubscribing or replying to emails, or by contacting us at dpo@goinsight.ai.

If you are employed by a company or are a team member of a company, that company is the data controller for your personal data. We act as a data processor processing data on behalf of the data controller, in accordance with the controller’s instructions and applicable law. Before processing your personal data, the data controller must obtain your consent or a lawful basis. If you exercise your rights regarding this service, we will verify your identity, notify the data controller of any relevant matters, and process your request in accordance with applicable laws, the data processing agreement, and the data controller’s instructions.

If you intend to exercise your rights or have questions about exercising them, please contact us.