Intendity

Legal

Privacy Policy

We respect your privacy. This policy explains what we collect, why, how we protect it, and the rights you can exercise — written in plain language.

Last updated: 2026-04-28

1. Who is the controller?

Intendity (the "Service", "we", "us") is the data controller for personal data processed through the Service. You can reach our privacy team at [email protected].

2. Data we collect

2.1 Account data

When you create an account we collect your email address, password (hashed), name and organization, and authentication metadata.

2.2 Usage data

We collect log data such as IP address, device and browser, pages viewed, and timestamps. This is used to operate, secure and improve the Service.

2.3 Customer Data

This includes the brands, competitors, queries and configuration you submit. It is processed to deliver the Service to you.

2.4 Communications

If you contact us, we keep the message and our reply for support and quality purposes.

2.5 Cookies & similar technologies

See our Cookie Policy for full detail.

3. Why we process it (lawful bases under GDPR)

  • To provide the Service — performance of a contract (Art. 6(1)(b)).
  • To secure and improve the Service — legitimate interests (Art. 6(1)(f)).
  • To send service messages — performance of a contract or consent.
  • To send marketing — only with your prior consent, which you can withdraw at any time.
  • To comply with legal obligations — Art. 6(1)(c).

4. How we share data

4.1 Service providers (processors)

We use vetted vendors to host, secure and operate the Service. Each is bound by a data processing agreement and may only process data on our instructions. Categories include cloud infrastructure, database hosting, error monitoring, email delivery, and AI model providers.

4.2 Third-party AI model providers

To produce your visibility report, we transmit prompts (which you define) to third-party AI model providers — currently OpenAI, Anthropic, Google and Perplexity. Their handling of those prompts is governed by their own terms and privacy notices. We do not include personal data of identifiable individuals in prompts unless you submit it.

4.3 Legal disclosures

We may disclose data if required by law, court order, or to protect rights, property or safety. We will challenge requests we consider overbroad where lawful to do so.

4.4 Business transfers

If we are involved in a merger, acquisition or asset sale, your data may be transferred, subject to confidentiality protections and notice where required.

5. International transfers

Some of our processors are located outside the European Economic Area. Where we transfer data, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) and apply supplementary measures where required by GDPR.

6. Data retention

  • Account data: while your account is active and up to 12 months after deletion for legal and audit purposes.
  • Customer Data: while your account is active; deleted within 30 days of account deletion, except as required by law.
  • Logs: typically 30–90 days, longer where required for security investigations.
  • Backups: rolling backups overwritten on a regular cycle.

7. Security

We use encryption in transit and at rest, role-based access controls, audit logging, and regular review of permissions. No system is perfectly secure; if you become aware of a vulnerability, please email [email protected].

8. Your rights

Subject to local law, you have the right to:

  • access your personal data;
  • correct inaccurate data;
  • delete your data ("right to be forgotten");
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time without affecting prior lawful processing;
  • lodge a complaint with your local data protection authority.

To exercise these rights, email [email protected]. We will respond within the time required by law (typically one month).

9. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you using solely automated means. Visibility scores and recommendations are generated by automated systems but are advisory and intended for use alongside human judgment.

10. Children

The Service is intended for business use and is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes

We may update this policy. Material changes will be communicated by email or in-product notice in advance of taking effect.

12. Contact

Privacy questions: [email protected]. General: [email protected]. See also our Terms & Conditions and Cookie Policy.