insy
The gap The proof The line Connections
Sign in Book a demo
The gap The proof The line Connections
Sign in Book a demo

Legal

Privacy Policy

Last updated: June 2026

On this page

    1. Who we are

    Insy8 ("we", "us", "our") provides an operations platform for merchant teams. This policy explains what personal data we collect, how we use it, who we share it with, and the rights available to you.

    When we process personal data from systems a merchant connects to Insy8, the merchant is normally the controller and Insy8 acts as processor under our Terms of Service or other signed agreement.

    2. Data we collect and why

    Data from connected systems

    If a merchant authorises an integration, Insy8 may receive data from third-party commerce, accounting, messaging, delivery, and operations systems. Depending on the connector enabled, this may include:

    • Customer or contact details, such as name, email address, phone number, and billing or delivery address
    • Order, invoice, fulfilment, and payment-related records
    • Product, inventory, location, and delivery workflow data
    • Workspace events, exceptions, approvals, comments, and audit history

    We use this data only to provide, secure, maintain, and improve the service for the merchant that authorised the connection. We do not sell personal data and we do not use merchant customer data for advertising.

    Data from merchants and team members

    • Account information, such as name, email address, role, workspace membership, and hashed password
    • Support and commercial communications with us
    • Workspace activity, including actions taken, decisions made, comments, and configuration changes

    Automatically collected data

    • Operational logs, including IP address, browser or device metadata, request path, timestamps, and error details
    • Security and audit records needed to protect accounts, investigate abuse, and maintain service integrity

    3. Legal bases

    Where Insy8 acts as controller, we rely on the following GDPR legal bases:

    • Contract. To create accounts, provide workspaces, support authorised users, and deliver the service.
    • Legitimate interests. To secure the platform, prevent misuse, debug issues, improve reliability, and communicate about the service.
    • Legal obligation. To keep records required for tax, accounting, compliance, or lawful requests.
    • Consent. Where we ask for consent for optional communications or optional processing.

    Where we act as processor, we process personal data on the merchant's documented instructions.

    4. How we store and protect data

    • Application infrastructure runs on cloud infrastructure in the EU/EEA where available
    • Primary application data is stored in a managed PostgreSQL database in the EU/EEA
    • Background jobs and short-lived operational queues are processed through managed infrastructure
    • Private export artifacts are encrypted, access-controlled, and expire automatically
    • All data in transit is encrypted using TLS/HTTPS
    • OAuth access tokens, API credentials, and application secrets are encrypted or stored in managed secret storage
    • Access to production systems is restricted to authorised personnel who need it to operate or support the service

    5. Sharing and sub-processors

    We share personal data only where needed to provide, secure, support, or comply with legal obligations for the service. Recipient categories include:

    • Cloud hosting, storage, and secrets-management providers
    • Managed database and background processing providers
    • Error monitoring, observability, and security tooling providers
    • Email, SMS, and other messaging providers used to deliver authorised communications
    • Third-party commerce, accounting, delivery, and operations services that a merchant authorises us to connect with
    • Professional advisers, regulators, or authorities where required by law

    Our sub-processors are required to protect personal data and process it only for the purposes we authorise.

    6. International transfers

    Some providers or authorised connectors may process data outside the EU/EEA. Where that happens, we use an appropriate transfer mechanism, such as an adequacy decision, Standard Contractual Clauses, or another lawful safeguard. Merchants are responsible for ensuring that the connectors they authorise are appropriate for their own compliance obligations.

    7. Retention and deletion

    We retain workspace data for as long as the workspace is active or as otherwise required to provide the service. Operational logs are retained for limited periods for security, debugging, and reliability. We may retain minimal records where required for legal, accounting, audit, or dispute-resolution purposes.

    If a merchant disconnects an integration, terminates the service, or requests deletion, we delete or anonymise personal data in accordance with our agreement, legal obligations, and technical backup cycles.

    Where a connected platform sends us a valid privacy deletion or access request, we process it according to that platform's requirements and our obligations to the merchant.

    8. Automated processing

    Insy8 does not make automated decisions about individuals that produce legal or similarly significant effects. The platform may organise work, surface exceptions, and record decisions, but human users remain responsible for business decisions made in the workspace.

    9. Your rights

    Depending on your location and our role, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. You may also have the right to complain to your local data protection authority.

    For data controlled by a merchant, please contact that merchant first. For data controlled by Insy8, send requests to info@insy8.com.

    10. Changes to this policy

    We may update this policy from time to time. We will update the date at the top of this page and, where changes are material, notify affected merchants by email or in-product notice.

    11. Contact

    For privacy questions or data requests, contact info@insy8.com.

    This policy is in process and may be updated as our legal and compliance setup evolves.

    insy

    Handoffs are visible. No work gets lost. The operating loop for goods businesses.

    Product

    • The gap
    • The proof
    • The line
    • Connections

    Company

    • Sign in
    • Book a demo
    • Privacy Policy
    • Terms of Service

    © 2026 insy8. All rights reserved.

    System health