Privacy Policy

1. Introduction

InsightRaider takes user privacy seriously. We process personal data transparently and in full compliance with the GDPR.

This policy explains what data we collect, how we use it, how we store it, and how we protect it.

2. Data Controller

Data Controller: InsightRaider SAS (in formation)
Contact email: [email protected]

3. Data Collected

3.1 Registration Data

• First and last name
• Email address
• Password (encrypted)
• Niche of interest (optional)

3.2 Usage Data

• Browsing activity on the service
• Products viewed
• Searches performed
• Connection logs (IP address, browser, OS)

3.3 Payment Data

Payment details (card numbers) are handled directly by Stripe and never touch our servers.

4. Why We Process Your Data

We collect and process your data for these reasons:

• Account management: creation, login, subscription handling
• Running the service: analytics access, personalized experience
• Communication: service emails, notifications, support
• Making things better: usage analysis, bug fixes, performance
• Marketing (with your consent): newsletter, offers

5. Legal Basis

Our legal grounds for processing your data:

• Contract: processing needed to deliver the service
• Legitimate interest: improving the service, security, fraud prevention
• Consent: marketing emails, analytics cookies
• Legal obligation: billing records, fraud prevention

6. Who Gets Your Data

Your data is shared with:

• InsightRaider team members who need it for service and support
• Technical providers: Vercel (hosting), Stripe (payments), Plausible Analytics (anonymous stats), Resend (transactional emails)
• Authorities, only when legally required

We never sell your personal data. Period.

7. International Transfers

Some providers (Vercel, Stripe) are based in the US. These transfers are covered by EU standard contractual clauses and comply with GDPR.

8. How Long We Keep It

• Active account: for the life of your subscription + 3 years after you leave
• Billing data: 10 years (required by law)
• Connection logs: 12 months
• Newsletter (with consent): until you unsubscribe

9. Your Rights

Under GDPR, you have the right to:

• Access: get a copy of your personal data
• Rectification: fix inaccurate or incomplete data
• Erasure: delete your data (conditions apply)
• Restriction: limit how we process your data
• Portability: get your data in a structured format
• Object: oppose processing on legitimate grounds
• Withdraw consent: take back your consent at any time

To exercise any of these, email us at: [email protected]

You can also file a complaint with your local data protection authority.

10. Cookies

10.1 Essential Cookies

Required for the service to work (login, security). No consent needed.

10.2 Analytics Cookies

We use Plausible Analytics, which collects zero personal data. No GDPR consent required.

10.3 Managing Cookies

You can turn off cookies anytime in your browser settings.

11. Data Security

We protect your data with:

• Encryption in transit (HTTPS/TLS)
• Password hashing (bcrypt)
• Secure hosting (Vercel)
• Regular backups
• Least-privilege access controls
• Security monitoring

12. Changes to This Policy

We can update this policy at any time. We'll notify you by email and publish the changes here.

Last updated: January 30, 2026

13. Contact

Questions about this policy or your data? Reach us at:

Email: [email protected]