🔒 Privacy Policy

Last Updated: January 2024

1. Introduction

Welcome to A.Insiders ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our tools, or interact with our services.

By using our website and services, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our website.

2. Information We Collect

2.1 Personal Information (Only When You Create an Account)

We collect personal information only when you voluntarily create an account or use our authentication services:

• Account Information: Email address, username, encrypted password
• Profile Information: First name, last name, bio (optional)
• Authentication Data: Session tokens, login timestamps, IP addresses for security
• Communication Data: Messages sent through our contact forms or support system

2.2 Automatically Collected Information (Minimal Technical Data)

When you visit our website, we automatically collect minimal technical information necessary for functionality:

• Device Information: IP address (for security and geolocation services), browser type, operating system
• Usage Data: Pages visited, time spent (stored locally in browser cache only)
• Technical Data: Session storage for navigation preferences, cache performance metrics
• Location Data: General geographic location (city/country level) for IP-based tools only

2.3 Third-Party Service Integration (Limited Data Sharing)

We integrate with specific third-party services for functionality, with minimal data sharing:

• Supabase (Authentication): Email, encrypted passwords, session data for user accounts
• Cloudflare R2 (Storage): Encrypted user data, session information, activity logs
• Tawk.to (Support Chat): Chat messages, IP address for support purposes only
• IP Geolocation APIs: IP addresses for location-based tools (no personal data stored)
• Hugging Face API: Text content for AI analysis (not stored, processed in real-time)
• Have I Been Pwned API: Email addresses for password breach checking (not stored)

3. How We Use Your Information (Strictly for Service Functionality)

We use collected information exclusively for providing and improving our services:

3.1 Authentication and Account Management

• User Authentication: Email and encrypted passwords for secure login via Supabase
• Session Management: JWT tokens and session data for maintaining login state
• Account Security: IP addresses and user agents for fraud detection and rate limiting
• Profile Management: Optional profile information for personalized experience

3.2 Tool Functionality and API Integration

• AI Text Detection: Text content sent to Hugging Face API for analysis (not stored)
• Password Security: Email addresses checked against Have I Been Pwned database (not stored)
• IP Geolocation: IP addresses processed for location-based tools (no personal data stored)
• Encryption Tools: Data processed locally in browser, never transmitted
• Virus Scanning: File hashes checked against security databases (files not stored)

3.3 Performance and Caching (Local Browser Storage Only)

• Browser Cache: Static assets cached locally for faster loading
• Session Storage: Navigation preferences and tool states stored locally
• Performance Metrics: Cache hit rates and loading times (stored locally only)
• Service Worker: Offline functionality and asset preloading

3.4 Security and Compliance (No Data Selling)

• Fraud Prevention: Rate limiting and suspicious activity detection
• Data Encryption: All stored data encrypted with AES-256-GCM and Kyber post-quantum encryption
• Access Logging: Authentication events logged for security auditing
• Legal Compliance: Data handling in accordance with GDPR, CCPA, and other regulations

4. Information Sharing and Disclosure (WE DO NOT SELL YOUR DATA)

IMPORTANT: We do not sell, trade, rent, or monetize your personal information in any way. We only share data with third parties when absolutely necessary for service functionality:

4.1 Essential Service Providers (Minimal Data Sharing)

We share data only with essential service providers for core functionality:

• Supabase (Authentication): Email, encrypted passwords, session data for user accounts
• Cloudflare R2 (Storage): Encrypted user data and session information
• Cloudflare (Hosting): IP addresses for security and performance optimization
• Tawk.to (Support): Chat messages and IP addresses for customer support only

4.2 API Integrations (No Personal Data Storage)

We integrate with external APIs for tool functionality, but do not store personal data:

• Hugging Face API: Text content for AI analysis (processed in real-time, not stored)
• Have I Been Pwned API: Email addresses for breach checking (not stored)
• IP Geolocation APIs: IP addresses for location tools (no personal data stored)
• Virus Scanning APIs: File hashes for security checking (files not stored)

4.3 Legal Requirements (Rare Circumstances)

We may disclose information only if legally required:

• Valid court orders or legal subpoenas
• Government investigations with proper legal authority
• Protection of our rights and property
• Emergency situations involving public safety

4.4 Business Transfers (With User Notification)

In the unlikely event of a business transfer, we will notify all users and ensure data protection standards are maintained.

5. Data Security (Military-Grade Encryption)

We implement enterprise-grade security measures to protect your personal information:

5.1 Encryption Standards

• AES-256-GCM: All stored data encrypted with military-grade symmetric encryption
• Kyber Post-Quantum Encryption: Future-proof asymmetric encryption for key exchange
• JWT Tokens: Secure session management with encrypted tokens
• HTTPS/TLS 1.3: All data transmission encrypted in transit
• bcrypt Password Hashing: Passwords hashed with 12 salt rounds

5.2 Infrastructure Security

• Cloudflare Protection: DDoS protection, WAF, and global CDN
• Rate Limiting: API endpoints protected against brute force attacks
• IP Blocking: Suspicious IP addresses automatically blocked
• Session Management: Secure session handling with automatic expiration
• Access Logging: All authentication events logged for security auditing

5.3 Data Storage Security

• Cloudflare R2: Encrypted object storage with S3-compatible API
• Supabase: Encrypted database with row-level security
• Local Browser Storage: Sensitive data never stored in browser
• Backup Encryption: All backups encrypted with separate keys
• Key Management: Encryption keys stored separately from data

6. Cookies and Local Storage (Minimal Usage)

We use minimal cookies and local storage for essential functionality only:

6.1 Essential Cookies and Storage

• Authentication Cookies: Supabase session tokens for user login state
• Security Cookies: CSRF protection and session validation
• Functional Storage: Navigation preferences and tool states (localStorage/sessionStorage)
• Cache Storage: Static assets cached for performance (Service Worker)

6.2 What We DON'T Use

• No Analytics Cookies: We don't use Google Analytics or similar tracking
• No Marketing Cookies: No advertising or marketing tracking
• No Third-Party Tracking: No social media or advertising pixels
• No Behavioral Tracking: No user behavior analysis or profiling

6.3 Cookie Management

You can control cookies through your browser settings. Disabling cookies may affect login functionality and tool preferences.

7. Your Rights and Choices (Full Control Over Your Data)

You have complete control over your personal information and can exercise these rights at any time:

7.1 Data Access and Portability

• Account Data Access: View all your stored account information through your profile
• Data Export: Request a complete copy of your data in JSON format
• Activity Logs: Access your authentication and activity history
• Session Information: View active sessions and login history

7.2 Data Modification and Deletion

• Profile Updates: Modify your profile information at any time
• Account Deletion: Permanently delete your account and all associated data
• Data Correction: Request correction of any inaccurate information
• Opt-Out: Withdraw consent for any data processing

7.3 Privacy Controls

• Session Management: Log out from all devices and terminate sessions
• Data Processing Restriction: Limit how your data is processed
• Communication Preferences: Control email notifications and updates
• Complaint Rights: Lodge complaints with data protection authorities

8. International Data Transfers (Secure Cross-Border Processing)

Your data may be processed in different countries through our secure service providers:

• Supabase: Data processed in secure data centers with GDPR compliance
• Cloudflare: Global CDN with data processing in multiple regions
• API Services: Third-party APIs may process data in their respective regions
• Safeguards: All transfers protected by encryption and data protection agreements

9. Children's Privacy (COPPA Compliance)

Our website is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@ainsiders.com.

10. Third-Party Links and External Services

Our website contains links to external services and tools. We are not responsible for their privacy practices:

• External APIs: IP geolocation, AI analysis, and security checking services
• Social Media: LinkedIn, GitHub, YouTube, Discord links (no data sharing)
• Support Chat: Tawk.to chat widget (separate privacy policy)
• Recommendation: Review external privacy policies before providing personal information

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notifications to registered users (if applicable)
• Displaying prominent notices on our website for 30 days
• Updating the policy version number for tracking purposes

Your continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Information and Data Requests

For privacy-related questions, data requests, or concerns, please contact us:

• Privacy Email: privacy@ainsiders.com
• General Contact: Contact Us Form
• Support Chat: Use the chat widget on our website
• Response Time: We respond to privacy requests within 30 days

13. Legal Basis for Processing (GDPR Compliance)

For users in the European Union, our legal basis for processing personal information includes:

• Consent: When you create an account and agree to our terms
• Contract: To provide authentication and tool functionality
• Legitimate Interest: To maintain security and prevent fraud
• Legal Obligation: To comply with applicable laws and regulations

14. California Privacy Rights (CCPA Compliance)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information (no opt-out needed)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Access: Request a copy of your personal information

15. Technical Implementation Details

For transparency, here are the technical details of our data handling:

15.1 Data Collection Technologies

• Supabase Auth: OAuth 2.0, PKCE flow, JWT tokens
• Cloudflare R2: S3-compatible API, server-side encryption
• Browser APIs: localStorage, sessionStorage, Service Worker
• Cryptographic Libraries: Web Crypto API, bcrypt, AES-256-GCM

15.2 Data Processing Architecture

• Client-Side: Minimal data processing in browser
• Server-Side: Encrypted storage in Cloudflare R2
• API Layer: Rate-limited, authenticated endpoints
• Security Layer: WAF, DDoS protection, IP filtering