1. Overview
IntelliCorp AI ("we", "our", or "us") operates an enterprise AI platform that helps organisations manage knowledge, answer employee queries, and automate HR workflows. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform.
By accessing or using IntelliCorp AI, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the platform.
2. Information We Collect
2.1 Account & Identity Data
When you or your organisation administrator creates an account, we collect:
- Full name, work email address, and job title
- Phone number (collected during OTP verification)
- Date of birth and company name (optional profile fields)
- Authentication credentials (passwords are hashed with bcrypt — never stored in plain text)
- Authentication provider (email, Google, GitHub, or LinkedIn)
2.2 Organisational Data
We collect data submitted by your organisation to power the platform:
- Documents uploaded to the knowledge base (HR policies, handbooks, SOPs, FAQs)
- Announcements, categories, and structured knowledge base content
- Tenant configuration including domain restrictions and organisation metadata
2.3 Usage & Interaction Data
We collect data generated by your use of the platform:
- Chat messages and conversation history with the AI assistant
- AI model selections and session preferences
- Token usage counts per conversation (used for billing and analytics)
- Feature usage patterns within your tenant workspace
2.4 Technical Data
We automatically collect certain technical information:
- IP addresses and approximate geolocation (country/region level)
- Browser type, operating system, and device identifiers
- Access timestamps and API request logs
- Error logs and performance metrics (stripped of personally identifiable information)
3. How We Use Your Information
We use collected information for the following purposes:
Platform operation: To authenticate users, enforce role-based access controls, and deliver AI-powered responses grounded in your organisation's knowledge base.
AI processing: Chat messages are processed by third-party AI providers (OpenAI, Anthropic, Google) to generate responses. Messages are sent with per-tenant context and are not used to train third-party models under our enterprise agreements.
Analytics & billing: Aggregated, de-identified usage data informs our analytics dashboards and token-based billing calculations. Individual query content is not exposed in billing reports.
Security & fraud prevention: Log data and access patterns are used to detect unauthorised access, abuse, and potential security threats.
Product improvement: Anonymised, aggregated interaction patterns help us improve platform features. We do not use individual conversation content for this purpose without explicit consent.
Communications: We may send transactional emails (OTP codes, invitations, password resets). Marketing communications are opt-in only.
4. AI Processing & Third-Party Providers
IntelliCorp AI integrates with the following AI providers to process queries:
- OpenAI (GPT-4o) — governed by OpenAI's Enterprise data processing addendum
- Anthropic (Claude Sonnet) — governed by Anthropic's API usage policies
- Google (Gemini Flash) — governed by Google Cloud's data processing terms
Under our enterprise agreements, these providers do not use your data to train their models. Each request is isolated per tenant. We do not send data to any AI provider beyond what is necessary to generate a response to the specific query.
Your uploaded documents are stored in our vector database (pgvector on PostgreSQL) and are only retrieved as context for queries made within your tenant. Cross-tenant data access is architecturally prevented.
5. Data Sharing & Disclosure
We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:
Within your organisation: Org admins and HR managers have access to usage analytics (aggregated) and knowledge base content. Individual employee conversation history is not exposed to admins.
Service providers: We engage sub-processors (cloud hosting, database providers, email delivery) who are contractually bound to process data only as instructed and implement appropriate security measures.
Legal requirements: We may disclose information if required by applicable law, regulation, legal process, or government request, provided we notify you where legally permissible.
Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before data becomes subject to a different privacy policy.
With your consent: We share information in any other circumstance with your explicit consent.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services:
- Account data: Retained for the duration of your subscription, plus 90 days after termination to allow for re-activation or data export requests
- Conversation history: Retained for 12 months by default; configurable by enterprise customers
- Uploaded documents: Retained until explicitly deleted by an authorised user or until account termination
- System logs: Retained for 90 days for security and debugging purposes
- Billing records: Retained for 7 years to comply with financial regulations
Upon account deletion, all personal data is permanently erased within 30 days, with the exception of data we are legally required to retain.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request that we limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw any consent you have previously given
To exercise any of these rights, contact us at privacy@intellicorp.ai. We will respond within 30 days. For EU/EEA users, these rights are granted under the General Data Protection Regulation (GDPR). For California residents, additional rights apply under the CCPA.
8. Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted using TLS 1.3
- Data at rest is encrypted using AES-256
- Passwords are hashed using bcrypt with a cost factor of 12
- JWT tokens use HMAC-SHA256 signatures with server-side expiration
- Multi-factor authentication (OTP) is required during registration
- Role-based access controls prevent cross-tenant data exposure
- Regular security audits and penetration testing
While we implement these measures, no system is 100% secure. We encourage you to use strong passwords and report any suspected security incidents to security@intellicorp.ai.
10. Children's Privacy
IntelliCorp AI is an enterprise platform intended for use by organisations and their employees. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify affected users via email and display a notice on the platform at least 14 days before material changes take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions, requests, or concerns, please contact:
IntelliCorp AI — Privacy Team
Email: privacy@intellicorp.ai
Response time: Within 2 business days
For EU/EEA data subjects, you also have the right to lodge a complaint with your local data protection authority.