Privacy

insightful.cx is an opinionated qualitative research analysis tool for senior UX researchers. We work with research data — interview transcripts, participant metadata, video recordings — that is by definition sensitive. This page describes how we handle it.

What data we hold

Per project, we store: the transcripts and metadata you upload; the codes, themes, findings, quotes, and clips your analysis produces; an audit log of every model call (the prompt sent, the model used, the tokens consumed); and the rendered artefacts (.docx, .pptx, .mp4) you generate.

Where it lives

All structured data is stored in Supabase Postgres in the ap-southeast-2 (Sydney) region. Source video files referenced in your analysis remain on your local machine — we do not upload them. Rendered artefacts are written to a local workspace folder you control.

What goes to Anthropic

Transcripts and prompt context are sent to Anthropic's Claude API for analysis. The traffic is described in our model-routing table: Haiku for cheap classification, Sonnet for coding and counter-example search, Opus for synthesis. We do not send data to OpenAI, Google, Mistral, or any other LLM provider. Anthropic's data-handling policy is the binding upstream contract; we do not retain prompts or completions outside our own audit log.

Consent posture

Each project has an explicit consent posture set by you. For MVP-1, the supported posture is "Confirmed by owner — full content processing permitted." A future "Anonymise before processing" posture is on the roadmap.

Tenant isolation

Every researcher sees only their own projects. Postgres row-level security policies and application-layer ownership checks both enforce this — the application-layer checks are the primary protection.

Authentication

Sign-in is by magic-link. We use Supabase Auth and Resend for transactional email. Access is invitation-only — see /terms for the access policy.

Audit trail

Every model call writes a row to the stage_runs table with the prompt template version, model, token counts, and cost. We keep this for as long as the project exists. You can view the chain of stage_runs that produced any given finding from the finding card.

Retention and deletion

Project data is retained until you delete the project. Deleting a project cascades to every related row.

Contact

For privacy questions: jas@ortomate.ai.

This page reflects MVP-1 reality and will evolve as the product does.