Privacy Policy
Last updated: January 2026
1. Introduction
Intellix ("we," "us," "our") operates the Intellix Core™ business intelligence platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
By using Intellix, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.
2. Definitions
In this Privacy Policy:
- "Personal Data" means information that identifies or could identify you (e.g., your email, phone number)
- "Business Data" means the business metrics and performance data you upload or sync (revenue, ad spend, orders)
- "Your Customers" means the end users or customers of your business whose transactions generate your Business Data
- "Aggregated Data" means data combined into totals or averages where individual records cannot be identified
- "Anonymized Data" means data processed so that it cannot reasonably be linked back to an individual
3. PII-Free by Design
Intellix is architected from the ground up to process business metrics without requiring or storing your customers' personally identifiable information.
We DO NOT collect or store your customers' data:
- Customer names, addresses, or contact information
- Email addresses of your customers
- Phone numbers of your customers
- Payment card details or bank account numbers
- Social security numbers or government IDs
- Individual transaction records with customer identifiers
- Your customers' clickstream or session behavior
When customer segmentation features are used, customer identifiers are replaced with internal pseudonymous identifiers (e.g., anon_customer_id). We do not store direct customer identifiers (like names, emails, or phone numbers) in Intellix, and we enforce K-anonymity (minimum 3 customers per segment) before any cohort/segment data is processed by AI.
Note: We do collect limited workspace-level operational telemetry (feature usage, error events, performance timings) to run and secure the service. This is described in Section 9.
4. Account Information We Collect
To provide our services, we collect the following account information:
| Data Type | Purpose | Required |
|---|---|---|
| Email address | Account authentication, notifications | Yes |
| Password | Account security (stored as one-way hash) | Yes |
| Phone number | SMS two-factor authentication | Optional |
| Recovery email | Account recovery | Optional |
| Workspace name | Account personalization | Optional |
5. Business Data We Process
When you upload data or connect integrations, we process the following business metrics:
- Revenue metrics: Daily/monthly totals, not individual transactions
- Marketing performance: Ad spend, impressions, clicks, conversions (aggregated)
- Order metrics: Order counts, average order value (aggregated)
- Customer counts: New customers, total customers (counts only, no identifiers)
- Dimensional data: Channel, campaign, region breakdowns (aggregated totals)
All business data is isolated per account using database-level security. Your data is never accessible to other users, and we never aggregate data across different accounts.
Your Responsibility: You are responsible for ensuring you have the right to upload and process the business data you provide. For data synced via integrations, we act as a data processor on your behalf.
6. Third-Party Integrations
When you connect third-party platforms to Intellix, we request read-only access to retrieve your business metrics. We never create, modify, or delete data in your connected accounts.
| Platform | Data We Access | What We Don't Access |
|---|---|---|
| Google Sign-In | Email, basic profile (for authentication) | — |
| Google Ads | Campaign performance, ad spend, clicks, conversions | We cannot modify campaigns |
| Meta Ads | Campaign performance across Facebook & Instagram | We cannot modify campaigns |
| TikTok Ads | Campaign performance, video views, engagement | We cannot modify campaigns |
| Shopify | Order totals, revenue (aggregated) | Customer names, emails, addresses |
| Stripe | Payment totals, transaction counts | Customer payment details |
Token Security: OAuth access tokens are securely encrypted by our integration partner. You can disconnect any integration at any time, which immediately revokes our access.
7. AI-Powered Features
Intellix uses OpenAI's API to provide AI-powered insights. Here's how we handle your data:
What IS sent to OpenAI:
- Aggregated metric totals (e.g., total revenue: $125,000)
- Period-over-period percentage changes
- Cohort-level statistics (minimum 3 customers per cohort)
- Channel/campaign names for context
What is NEVER sent to OpenAI:
- Customer identifiers, names, emails, or contact information
- Individual transaction records
- Your account email or authentication tokens
- Any personally identifiable information
OpenAI states that data submitted via its API is not used to train their models by default. AI-generated insights include disclaimers that they are estimates only and do not constitute financial, legal, or tax advice.
8. Business Agent (Conversational AI)
The Business Agent feature allows you to ask questions about your data in natural language.
- Message storage: Your conversation history is stored to maintain context within sessions (up to 50 messages per session)
- Session management: You can delete individual sessions or all conversation history at any time
- Data sent to AI: Your questions and aggregated data summaries (never raw PII)
- Account deletion: All conversation history is permanently deleted when you delete your account
9. Operational Telemetry
We collect workspace-level operational telemetry to monitor system health and improve our services:
- What we collect: Feature usage counters, error events, API response times
- Anonymization / Pseudonymization: We do not store raw IP addresses in telemetry logs. We may derive a pseudonymous identifier from request metadata for security, abuse prevention, and reliability monitoring. We redact or remove direct identifiers such as emails and phone numbers from telemetry.
- Retention: 90 days, then automatically deleted
- Purpose: Debugging, performance monitoring, security analysis
This telemetry is never sold or shared with third parties and is separate from any data about your customers.
10. Cookies and Analytics
We use the following types of cookies:
| Type | Purpose | Required |
|---|---|---|
| Essential (Authentication) | Maintain your logged-in session securely | Yes (service won't function without) |
| Preferences | Remember your settings (theme, time window) | Yes (improve usability) |
| Analytics (Vercel Web Analytics) | Understand page views and performance | No (non-essential) |
Analytics Method: Vercel Web Analytics is designed to be privacy-focused and may use a non-cookie method to measure page views and performance.
Cookie Choices: You can manage non-essential analytics preferences at any time using our cookie preferences controls (accessible from the site footer and/or in-app settings). If you disable analytics, we stop collecting analytics data going forward.
We do not use advertising cookies or share cookie data with advertisers.
11. Data Retention
| Data Type | Retention Period |
|---|---|
| Business metrics (uploaded/synced) | While your account is active |
| AI-generated insights | Replaced on regeneration (not accumulated) |
| Business Agent conversations | Until manually deleted or account deletion |
| Forecast runs | 3 most recent kept, older purged automatically |
| Operational telemetry | 90 days |
| Database backups | 30 days (then permanently deleted) |
When you delete data or your account, it is immediately removed from our primary database. Backups containing deleted data are automatically purged within 30 days.
12. Third-Party Service Providers
We use the following third-party services to operate Intellix. All providers process data in the United States:
| Provider | Service | Data Processed |
|---|---|---|
| Supabase | Database, Authentication | Account data, business metrics |
| Vercel | Hosting, Edge Functions | Application requests, analytics |
| OpenAI | AI Processing | Aggregated metrics only (no PII) |
| Nango | OAuth Token Management | Integration access tokens (encrypted) |
| Resend | Email Delivery | Email addresses (transactional only) |
| Telnyx | SMS Delivery | Phone numbers (2FA only) |
We do not sell your data to any third party. Data is shared with subprocessors only as necessary to provide the services described above. We will notify you of material changes to our subprocessors via email or in-app notice.
13. Data Security
We maintain administrative, technical, and physical safeguards designed to protect Personal Data and Business Data. These safeguards include encryption, access controls, tenant-level data isolation, and measures to detect and prevent abuse.
Two-factor authentication is available for added account protection.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
14. Security Incident Response
In the unlikely event of a data breach affecting your information, we will notify affected users without undue delay and, where required by law, notify relevant regulatory authorities. Notifications will include the nature of the breach, what data was affected, and steps you can take to protect yourself.
15. Your Rights
You have the following rights regarding your data:
Right to Access
View all your data through the Intellix dashboard. Your business metrics, insights, and settings are accessible in the application interface.
Right to Export (Data Portability)
Export your data using the Export feature in Settings. Your data will be provided in standard formats (CSV, JSON).
Right to Rectification
Delete incorrect data and re-upload corrected data at any time through the Manage Data section.
Right to Erasure (Right to be Forgotten)
Delete your account and all associated data through Settings → Delete Account. This action is permanent and removes all your data from our primary systems immediately. Backups are purged within 30 days.
Right to Disconnect
Disconnect any third-party integration at any time through the Data Sources settings. This revokes our access to that platform immediately.
16. United States Only; International Access
Intellix is offered to users located in the United States, and our services and subprocessors operate in the United States. If you access the service from outside the United States, your information may be processed and stored in the United States.
17. California Privacy Rights (CCPA/CPRA)
If you are a California resident, this section provides the disclosures required under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Notice at Collection
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Identifiers | Email address | Account authentication | While account active |
| Account credentials | Hashed password | Account security | While account active |
| Phone number (optional) | Mobile number | Two-factor authentication | Until removed by user |
| Internet activity | Feature usage, application usage analytics | Service operation, security | 90 days |
Sources: Directly from you (registration, settings) and automatically (telemetry, analytics).
Your Rights
- Right to Know: Request details about personal information collected, used, and disclosed
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
- Non-Discrimination: We will not discriminate against you for exercising your rights
Opt-Out Signals: Where required by law, we process opt-out preference signals (such as Global Privacy Control) as an opt-out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising.
To exercise your rights: Contact privacy@intellix.io. We will verify your identity and respond within 45 days.
18. Age Requirements
Intellix is a business intelligence tool designed for business users. Our services are intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18 years of age. If you are under 18, please do not use our services or provide any information to us.
19. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification to the address associated with your account.
20. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: