Privacy Policy

Inslo (“we”, “our”, “us”) is a privacy-first analytics platform for mobile and web, operated by Inslo. You can reach us at our contact form.

Event data. When you instrument your app or website with Inslo, we receive the events you explicitly send — event name, timestamp, platform (iOS / Android / web), session identifier, and any custom properties you attach. We never infer or derive data beyond what you send.

Account data. When you sign up, we store your email address and a hashed password (managed by Supabase Auth). We also store workspace and project names you create.

Billing data. Subscription and payment details are handled entirely by Stripe. We store a Stripe customer ID and subscription status in our database; we never see or store full card numbers.

We are designed from the ground up to avoid personal data:

• No cookies — first- or third-party
• No browser fingerprinting
• No IP address logging
• No device identifiers (IDFA, IDFV, Android Advertising ID)
• No names, emails, or other PII from your end users
• No cross-site or cross-app tracking

All analytics data in Inslo is aggregate-only. Your end users are never individually identified.

We use account data to operate the service: authenticate you, send transactional emails (password resets, trial reminders), and process billing.

We use event data exclusively to power your analytics dashboard. We do not sell it, share it with third parties for advertising, or use it to build profiles of any kind.

All data is stored and processed exclusively within the European Union. Our entire infrastructure — the ingest API, the dashboard, and the database — runs in Stockholm, Sweden (AWS eu-north-1 / Fly.io arn / Vercel arn1). Data is encrypted at rest and in transit (TLS 1.2+). Access to production databases is restricted to authorised personnel only.

Event data is retained for the duration defined by your plan (30 days on Starter, 1 year on Growth, 3 years on Scale). When your account is deleted, all associated data is permanently removed within 30 days.

GDPR (EU/EEA). You have the right to access, rectify, or erase your personal data, to restrict or object to processing, and to data portability. To exercise these rights, email our contact form.

CCPA (California). We do not sell personal information. California residents may request disclosure of any personal information we hold about them.

PECR (UK). We use no cookies and no electronic tracking technologies, so PECR consent requirements do not apply to Inslo's analytics. Your users will never be asked for cookie consent because of us.

We work with a small number of sub-processors to operate the service. We have Data Processing Agreements (GDPR Article 28) in place with all sub-processors to ensure your data is handled in accordance with EU law.

• Cloud infrastructure — all servers, databases, and hosting run in the EU (Stockholm, Sweden). No data leaves the EU.
• Stripe — payment processing. Card and billing data is handled entirely by Stripe and subject to Stripe's privacy policy. We never see or store card details.
• Transactional email — used only to send account-related emails such as password resets and trial reminders. We do not send marketing email.

We may update this policy from time to time. We will notify you of material changes by email or by a prominent notice in the dashboard. Continued use of Inslo after changes constitutes acceptance of the updated policy.

Questions about this policy or requests to exercise your data rights? Contact us.