InquiruInquiru
Terms & ConditionsDPASign in

Privacy Policy

Last updated: May 10, 2026

1. Introduction

Inquiru ("we", "us", or "our") is committed to protecting the privacy of our customers and their end users. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Inquiru platform ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of information:

Account Information

When you register, we collect your name, email address, company name, and password (stored as a secure hash).

Billing Information

Payment processing is handled by our third-party payment provider. We do not store your full payment card details. We retain records of transactions, plan selections, and billing history.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, conversation counts, and API call volumes.

Customer Data

As part of providing the Service, we process conversation data, customer support interactions, and any data you integrate via CRM, billing, or data platform connections. This data is processed on your behalf and you remain the data controller for it.

Technical Data

We automatically collect IP addresses, browser type, operating system, referring URLs, and other technical identifiers when you access the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process transactions and send related information, including purchase confirmations and invoices
  • Send administrative and account-related communications
  • Respond to support requests and enquiries
  • Monitor and analyse usage patterns to improve the Service
  • Detect, prevent, and address technical issues or security incidents
  • Comply with legal obligations

We do not sell your personal data for monetary consideration and we do not use Customer Data to train our own AI models. Conversation content is processed by third-party AI providers under contracts that prohibit secondary use, including training. Where any third-party integration enabled by your workspace meets the broader CCPA/CPRA definition of "sale" or "share", you can opt out via our Do Not Sell or Share My Personal Information page.

4. Legal Basis for Processing

Where applicable under data protection law (such as the GDPR), we process your personal data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate interests: Processing for our legitimate business interests, such as security, fraud prevention, and product improvement
  • Legal obligation: Processing required to comply with applicable laws
  • Consent: Where you have given explicit consent, such as for marketing communications

5. Data Sharing & Third Parties

We may share your information with the following categories of third parties:

  • AI providers: Conversation data is processed by AI model providers (such as Anthropic) to generate responses. These providers operate under their own privacy policies and data processing agreements.
  • Payment processors: Billing information is handled by our payment provider for transaction processing.
  • Infrastructure providers: We use cloud hosting and infrastructure services to operate the Service.
  • Analytics tools: We may use analytics services to understand usage patterns.
  • Legal authorities: We may disclose information when required by law, court order, or to protect the rights and safety of our users or the public.

All third-party service providers are contractually obligated to handle your data securely and only for the purposes we specify. The full list of subprocessors, with destination countries and transfer mechanisms, is published at inquiru.com/subprocessors.

6. Data Retention

We retain your account information for as long as your account is active. Workspace owners can delete their account or workspace at any time from Settings → Danger Zone; this triggers an immediate cascade-delete of all associated records. Backup copies on rolling cycle are securely overwritten within 90 days of deletion.

Conversation and interaction data are retained for the lifetime of your subscription unless you request earlier deletion. Workspace owners can erase data tied to a specific end-customer at any time via Settings → Privacy Tools, or per-conversation from the conversation detail page.

Customer telemetry events (collected via the Events API) are retained for 90 days by default. Workspace owners can shorten this from Settings → Privacy Tools. Refresh tokens expire and are pruned with each session rotation.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include AES-256-GCM encryption at rest for OAuth tokens, third-party API keys, and Bring-Your-Own-Key credentials; bcrypt password hashing (cost factor 12); refresh-token rotation; TLS 1.2+ with HSTS for data in transit; tenant-scoped data isolation; and rate limiting on authentication and ingest endpoints.

The full list of measures is set out in Annex 2 of our Data Processing Agreement.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Cookies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyse Service usage. Essential cookies are required for the Service to function. You can control non-essential cookies through your browser settings, though disabling certain cookies may affect your experience.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States and other jurisdictions where our subprocessors operate (for example, AI model providers, payment processors, and email delivery services). Where we transfer data internationally, we rely on the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914), the UK International Data Transfer Addendum, or another lawful transfer mechanism under Section 72 POPIA, as applicable.

See our Data Processing Agreement for the full set of safeguards we apply to such transfers.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time
  • Opt out of sale or sharing (CCPA/CPRA): Submit a request through our Do Not Sell or Share My Personal Information page. We honour the Global Privacy Control (Sec-GPC) browser signal as a valid opt-out under §1798.135(b) CCPA.
  • Non-discrimination (CCPA §1798.125): We will not deny goods or services, charge different prices, or provide a different level of quality because you exercised a privacy right.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (45 days for verifiable consumer requests under CCPA).

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the Service before the changes take effect. The "Last updated" date at the top of this page indicates when it was last revised.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

[email protected]

© 2026 Inquiru. All rights reserved.
Privacy PolicyTerms & ConditionsDPADo Not Sell or ShareSubprocessors