Privacy at InLight AI

This policy applies to inlightai.com and any marketing surface operated by InLight AI ("InLight", "we", "us"). Each of our products — CompareIns, Real Travel 2 Real Places, BRIX, and LangIQ — is governed by its own product-level privacy notice and Data Processing Addendum, available inside each application.

• Contact submissionsName, work email, optional company, optional product interest, and the message you write in our contact form. We collect this only when you choose to submit it.
• Technical telemetryStandard server logs (IP address, user agent, referring page, timestamps) used to keep the site reliable, detect abuse, and measure aggregate page performance. Logs are retained for up to 30 days.
• Privacy-respecting analyticsWe use first-party, cookieless analytics to understand which pages are useful. We do not build advertising profiles, and we do not share visitor-level data with ad networks.

We do not use third-party advertising cookies, fingerprinting, or session-replay tools on this marketing site.

We use the information you provide to:

• Reply to your inquiry and route you to the right product team.
• Schedule demos and onboarding for CompareIns, Real Travel, or BRIX.
• Send occasional product updates if you've explicitly opted in.
• Improve site performance, accessibility, and content.
• Detect, investigate, and prevent fraud or abuse of our services.

We never sell your information, and we don't share it with third parties for their own marketing.

We rely on a small set of vetted vendors to operate. Each is bound by a written data-processing agreement and acts only on our instructions:

• Cloudflare — edge delivery, DDoS protection, and DNS.
• Supabase — encrypted storage for contact submissions.
• Resend — transactional email delivery for contact replies.

Contact submissions are stored in encrypted databases hosted in the United States and retained for 24 months unless you ask us to delete them sooner. Server logs are rotated within 30 days. Backups are encrypted at rest and pruned on a 90-day cycle.

Wherever you live, you can ask us to access, correct, export, or delete the information you've sent through this site. If you're in the EU, UK, California, or another jurisdiction with comparable rights (GDPR, UK GDPR, CCPA/CPRA), those rights apply automatically — no special form required.

To make a request, use our contact form and write "Privacy request" in the message. We respond within 30 days.

Every InLight surface is served over TLS 1.3, secrets are managed in a hardened vault, and production access is restricted to a small on-call rotation with hardware-key authentication. We run continuous security scans and disclose any material incident affecting your data within 72 hours of confirmation.

InLight AI's products are built for professionals. We do not knowingly collect information from anyone under 16, and our services are not directed to children.

We update this policy when our practices change. Material changes are announced at the top of this page and, where appropriate, by email to active contacts. The effective date above always reflects the current version.

Questions, concerns, or a simple "hello"? Reach the InLight privacy team via the contact form. A real human at InLight will reply.