How It Works
Overview React SDK Cloud Backend
Documentation Pricing Blog GitHub
Sign in Get Started

Privacy Policy

Introduction

At InAppAI, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud backend service and dashboard at app.inappai.com.

This policy applies to the InAppAI hosted service. The open-source React components (@inappai/react) run entirely in your users’ browsers and do not collect data independently.

Information We Collect

Account Information

  • Email address - For authentication and account management
  • Name - For personalization and communication
  • Password - Securely hashed, never stored in plain text

Billing Information

  • Payment details - Processed securely through Stripe
  • Billing address - Required for payment processing
  • Invoice history - For your records and our accounting

Usage Data

  • API request counts - To enforce plan limits and track usage
  • Knowledge base URLs - URLs you add to your knowledge base
  • AI provider selection - Which AI models you configure

Automatically Collected Information

  • IP addresses - For security and fraud prevention
  • Browser type and version - For compatibility and debugging
  • Device information - For optimizing the dashboard experience

Information We Do NOT Collect

To be clear about what we do not collect from your end users:

  • Chat conversations - Messages between your users and AI are processed in real-time and not stored by InAppAI
  • Personal data of your users - We do not collect or store information about your application’s users
  • API keys - Your AI provider API keys are encrypted and never logged

How We Use Your Information

We use the collected information for:

  • Service Delivery Providing and maintaining the InAppAI backend service, including AI routing and knowledge base search

  • Usage Tracking Monitoring your API usage against your plan limits and sending usage alerts at 50%, 75%, 90%, and 100% thresholds

  • Billing Processing subscription payments and managing your account

  • Support Responding to your inquiries and providing technical assistance

  • Service Improvement Analyzing aggregate usage patterns to improve performance and features

  • Security Detecting and preventing fraud, abuse, and security threats

Data Security

We implement appropriate security measures to protect your information:

  • Encryption in transit - All data transmitted via HTTPS/TLS
  • Encryption at rest - Sensitive data encrypted in our database
  • API key security - Your AI provider keys are encrypted and stored server-side, never exposed to clients
  • JWT authentication - Secure token-based authentication for all API requests
  • Rate limiting - Protection against abuse and attacks

Third-Party Services

We use the following third-party services:

  • Firebase/Google Cloud - Authentication, infrastructure, and vector database for knowledge base search
  • Stripe - Payment processing (see Stripe’s Privacy Policy)
  • OpenAI, Anthropic, Google - AI providers (your API keys, your agreements with them)

These providers have their own privacy policies governing their handling of data.

Data Retention

  • Account data - Retained while your account is active
  • Usage logs - Retained for 90 days for debugging and analytics
  • Billing records - Retained as required by law (typically 7 years)

Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law.

Your Rights

You have the right to:

  • Access your personal data stored in our systems
  • Correct inaccurate information in your account
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to certain data processing activities

To exercise these rights, contact us.

Children’s Privacy

InAppAI is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

International Data Transfers

Our servers are located in the United States. If you access our service from outside the US, your information will be transferred to and processed in the US.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the “Last Updated” date below
  • Sending an email notification for significant changes

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Last Updated: December 2025