Trust & Security
Last updated: July 15, 2026
Insights teams trust us with their research data, and we treat that seriously. Here's how we protect it, in plain language.
Your data is never used for AI training
This is our clearest commitment. Your data is used only to answer your questions. It is never used to train AI models: not by us, and not by our AI provider, which processes it under contractual no-training terms.
Encryption
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Infrastructure
InsightsQL runs on Amazon Web Services in the European Union, in the eu-west-1 (Ireland) region. Your data is stored in the EU. We rely on AWS's physical security and certified data centers, and follow least-privilege access controls internally. Production data access is restricted to the people who need it to run the service.
We're an early-stage company and honest about what that means: we don't hold our own SOC 2 certification yet. We inherit the certified controls of our infrastructure providers (AWS is SOC 2 and ISO 27001 certified), and formal certification is on our roadmap. Happy to complete security questionnaires in the meantime.
Data isolation
Each customer's data is logically isolated. Your data is only ever visible to you and the teammates you invite.
Subprocessors
We keep our list of subprocessors short. This is the complete, current list.
For the InsightsQL platform, where your customer data lives:
- Amazon Web Services (hosting and storage, eu-west-1 / Ireland)
- OpenAI (AI processing, no-training terms)
For our marketing website (insightsql.com), which never touches customer data:
- Plausible (cookieless website analytics)
- Calendly (demo and call scheduling)
We'll update this page and notify platform customers before adding a new subprocessor.
GDPR
We're an EU company, and the GDPR applies to everything we do. We sign data processing agreements with customers who need them. Just ask.
Data deletion
You can export or delete your data at any time. Deleted data is removed from our systems, and from backups within 30 days.
If something goes wrong
If we ever have a security incident affecting your data, we'll notify you without undue delay, and within 72 hours of becoming aware of it, with what we know and what we're doing about it.
Reporting a vulnerability
Found a security issue? Email support@insightsql.com and we'll respond quickly. We appreciate responsible disclosure.
Questions?
We're happy to walk through our security practices in detail. Email support@insightsql.com.