Insymetri, Inc. Privacy Policy
This Privacy Policy (the "Privacy Policy") describes how Insymetri, Inc. ("Insymetri," "Company," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with its software and related services (collectively, the "Services"). This Privacy Policy is intended for business customers operating in regulated industries, including but not limited to financial services, lending, and insurance.
1. Scope and Applicability
This Privacy Policy applies to:
1.1 Visitors to Insymetri websites and online properties;
1.2 Authorized users of the Services ("Users");
1.3 Business customers, partners, and resellers ("Customers");
1.4 Company's employees, agents, contractors, and successors.
For purposes of applicable U.S. privacy laws, Insymetri acts as a service provider / data processor with respect to Customer Data processed on behalf of Customers. Customers act as the business / data controller and determine the purposes and means of processing.
2. Information Collected
2.1 Information Provided Directly
Insymetri may collect information voluntarily provided, including:
(a) Account and contact information;
(b) Authentication credentials;
(c) Support requests and communications;
(d) Contractual and billing information.
2.2 Customer Data
The Services may process personal, financial, or sensitive information uploaded or transmitted by Customers, including identifiers, email addresses, profile information, financial account data, government-issued identifiers, and communications ("Customer Data"). Customer Data is processed solely in accordance with Customer instructions and applicable agreements.
2.3 Automatically Collected Information
Insymetri may collect technical and usage information, including IP addresses, device identifiers, logs, audit records, and system metadata.
2.4 Tracking Technologies and Cookies
Insymetri and our service providers use cookies, device identifiers, and similar tracking technologies (collectively, "Cookies") to operate and improve the Services and our websites, including for authentication, usage analysis, and security purposes. Visitors can manage Cookie preferences through their browser settings. Note that disabling essential Cookies may affect the functionality of the websites and Services.
3. Use of Information
Insymetri uses information to:
(a) Provide, operate, and maintain the Services;
(b) Authenticate users and enforce security controls;
(c) Monitor, prevent, and investigate fraud or misuse;
(d) Provide support and technical assistance;
(e) Improve product functionality and reliability;
(f) Comply with applicable legal obligations.
Insymetri does not sell personal information.
4. Disclosure of Information
Insymetri may disclose information to:
(a) Subprocessors and service providers subject to written confidentiality and data protection obligations;
(b) Affiliates subject to consistent privacy safeguards;
(c) Government or regulatory authorities where required by law.
5. Data Security
Insymetri maintains administrative, technical, and organizational safeguards designed to protect information, including encryption, access controls, logging, monitoring, and secure development practices. All personal and sensitive user data is transmitted using modern cryptography, such as Transport Layer Security (TLS) or Secure Socket Layer (SSL)/HTTPS.
Security Framework Alignment. Insymetri's security program is designed to align with recognized standards such as the SOC 2 Trust Services Criteria and ISO/IEC 27001 principles.
Regulatory Context (Designed to Support). Insymetri designs the Services to support Customers operating in regulated industries, including compliance frameworks arising under the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), and applicable financial crime regulations, including the Bank Secrecy Act (BSA). Insymetri does not provide legal or regulatory compliance advice. Customers remain solely responsible for regulatory compliance.
Open Authorization ("OAuth"). Insymetri will comply with Open Authorization Providers API Services and User Data Policies regarding the collection, use, and handling of OAuth user data ("OAuth Data") including, but not limited to the following providers: Google, Microsoft. Insymetri will only use OAuth acquired user data to provide or improve the user-facing features that are prominent in the Services. Insymetri will not sell OAuth obtained user data. Insymetri will not use OAuth user data for marketing purposes unless such user data was obtained separately and independently in the course of business.
Data Processing Addendum: Insymetri may use a Data Processing Addendum (DPA) to address applicable data protection obligations.
6. Security Incidents
In the event of a confirmed security incident involving Customer Data, Insymetri will take reasonable steps to contain, investigate, and remediate the incident and notify affected Customers consistent with applicable law and contractual obligations.
7. Data Retention
Customer Data is retained in accordance with Customer instructions and applicable agreements and law. Residual copies may persist in backups consistent with business continuity and disaster recovery practices, typically for a maximum of 90 days, unless retention is required for legitimate reasons such as security, fraud prevention, or regulatory compliance.
8. Data Subject Rights
As a service provider/data processor, Insymetri processes Customer Data solely on behalf of and according to the instructions of our Customers (the business/data controller).
8.1 Customer Data Rights.
If you are an individual User whose personal information is part of Customer Data, you must direct any requests to exercise privacy rights (such as access, correction, or deletion) to the relevant Customer. Insymetri will cooperate with its Customers to fulfill verifiable data subject requests as required by law and contract.
8.2 Visitor/Direct Information Rights.
To the extent required by applicable law, individuals may have the right to request access to, correction of, or deletion of their personal information. Where Insymetri processes personal information on behalf of a Customer, Insymetri will assist the Customer in responding to such requests in accordance with applicable law and contractual obligations. Requests may be submitted to: privacy@insymetri.com
9. Updates to Privacy Policy
Insymetri may update this Privacy Policy from time to time. Material changes will be communicated as required by law.
10. Contact Information
Insymetri, Inc.
Email: privacy@insymetri.com
This Privacy Policy is provided for informational purposes and does not constitute legal advice.