Privacy Policy
How we handle your data
Your business data is processed on Intensifly infrastructure. We run our own language model, so your questions and financial data are not sent to third-party AI providers. We do not sell, share, or monetize your data.
Our AI runs on our servers
Intensifly uses a self-hosted large language model. Chat queries, financial data, and business model details stay inside Intensifly infrastructure.
We do not send prompts or data to OpenAI, Anthropic, Google AI, or similar services. The deterministic math engine for costs and business health metrics runs as pure computation.
What we store
- Account information such as email, name, and organization name
- Business data you enter: products, costs, suppliers, prices, events, and planning inputs
- Chat history to maintain assistant context
- Usage metrics such as feature usage, session duration, and error events
- Authentication tokens (stored in your browser's local storage) for session management
What we do not collect
- Bank credentials or ERP account passwords
- Payment card details (handled by Stripe; see Subprocessors below)
- Location data beyond your organization profile settings
- Browsing history outside Intensifly
How integrations work
QuickBooks, Xero, and Zoho connections use OAuth2. We receive scoped access tokens and data from those systems, but we never see your ERP login password.
You can disconnect integrations at any time. We immediately revoke and remove the connection token.
Where your data lives
Intensifly is hosted on managed cloud infrastructure in Canada. Data residency and hosting details are available on request through our support channel.
- Primary database: PostgreSQL with encryption at rest
- Session state: Redis with automatic expiry
- Backups: encrypted with retention controls and automatic expiration
- Static assets may be cached through CDN; business data is not cached on CDN edges
Your data, your control
- Export your data in supported formats
- Request account deletion — you have 30 days to export your data, after which business data is deleted within 90 days (except where retention is required by law)
- Update and correct data directly in the app
- Request processing restrictions through support
- GDPR rights apply for users in the EU
Analytics
We use Google Analytics 4 (GA4) to understand how the product is used and to improve the service. Analytics is loaded only after you grant consent via the cookie banner. You can withdraw consent at any time using the "Cookie preferences" link in the site footer, which clears analytics cookies and stops further collection.
What analytics collects
When analytics is enabled, the following data is sent to Google Analytics:
- Page views and navigation paths within Intensifly
- Session duration and feature-usage events
- An internal user identifier and organization identifier (used to correlate activity within your account, not shared externally for advertising)
- Marketing attribution parameters if you arrived via a campaign link (UTM source, medium, campaign, term, content) and click identifiers (gclid, fbclid, msclkid)
- Landing page path and referring URL at the time of first visit
No advertising features are enabled in our GA4 property. We do not use Google Signals, remarketing audiences, or data sharing with Google Ads. Analytics data is retained for 14 months, after which it is automatically deleted by Google.
Cookies and browser storage
We use cookies and browser local storage for the purposes listed below. "Required" items are necessary for the service to function. "Optional" items are loaded only after you consent.
| Name / key | Type | Purpose | Retention | Required |
|---|---|---|---|---|
access_token | localStorage | JWT for authenticated API requests | Until logout or expiry | Yes |
refresh_token | localStorage | Refreshes the access token without re-login | Until logout or expiry | Yes |
sessionDuration | localStorage | Tracks remaining session time for the session timer UI | Until logout | Yes |
ifly_utm_attribution | localStorage | Stores campaign attribution (UTM params, landing page, referrer) for analytics events | 30 days from last update | No — cleared if analytics consent is withdrawn |
ifly_analytics_consent | localStorage | Records your analytics consent choice | 365 days | Yes (stores preference only) |
_ga, _ga_* | Cookie | Google Analytics client identifier and session state | Up to 14 months | No — set only with consent |
No advertising cookies or third-party tracking pixels are used.
Subprocessors
We use the following third-party services to operate Intensifly. Each processes only the minimum data required for its function.
| Provider | Purpose | Data categories | Region |
|---|---|---|---|
| DigitalOcean | Cloud hosting, database, object storage | All service data (encrypted at rest) | Canada |
| Stripe | Payment processing and subscription billing | Email, plan details, payment method (card data handled solely by Stripe) | US / EU |
| Google Analytics (GA4) | Product analytics (optional, consent-gated) | Page views, events, internal user/org ID, attribution params | US (Google Cloud) |
| Google Tag Manager | Tag delivery for GA4 (no additional data collection) | Same as GA4 above | US (Google Cloud) |
We will update this table if subprocessors change and notify existing users by email for material additions.
Changes to this policy
We will notify you by email before material changes take effect. Last updated: 2026-02-16.
Related policies: Terms of Service.
Questions?
Email us at privacy@intensifly.com. We aim to respond within 5 business days.