Privacy Policy

UCInsights (“we,” “our,” or “us”) provides a software-as-a-service platform that turns NetSapiens call center data into AI-written reports for managed-service-provider partners. This Privacy Policy describes what information we collect, how we use it, who we share it with, and the choices available to you. By using ucinsights.io or our services (collectively, the “Service”), you agree to this Policy.

1. Information We Collect

We collect the following categories of information:

• Account information: name, company name, email address, password (hashed by our authentication provider), and related profile data you provide at signup.
• Billing information: processed by our third-party payment processor (Stripe). We receive billing status, plan quantity, last-four card digits, and similar non-sensitive metadata; we do not see or store full payment card numbers.
• NetSapiens API credentials: host URL, API client ID, API secret, API username, and API password you provide so we can access your phone system on your behalf. Secrets are encrypted at rest with AES-256-GCM and decrypted only in memory at the time a request to NetSapiens is made.
• Call data: when generating a report, we retrieve CDR records, queue configurations, and subscriber lists from your NetSapiens platform, normalize them, and use them to produce the report. The data is processed in transit and is not retained long-term once a report has been delivered, except for high-level metrics stored in audit logs.
• Recipient email addresses: the addresses you configure to receive scheduled or on-demand reports.
• Usage data: log entries, IP address, browser type, pages viewed, and similar information generated as you use the Service.

2. How We Use Information

• To provide, maintain, and improve the Service;
• To authenticate users, process subscriptions, and enforce account limits;
• To pull call data from your NetSapiens platform and deliver reports as you configure;
• To generate AI-written narrative summaries of your call data;
• To send transactional and operational communications (e.g., account verification, billing receipts, service notices);
• To monitor and protect the security and integrity of the Service;
• To comply with legal obligations.

We do not sell your personal information. We do not use your call data or recipient lists to train any AI model.

3. Service Providers (Sub-processors)

We share information with the following third parties to operate the Service. Each is bound by their own privacy and security obligations:

• Supabase Inc. — database, authentication, file storage.
• Vercel Inc. — application hosting and edge delivery.
• Stripe, Inc. — subscription billing and payment processing.
• SMTP2GO Ltd. — outbound transactional email delivery (used by default; partners may configure their own SMTP2GO account to send from their domain).
• Anthropic, PBC — AI text generation for narrative summaries. We do not include personally identifying recipient data in prompts; we send the structured metrics, queue names, and agent names from your NetSapiens system.
• Inngest, Inc. — background-job orchestration for scheduled report delivery.
• Cloudflare, Inc. — DNS and DDoS protection.

4. Data Security

We use commercially reasonable measures to protect your information, including encryption in transit (HTTPS), encryption at rest for sensitive secrets (AES-256-GCM), row-level security in the application database to isolate each partner's data, role-based access, and least-privilege service credentials. No system is perfectly secure; we cannot guarantee absolute security.

5. Data Retention

We retain account and configuration data for as long as your account is active. Audit log entries describing report runs are retained for operational and security purposes. Call detail records pulled on-the-fly to generate a report are processed in memory and are not stored long-term in the application database. Upon account termination, we will delete or anonymize your data within 90 days, except where retention is required by law.

6. Cookies

We use first-party session cookies set by our authentication provider to keep you signed in. We do not use third-party advertising cookies. Cookie preferences can be managed in your browser settings.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal information, and to data portability. To exercise these rights, email support@ucinsights.io. We will respond within the timeframes required by applicable law.

California residents:the California Consumer Privacy Act (CCPA/CPRA) grants you the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under California law.

EEA / UK residents: we process personal information based on the lawful bases of contract performance, legitimate interest, and legal obligation. You have the right to lodge a complaint with your local data-protection authority.

8. International Data Transfers

UCInsights operates in the United States. Information we collect may be processed and stored in the United States. By using the Service, you consent to this transfer.

9. Children's Privacy

The Service is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The effective date at the top of this page indicates the most recent revision.

11. Contact

Questions, requests, or complaints about this Policy can be sent to support@ucinsights.io or by mail to: