Privacy Policy

KeystoneIQ is provided by Intellibricks Inc. (“Intellibricks,” “we,” “us,” or “our”). Intellibricks Inc. is the operating company; KeystoneIQ is our product. Company information: https://intellibricks.app. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the KeystoneIQ service (the “Service”) and our websites that link to this policy.

Product website: https://keystoneiq.ai

Effective date: March 20, 2026
Last updated: March 20, 2026

1. Who we are

Data controller: Intellibricks Inc. (parent company; https://intellibricks.app).
Product: KeystoneIQ, offered at https://keystoneiq.ai.
Contact (privacy and general inquiries): support@keystoneiq.ai

If you are in the European Economic Area (“EEA”) or United Kingdom (“UK”), Intellibricks is the controller of personal data described in this policy for the Service, subject to your instructions when you act as a controller of your end users’ data.

2. Scope

This policy applies to personal data we process when you:

  • Visit our marketing website or use the Service;
  • Create an account or workspace;
  • Connect integrations (e.g., CRM, messaging, documents);
  • Interact with support or subscribe to communications.

It does not apply to third-party sites or services we do not control (their policies apply).

2.1 How KeystoneIQ fits in your stack

KeystoneIQ is designed to complement tools you already use (for example CRM, email, and collaboration platforms). We process information to deliver reference materials, briefs, and guidance to support sales and marketing workflows. You decide what to do with that information—including what to communicate externally or record in other systems—and you are accountable for those choices under your own policies and applicable law. For limitations of liability and disclaimers regarding reliance on outputs, see our Terms of Service.

3. Information we collect

3.1 You provide

  • Account: Name, email address, password (stored hashed; we do not store plaintext passwords).
  • Workspace / company profile: Company name, product lines, ideal customer profile, key questions, website URL, and similar fields you enter.
  • Competitive intelligence content: Competitors, briefs, deals, notes, uploaded or pasted content, and metadata you add.
  • Billing: If you subscribe to a paid plan, payment processing is handled by our payment processor (e.g., Stripe). We do not store full payment card numbers on our servers; we may receive billing contact details and subscription status.

3.2 Automatically collected

  • Usage and device: Log data, IP address, browser type, approximate location derived from IP, timestamps, and diagnostic identifiers necessary to operate and secure the Service.
  • Cookies and similar technologies: See our Cookie Policy.

3.3 From integrations you connect

When you authorize integrations (e.g., CRM, email, documents, G2, Google Analytics), we receive and store data needed to provide sync and brief features, such as deal/opportunity metadata, notes, review data, analytics attribution data, and tokens encrypted at rest for API access, as described in our Security overview.

3.4 From subprocessors

We use vendors (subprocessors) to host infrastructure, send email, run AI inference, and analyze product usage. They process data only as instructed and under contractual terms. See Section 7 and our subprocessor documentation.

4. How we use information

We use personal data to:

| Purpose | Legal basis (EEA/UK) | |--------|---------------------| | Provide, maintain, and improve the Service | Contract; legitimate interests | | Authenticate users and enforce security | Contract; legitimate interests; legal obligation | | Process payments and fulfill subscriptions | Contract | | Send transactional and service-related messages | Contract; legitimate interests | | Product analytics (e.g., feature usage) where not strictly necessary | Consent where required; legitimate interests where permitted | | Comply with law and respond to lawful requests | Legal obligation |

We do not sell your personal information as “sale” is defined under the California Consumer Privacy Act (“CCPA”) as amended by the CPRA.

AI providers: Brief generation may send prompts and context to AI providers (e.g., OpenAI, Anthropic). Per their enterprise/API terms, customer content sent via the API is not used to train their models in the manner described in those terms. We configure the Service to use API access appropriate for business use.

5. How we share information

We share personal data only as needed:

  • Service providers (subprocessors) who host, secure, or process data on our behalf under strict terms (e.g., Supabase, Vercel, Railway, email delivery, AI APIs, analytics). See Section 7.
  • Payment processors to complete transactions.
  • Professional advisers (lawyers, accountants) under confidentiality.
  • Authorities when required by law, subpoena, or to protect rights, safety, and security.

We may share aggregated or de-identified information that cannot reasonably identify you.

6. International transfers

We operate primarily from the United States. If you access the Service from the EEA, UK, or Switzerland, your information may be transferred to the U.S. and other countries that may not have equivalent privacy laws. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and supplemental measures as appropriate. You may request details via the contact in Section 1.

7. Subprocessors

We rely on vendors including, without limitation:

| Vendor (examples) | Role | |--------------------|------| | Supabase | Database, authentication | | Vercel | Web application hosting | | Railway | Background processing / workers | | OpenAI, Anthropic | AI-assisted brief generation | | Resend | Transactional email | | Stripe | Payments | | PostHog | Product analytics (subject to your cookie/analytics choices where applicable) |

The list may change; we will update this policy or a linked subprocessor page for material changes. Zapier, Make, or similar tools may process data you configure with your credentials.

8. Retention

We retain personal data while your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and meet legal obligations. Backup and log retention follow vendor defaults and our Security practices. Cancelled or downgraded accounts may be subject to data retention and deletion terms communicated at cancellation (see your in-product notices).

You may request export or deletion as described in Section 9.

9. Your rights and choices

9.1 All users

  • Access / update: Much of your data is available in the Service (Settings, workspace profile).
  • Marketing: You may opt out of non-transactional emails using unsubscribe links or by contacting us.

9.2 EEA / UK residents (GDPR)

If the GDPR applies, you may have the right to: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where processing is consent-based. You may lodge a complaint with a supervisory authority.

Export: GET /api/account/export (as documented in-product).
Delete: POST /api/account/delete for account erasure requests, subject to legal retention needs.

9.3 California residents (CCPA/CPRA)

You may have the right to know, delete, and correct personal information, and to opt out of certain sharing (we do not “sell” personal information as defined above). Submit requests via support@keystoneiq.ai. We will verify your request consistent with applicable law.

9.4 Other U.S. states

Additional state privacy laws may grant similar rights; we will respond as required by applicable law.

10. Security

We implement administrative, technical, and organizational measures appropriate to the risk, including encryption in transit (TLS), encryption at rest where described in our Security overview, access controls, row-level security for multi-tenant data, and audit logging for API access. No method of transmission or storage is 100% secure; we work to protect your information and notify you of certain breaches as required by law.

11. Children

The Service is not intended for children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe we have collected a child’s data.

12. Changes to this policy

We may update this Privacy Policy. We will post the revised version with a new “Last updated” date. If changes are material, we will provide additional notice (e.g., email or in-product banner) where required by law. Continued use after the effective date constitutes acceptance of the updated policy where permitted.

13. Contact

Intellibricks Inc.
KeystoneIQ (product): https://keystoneiq.ai
Email: support@keystoneiq.ai