Legal
Privacy Policy
Last updated: June 17, 2026
InfoBeans Technologies Limited ("InfoBeans", "we", "us") operates InsaneSDD — an AI-native Spec-Driven Development platform. This Privacy Policy explains what personal data we collect when you use insanesdd.ai, why we collect it, how we use it, and the rights you have over your data. We are committed to full compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA).
1. Who This Policy Applies To
This Privacy Policy applies to all users of InsaneSDD, operated by InfoBeans Technologies Limited ("InfoBeans", "we", "us", or "our"). This includes visitors to insanesdd.ai, registered tenants, administrators, and anyone who accesses our AI-native Spec-Driven Development platform in any capacity.
By using InsaneSDD, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the platform.
2. Information We Collect
We collect the following categories of data:
Account & Identity Data
- Name, email address, and organisation name provided at registration
- Authentication credentials (stored as secure hashes — never in plaintext)
- Tenant and role assignments within the platform
Platform Usage Data
- Specifications, requirements, and documents you upload or connect (e.g. Jira, Confluence)
- Projects, change requests, epics, user stories, and acceptance criteria
- AI-generated artefacts including specs, code, test cases, and audit trails
- GitHub repository connections and branch/PR metadata
- LLM model interactions and token usage per session
Technical & Device Data
- IP address, browser type, operating system, and device type
- Pages visited, time on page, and click interactions (analytics only with consent)
- Session identifiers and authentication tokens
Communications Data
- Messages submitted through the "Talk to Us" and contact forms
- Trial access requests and associated email correspondence
3. How We Use Your Information
We use collected data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the InsaneSDD platform | Contract performance |
| Processing AI specifications and generating code/test artefacts | Contract performance |
| Authentication and account security | Contract performance / Legitimate interest |
| Sending transactional emails (account alerts, trial access) | Contract performance |
| Platform analytics and product improvement (GA4) | Consent |
| Fraud detection and abuse prevention | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
| Responding to support and sales enquiries | Legitimate interest |
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We share data only with trusted sub-processors required to operate InsaneSDD:
| Sub-processor | Purpose | Location |
|---|---|---|
| OpenAI / Anthropic | AI language model inference for spec analysis, code generation, and QA | USA |
| GitHub | Repository connections, branch management, and PR automation | USA |
| Google Analytics (GA4) | Anonymised usage analytics (analytics consent required) | USA |
| Cloud infrastructure provider | Hosting, database, and storage for platform data | EU / India |
| Email delivery provider | Transactional emails and trial access notifications | EU |
All sub-processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures.
6. Data Retention
- Account data: Retained for the duration of your subscription plus 90 days after account closure, then permanently deleted.
- Project and specification data: Retained while your account is active. Deleted upon account termination unless a longer retention is required by law.
- Audit trail logs: Retained for 7 years to support compliance and regulated-industry requirements.
- Analytics data: Google Analytics data is retained for 26 months per Google's default retention settings.
- Contact/enquiry data: Retained for up to 2 years or until the enquiry is resolved.
7. Security
InsaneSDD implements industry-standard security measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher
- Passwords and credentials are stored using bcrypt hashing — never in plaintext
- Authentication uses short-lived JWT tokens with secure rotation
- Role-based access control (RBAC) separates tenant, admin, and superadmin privileges
- Database access is restricted to application-layer connections only — no public exposure
- Regular security reviews and dependency audits
Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to security@infobeans.com.
8. Your Rights Under GDPR (EU / UK)
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restriction
Request we limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interest or for direct marketing.
Right to Withdraw Consent
Withdraw analytics consent at any time without affecting prior lawful processing.
Right to Lodge a Complaint
Lodge a complaint with your national supervisory authority (e.g. ICO in the UK).
To exercise any of these rights, contact us at privacy@infobeans.com. We will respond within 30 days.
9. Your Rights Under CCPA / CPRA (California)
California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:
- Right to Know: Request disclosure of personal information collected, used, and shared.
- Right to Delete: Request deletion of personal information (subject to certain exceptions).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out: We do not sell personal information. No opt-out is required for sales.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a California privacy request, email privacy@infobeans.com with "CCPA Request" in the subject line.
10. International Data Transfers
InsaneSDD is operated by InfoBeans Technologies Limited, headquartered in India. Your data may be transferred to and processed in countries outside your home jurisdiction, including the United States and India. Where we transfer personal data from the EEA or UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms. You may request details of the specific safeguards in place by contacting us at privacy@infobeans.com.
11. Children's Privacy
InsaneSDD is a professional B2B platform not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that a child has provided personal data without parental consent, we will delete it promptly. If you believe a child has submitted data to us, please contact privacy@infobeans.com.
12. Third-Party Links
InsaneSDD may contain links to third-party websites or integrations (e.g. GitHub, Jira, Confluence). This Privacy Policy does not apply to those external services. We encourage you to review their privacy policies before providing any personal data. InfoBeans is not responsible for the privacy practices of third-party platforms.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users via email. Your continued use of InsaneSDD after changes take effect constitutes acceptance of the revised policy.
14. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact:
InfoBeans Technologies Limited
Data Controller — InsaneSDD
Email: privacy@infobeans.com
Website: https://insanesdd.ai
Registered: InfoBeans Technologies Limited, India
© 2026 InfoBeans Technologies Limited. All rights reserved.
InsaneSDD is a product of InfoBeans Technologies Limited.