Privacy Policy

1. Introduction

This Privacy Policy explains how INSTROC ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our AI-powered application builder platform at instroc.com (the "Service").

By using INSTROC, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use our Service.

2. Data Controller

The data controller responsible for your personal data is:

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, and password when you register
• Profile Information: Avatar, company name, and other optional details
• Payment Information: Billing address and payment method (processed securely by Stripe; we do not store your full card details)
• Content: Applications, code, and other content you create using our platform
• Communications: Messages you send to us for support or feedback

3.2 Information Collected Automatically

• Usage Data: Features used, pages visited, actions taken within the platform
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, and referring URLs

3.3 Information from Third Parties

• OAuth Providers: Basic profile information when you sign in with Google, GitHub, or other providers

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent or unauthorized activities
• Personalize and improve your experience

5. AI and Your Data

INSTROC uses third-party artificial intelligence services (including Anthropic's Claude) to help you build applications. Here's how we handle your data in relation to AI:

• Your prompts and conversation history are sent to our AI providers to generate code and respond to your requests
• We do not use your content to train AI models. Our AI providers process your data solely to provide responses and do not use it for model training under our agreements
• We may analyze anonymized, aggregated usage patterns (such as feature popularity and error rates) to improve the Service
• We do not sell your personal content to third parties
• AI processing is done securely over encrypted connections

6. Sharing Your Information

We may share your information in the following circumstances:

• Service Providers: With third-party vendors who assist in providing our Service, such as cloud hosting, payment processing, AI services, email delivery, and error tracking. These providers are contractually bound to protect your data and process it only on our behalf
• Legal Requirements: When required by law, court order, or to respond to legal process
• Safety: To protect the rights, property, or safety of INSTROC, our users, or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly agree to sharing

We do not sell your personal information to third parties.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with password hashing
• Regular security assessments and updates
• Access controls limiting access to personal data
• Secure cloud infrastructure with reputable providers

While we strive to protect your information, no method of transmission over the Internet is 100% secure.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We may retain certain information as required by law or for legitimate business purposes, such as resolving disputes and enforcing our agreements. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

10. Your Rights Under GDPR

As a user in the European Economic Area, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Update or correct inaccurate information
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request limitation of processing in certain cases
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at privacy@instroc.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or your local supervisory authority.

11. Cookies

We use essential cookies required for the Service to function:

• Authentication cookies: To keep you signed in to your account
• Session cookies: To remember your preferences and settings during a session

We do not currently use third-party analytics or advertising cookies. If this changes, we will update this policy and provide appropriate notice and consent mechanisms.

12. Children's Privacy

INSTROC is not intended for anyone under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will promptly delete it. If you believe we have information from a child under 16, please contact us.

13. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area, including the United States (where our AI and infrastructure providers operate). We ensure appropriate safeguards are in place for such transfers, including EU Standard Contractual Clauses and reliance on adequacy decisions where available.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the Service.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: