Privacy Policy

Kong’s Privacy Policy applies to personal data collected or submitted during use of Insomnia's website and desktop applications. This Insomnia Privacy Policy supplements Kong’s Privacy Policy.

Information We Collect

When creating an Insomnia account, you will be asked to enter an email address and password. Email addresses are used during sign-in and for receiving occasional updates initiated by you or your team members. These updates include, but are not limited to, account activation, team invitations, and payment receipts.     

If your plan provides for it, you may also register for and login to your Insomnia account through a third party account you already have, such as a Google, GitHub or Microsoft account, or, in certain plans, through your organization’s single sign-on (SSO) provider. The email address associated with these accounts will be used by us for the same purposes as if you created your Insomnia account directly with us.

Service Data

Service Data is data generated by using the applications, your account, and processing your payments. We retain the minimum amount of Service Data to operate and improve our Services.

Service Data is kept confidential. It is visible to our staff and includes, but is not limited to, email address, full name, billing information, server logs, client IP address, and stats on application usage.

Analytics Data

Insomnia’s website and applications collect information to operate and improve our Services.

Information Usage

We use the information we collect to operate and improve our website, applications, and provide customer support. We do not share personal information with outside parties, except to provide specific services.

Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services.

Third-Party Data Processors
Your Service Data are held by third party data processors, who provide us with hosting and other infrastructure services.

Processor: Purpose
Auth0: User account login and data

Amazon Web Services: User-submitted optional profile images for user identification if using collaboration feature

Google Analytics: Website and application analytics
Google Cloud: Cloud infrastructure hosting

Intercom: User account data and notifications

MailJet: User account data and notifications
SendWithUs: Email template management and sending
Stripe: Credit card payment processing

Your Responsibilities for Protecting Your Data

If your plan provides for it, you may register for and login to your Insomnia account through a third party account you already have, such as a Google, GitHub or Microsoft account, or, in certain plans, through your organization’s single sign-on (SSO) provider. It is your responsibility to keep your login data to these accounts secure.

If you choose, you may create your account with a passphrase to enable your project data to be end-to-end encrypted (E2EE). If your plan provides for it, and you are the administrator of an organization within the Insomnia application, you may choose to encrypt project data within that organization in an end-to-end way, in which case you and every current and future member of your organization will be required to create a passphrase.

If you choose to encrypt project data with end-to-end encryption (E2EE), you must remember your passphrase, as we are not able to recover it if it is lost. We are also not able to recover any passphrases of your users. You should also keep a copy in a safe place because future access to your project data depends on your passphrase.

Your Right to Know to What We Know

You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.

Your Right to Have Your Data Erased

Account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. Once your account is deleted, it cannot be recovered.

Disaster recovery and data availability requirements mean that Insomnia has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.

Cookies and Tracking

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use: session cookies (we use these cookies to operate our Service) and preference cookies (we use these cookies to remember your preferences and various settings).

Information for European Union Customers

By using our Service and providing your information, you authorize us to collect, use, and store your information outside of the European Union.

Consent for Underage Enrollment

Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Organization owners are responsible for that authorization when they add someone under the age of 16 to an account.


We will comply with applicable law with respect to providing Service Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied.

Breach Notification

If the confidentiality of customer data is breached, we will publicly disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we will inform the applicable supervisory authorities as required by law and regulation.

Contacting Us

If you have any questions about this Privacy Policy or concerns about our data processing activities, please contact us at, by submitting a request using this form.


If we decide to change our privacy policy, we will post those changes on this page. Summary of changes so far:

April 24, 2024

Update to reflect that end-to-end-encryption is an option. Update to data processors.

September 28, 2023

General update, including SSO and social login, and data processors.

Aug 22, 2023
Added analytics data

Apr 28, 2020
Added third-party analytics section, update cookie policy and data processors. Other minor edits.

Nov 15, 2019
Update data processors

May 22, 2018
Original version