Information We Collect
When creating an Insomnia account, you will be asked to enter an email address and password. Email addresses are used during sign-in and for receiving occasional updates initiated by you or your team members. These updates include, but are not limited to, account activation, team invitations, and payment receipts.
If your plan provides for it, you may also register for and login to your Insomnia account through a third party account you already have, such as a Google, GitHub or Microsoft account, or, in certain plans, through your organization’s single sign-on (SSO) provider. The email address associated with these accounts will be used by us for the same purposes as if you created your Insomnia account directly with us.
Service Data is data generated by using the applications, your account, and processing your payments. We retain the minimum amount of Service Data to operate and improve our Services.
Service Data is kept confidential. It is visible to our staff and includes, but is not limited to, email address, full name, billing information, server logs, client IP address, and stats on application usage.
Insomnia’s website and applications collect information to operate and improve our Services.
We use the information we collect to operate and improve our website, applications, and provide customer support. We do not share personal information with outside parties, except to provide specific services.
Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services.
Third-Party Data Processors
Your Service Data are held by third party data processors, who provide us with hosting and other infrastructure services.
Auth0: User account login and data
Amazon Web Services: User-submitted optional profile images for user identification if using collaboration feature
Google Analytics: Website and application analytics
Google Cloud: Cloud infrastructure hosting
Intercom: User account data and notifications
SendWithUs: Email template management and sending
Stripe: Credit card payment processing
Your Responsibilities for Protecting Your Data
When you create an Insomnia account you create a passphrase. For your protection, you should create a strong and unique passphrase to ensure that it is not easily guessed. You should also keep a copy in a safe place because future access to your project data depends on your passphrase.
If your plan provides for it, you may also register for and login to your Insomnia account through a third party account you already have, such as a Google, GitHub or Microsoft account, or, in certain plans, through your organization’s single sign-on (SSO) provider. It is your responsibility to keep your login data to these accounts secure.
We will never ask you for your passphrase at any time and you should never send it to us.
Your Right to Know to What We Know
You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
Your Right to Have Your Data Erased
Account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. Once your account is deleted, it cannot be recovered.
Disaster recovery and data availability requirements mean that Insomnia has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
Cookies and Tracking
Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use: session cookies (we use these cookies to operate our Service) and preference cookies (we use these cookies to remember your preferences and various settings).
Information for European Union Customers
By using our Service and providing your information, you authorize us to collect, use, and store your information outside of the European Union.
Consent for Underage Enrollment
Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Organization owners are responsible for that authorization when they add someone under the age of 16 to an account.
We will comply with applicable law with respect to providing Service Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied.
If the confidentiality of customer data is breached, we will publicly disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we will inform the applicable supervisory authorities as required by law and regulation.
September 28, 2023
General update, including SSO and social login, and data processors.
Aug 22, 2023
Added analytics data
Apr 28, 2020
Nov 15, 2019
Update data processors
May 22, 2018