This policy applies to all information collected or submitted during use of Insomnia's website and desktop applications.
- Insomnia never sends promotional emails or newsletters
- Insomnia does not use third-party analytics packages
- Your account can be deleted at any time via the account dashboard
- All data collected is necessary for the operation of the service
Information We Collect
When creating an account, you will be asked to enter an email address and password. Email addresses are used during sign-in in and for receiving occasional updates initiated by you or your team members. These updates include, but are not limited to, account activation, team invitations, and payment receipts. We do not send promotional emails.
We store two kinds of user information: Secure Data and Service Data.
Secure Data is data we are not capable of decrypting under any circumstance and is used for the operation our data synchronisation service. This data is encrypted using cryptographic keys that only you possess. We never receive copies of unencrypted Secure Data.
Service Data is data generated by using the applications, your account, and processing your payments. We retain the minimum amount of Service Data to operate our services.
Service Data is kept confidential. It is visible to our staff and includes, but is not limited to, email address, full name, billing information, server logs, client IP address, and stats on application usage.
We use the information we collect to operate and improve our website, applications, and provide customer support. We do not share personal information with outside parties, except to provide specific services.
Customer Support System
Data needed to provide customer support is collected by Help Scout inc., which conforms to a U.S.-E.U. Privacy Shield Framework. See https://www.helpscout.net/company/legal/privacy/.
Any information you choose send us through email or our customer support system may pass through and be stored on a variety of intermediate services.
Data needed to process payments is collected by Stripe, Inc., which conforms to a U.S.-E.U. Privacy Shield Framework. See https://stripe.com/privacy-shield-policy
Third-Party Data Processors
Your Secure Data and Service Data are held by third party data processors, who provide us with hosting and other infrastructure services.
|Google Cloud||Cloud infrastructure hosting|
|Mailgun||Transactional email service|
|Sendwithus||Email template management and sending|
|Stripe||Credit card payment processing|
|Help Scout||Email support and documentation hosting|
Your Responsibilities for Protecting Your Data
When you create an insomnia account you create a password. For your protection, you should create a strong and unique password to ensure that it is not easily guessed. You should also keep a copy in a safe place because future access to your Secure Data depends on your password.
We will never ask you for your password at any time and you should never send it to us.
Your Right to Knowing to What We Know
You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
Your Right to Have Your Data Erased
Account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. Once your account is deleted, it cannot be recovered.
Disaster recovery and data availability requirements mean that Insomnia has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
Cookies and Tracking
We do not engage in or support cross-service tracking and do not use third party analytics packages.
Consent for Underage Enrollment
Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Team owners are responsible for that authorization when they add someone under the age of 16 to an account.
We will comply with applicable law with respect to providing Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not posses, and so we can only hand over Secure Data in encrypted form.
If the confidentiality of customer data is breached, we will publicly disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we will inform the applicable supervisory authorities as required by law and regulation.
Nov 15, 2019
Update data processors
May 22, 2018