Privacy Policy

Kong’s Privacy Policy applies to information collected or submitted during use of Insomnia's website and desktop applications. This Insomnia Privacy Policy supplements Kong’s Privacy Policy.

Information We Collect

When creating an Insomnia account, you will be asked to enter an email address and password. Email addresses are used during sign-in in and for receiving occasional updates initiated by you or your team members. These updates include, but are not limited to, account activation, team invitations, and payment receipts.

Secure Data

Secure Data is data we are not capable of decrypting under any circumstance and is used for the operation of our data synchronisation service. This data is encrypted using cryptographic keys that only you possess. We never receive copies of unencrypted Secure Data.

Service Data

Service Data is data generated by using the applications, your account, and processing your payments. We retain the minimum amount of Service Data to operate our services.

Service Data is kept confidential. It is visible to our staff and includes, but is not limited to, email address, full name, billing information, server logs, client IP address, and stats on application usage.

Analytics Data

Insomnia’s website and (if you opt-in) applications collect information to improve our Services.

Information Usage

We use the information we collect to operate and improve our website, applications, and provide customer support. We do not share personal information with outside parties, except to provide specific services.

Customer Support System
Data needed to provide customer support is collected by Help Scout inc., which conforms to a U.S.-E.U. Privacy Shield Framework. See https://www.helpscout.net/company/legal/privacy/.

Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services.

Payment Processor
Data needed to process payments is collected by Stripe, Inc., which conforms to a U.S.-E.U. Privacy Shield Framework. See https://stripe.com/privacy-shield-policy

Third-Party Data Processors
Your Secure Data and Service Data are held by third party data processors, who provide us with hosting and other infrastructure services.

Sub-processor Purpose
Google Analytics Website and application analytics
Google Cloud Cloud infrastructure hosting
Mailgun Transactional email service
Sendwithus Email template management and sending
Stripe Credit card payment processing
Baremetrics Stripe analytics
Help Scout Email support and documentation hosting

Your Responsibilities for Protecting Your Data

When you create an insomnia account you create a password. For your protection, you should create a strong and unique password to ensure that it is not easily guessed. You should also keep a copy in a safe place because future access to your Secure Data depends on your password.

We will never ask you for your password at any time and you should never send it to us.

Your Right to Knowing to What We Know

You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.

Your Right to Have Your Data Erased

Account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. Once your account is deleted, it cannot be recovered.

Disaster recovery and data availability requirements mean that Insomnia has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.

Cookies and Tracking

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use: session cookies (we use these cookies to operate our Service) and preference cookies (we use these cookies to remember your preferences and various settings).

Information for European Union Customers

By using our Service and providing your information, you authorize us to collect, use, and store your information outside of the European Union.

Consent for Underage Enrollment

Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Team owners are responsible for that authorization when they add someone under the age of 16 to an account.

Disclosure

We will comply with applicable law with respect to providing Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not posses, and so we can only hand over Secure Data in encrypted form.

Breach Notification

If the confidentiality of customer data is breached, we will publicly disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we will inform the applicable supervisory authorities as required by law and regulation.

Contacting Us

If you have questions regarding this privacy policy, you may email [email protected]. Please note that account deletion should be done within the account dashboard and not via email requests, for security reasons.

Changes

If we decide to change our privacy policy, we will post those changes on this page. Summary of changes so far:

Apr 28, 2020
Added third-party analytics section, update cookie policy and data processors; Other minor edits.

Nov 15, 2019
Update data processors

May 22, 2018
Original version

Thanks to all 0 contributors 🎉👏