Legal

Privacy Policy

A plain-language summary of the data InvisiQ handles, where it sits, and what rights you have over it.

Last updated: 27 May 2026 · Version 1.1

1. Who we are

This Privacy Policy applies to InvisiQ (the “Service”), a Windows desktop application operated by InvisiQ (“we”, “us”, “our”). We are based in New Delhi, Delhi, India. For privacy enquiries write to privacy@invisiq.xyz.

2. The short version

The InvisiQ app runs locally on your machine. We do not operate a server that processes your prompts, screenshots, conversations, or screen content. During the open beta we collect no payment details at all. The only personal data we hold is your email address and the trial state of your account, used to run your 14-day free trial and reply to your feedback.

3. Information we collect

3.1 Account & trial data

  • Email address, supplied at sign-up, used to identify your trial, send transactional emails, and respond to feedback.
  • Trial state (trial start date, days remaining), maintained to run the 14-day free trial.
  • No payment details are collected during the open beta. If we introduce paid plans in future, any billing data will be handled by a PCI-DSS-compliant payment partner and this policy will be updated before that happens.

3.2 Feedback you submit

  • If you submit a review or feedback, we store the name, email, rating, and message you provide, so we can act on it and reply to you.

3.3 Operational logs

Our licence-check server logs the IP address, app version, and timestamp of each licence validation request. We retain these logs for a maximum of 30 days for fraud prevention and then permanently delete them.

3.4 Data we do not collect

  • Conversations with AI models
  • Screenshots, region captures, or any pixel data from your screen
  • Keystrokes, mouse movement, or in-app interactions
  • Provider API keys (these are encrypted locally on your machine, see §5)
  • Cookies or web tracking identifiers on this marketing site
  • Telemetry, crash reports, or feature-usage analytics

4. How prompts and screen content are handled

When you send a prompt or screen capture to an AI provider, the request leaves your device and goes directly to the provider you configured (OpenAI, Anthropic, Google, or your local Ollama instance). It does not pass through any InvisiQ server. The data-handling terms of that AI provider apply to the content of the request, not ours. Review each provider’s policy:

5. Local data storage

The following data is stored on your computer only:

  • API keys, encrypted with AES-256-GCM. The key is derived from your machine fingerprint using PBKDF2-SHA256 with 600,000 iterations.
  • Conversation history, encrypted at rest.
  • The local TF-IDF memory index, encrypted at rest.
  • Cached preferences, mode definitions, and rebinding state.

You can clear all local data at any time via Settings → Data → Erase local storage.

6. Legal bases for processing

Under India’s Digital Personal Data Protection Act, 2023 (DPDP Act), and where applicable the EU GDPR, we process the limited personal data above on these bases:

  • Contract: account & billing data are required to provide the Service.
  • Legitimate interest: short-lived licence-validation logs, for fraud prevention.
  • Consent: any optional emails you opt into (we do not send marketing emails by default).

7. Your rights

You may at any time:

  • Request a copy of the personal data we hold about you.
  • Ask for corrections to inaccurate data.
  • Request deletion of your account and associated data (subject to legal-retention duties on financial records).
  • Withdraw any consent you have given.
  • File a grievance with our Data Protection Officer at privacy@invisiq.xyz.

Indian residents may also approach the Data Protection Board of India under the DPDP Act. EEA residents may lodge a complaint with their supervisory authority.

8. Children

The Service is not intended for users under the age of 18. We do not knowingly process the personal data of minors. If we learn we have done so, the account will be terminated and the data deleted.

9. International transfers

Account and billing data is hosted on infrastructure operated within India. Where data leaves India (for example, through your direct connections to non-Indian AI providers you configure), that transfer is initiated by you and governed by the recipient’s policy.

10. Retention

  • Account data: retained while your account is active, plus 90 days after closure.
  • Feedback and reviews: retained for up to 24 months to inform the product roadmap.
  • Licence-validation logs: 30 days, then permanently deleted.

11. Security

We implement reasonable administrative, technical, and physical safeguards: encryption in transit (TLS 1.3) and at rest (AES-256-GCM), principle-of-least-privilege access controls, regular dependency audits, and a documented incident-response plan. No system is perfectly secure; if you discover a vulnerability, please report it to privacy@invisiq.xyz.

12. Changes to this policy

We may update this policy. Material changes will be announced inside the app and on this page at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the current version.

13. Contact

Questions, concerns, or requests of any kind: