Privacy Policy

Last updated: March 27, 2026

InnTelligence B.V. ("we", "us", "our") operates the InnFuse AI Agent Platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use InnFuse.

1. Data Controller

InnTelligence B.V., registered at M.A. Reinaldaweg 2D, 3446 CB Woerden, the Netherlands (KvK 94901708, BTW NL866930450B01), is the data controller for personal data processed through the InnFuse platform. For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@innfuse.nl.

2. Data We Collect

We collect the following categories of personal data when you use InnFuse:

Account Data

  • Name, email address, and company information provided during registration
  • Billing information and payment details (processed by our payment providers)
  • User preferences, settings, and configuration choices

AI Interaction Data

  • Conversation content exchanged between users and AI agents
  • AI model inputs and outputs, including tool call parameters and results
  • Agent configuration data, system prompts, and skill assignments
  • Audit trail data including timestamps, model identifiers, and token usage

Channel Data

  • Messages received and sent via connected channels (Slack, Teams, WhatsApp, Chat Widget)
  • Channel-specific user identifiers and profile information
  • Message metadata including timestamps, channel identifiers, and delivery status

Technical Data

  • IP addresses, browser type, and device information for security monitoring
  • Usage logs including page visits, feature usage, and session duration
  • Performance metrics and error logs for service reliability

3. How We Use Your Data

  • To provide and operate the InnFuse AI Agent Platform (Article 6(1)(b) GDPR — contract performance)
  • To process AI agent conversations and deliver responses (Article 6(1)(b) GDPR — contract performance)
  • To maintain security, detect fraud, and prevent abuse (Article 6(1)(f) GDPR — legitimate interest)
  • To comply with legal obligations including tax, accounting, and regulatory requirements (Article 6(1)(c) GDPR — legal obligation)
  • To improve our services through aggregated, anonymized analytics (Article 6(1)(f) GDPR — legitimate interest)
  • To send service-related communications and, with your consent, marketing messages (Article 6(1)(a) GDPR — consent)

4. Data Sharing

We share personal data with the following categories of third parties, only to the extent necessary for providing InnFuse:

All third-party processors have signed Data Processing Agreements (DPAs) in accordance with Article 28 GDPR. We do not sell personal data to third parties.

  • AI model providers (Anthropic, Mistral AI, OpenAI) — for processing AI conversations. These providers act as sub-processors and process data under our instructions. Conversation data is sent for inference only and is not used to train models.
  • Payment processors (Pay.nl, Stripe) — for processing payments and subscriptions
  • Infrastructure providers (TransIP) — for hosting, storage, and content delivery within the EU
  • Channel providers (Slack/Salesforce, Microsoft, Meta) — for delivering messages via connected communication channels

5. Data Location & Transfers

InnFuse is designed with data sovereignty as a core principle:

  • Platform infrastructure and databases are hosted within the European Union (Netherlands)
  • Object storage and backups are stored within the EU
  • AI model inference may occur in EU or US data centers depending on the provider, with appropriate safeguards

Conversation data sent to AI model providers (Anthropic, Mistral AI, OpenAI) is processed within their EU or EEA-designated infrastructure where available. Where data is processed outside the EU/EEA, appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and supplementary technical measures such as encryption in transit.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy. Conversation data is retained for 12 months by default (configurable per tenant). Audit logs are retained for a minimum of 5 years. Account data is retained until account deletion. After the retention period, data is securely deleted or anonymized.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate personal data
  • Right to erasure — request deletion of your personal data
  • Right to restriction — restrict processing of your personal data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right regarding automated decisions — not be subject to decisions based solely on automated processing

To exercise any of these rights, contact us at privacy@innfuse.nl. We will respond within 30 days as required by GDPR. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including: encryption at rest (AES-256) and in transit (TLS 1.3), strict tenant isolation with dedicated databases per customer, role-based access control and two-factor authentication, regular security audits and penetration testing, immutable audit logging of all data access, and automated vulnerability scanning of infrastructure.

9. Contact

For questions about this Privacy Policy, to exercise your data rights, or to report a data protection concern, contact our Data Protection Officer:

InnTelligence B.V.
M.A. Reinaldaweg 2D
3446 CB Woerden
The Netherlands

privacy@innfuse.nl: privacy@innfuse.nl
KvK: 94901708