Privacy Policy

1. Introduction & Scope

Instantprod ("we", "us") provides an AI deployment and business intelligence platform ("Platform") for businesses. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with our website, Platform, and Services.

This Policy works together with our Terms & Conditions. Our Services are designed for business customers (B2B). If you are using our Services for personal, family, or household purposes, please do not submit personal data through the Platform.

How to contact us: support@instantprod.dev

2. Our Roles

Data Controller. When we operate our website, manage billing, run sales and marketing, and provide customer support, we act as a data controller. We determine the purposes and means of processing your personal data in these contexts.

Data Processor. When we process Client Business Data on your behalf through the Platform (for example, ingesting your operational data, generating intelligence outputs, or running AI models on your data), we act as your data processor. We process this data solely under your instructions and in accordance with your service agreement. We will enter into a Data Processing Addendum (DPA) on request.

3. Data We Collect

3.1 Account data (provided directly by you)

Name, business email, company name, job title, and role.
Billing information: billing email, GCT registration number, payment method details (processed by Stripe).
Support and communications: messages, attachments, and feedback submitted through support channels.

3.2 Platform usage data (collected automatically)

Feature usage: dashboards accessed, queries run, integrations configured, and actions taken within the Platform.
Technical data: IP address, browser type, device information, operating system, and session identifiers.
Performance data: page load times, error logs, and system diagnostics.

3.3 Client Business Data (processed on your behalf)

This includes any data you upload, connect, or make available through the Platform for AI processing and intelligence generation. The nature and categories of this data depend on your specific integrations and use case. We process this data as your data processor under your instructions.

3.4 Website telemetry

Pages viewed, timestamps, referrers, approximate location (city/region), and campaign/UTM parameters.

4. How We Use Data

Service delivery: Operating the Platform, processing Client Business Data, generating intelligence outputs, and delivering Deliverables.
Platform improvement: Analyzing aggregate, anonymized usage patterns to improve features, performance, and reliability.
Security: Detecting and preventing unauthorized access, fraud, and abuse.
Support: Responding to inquiries, troubleshooting issues, and providing technical assistance.
Billing: Processing payments, issuing invoices, and managing subscriptions.
Compliance: Meeting tax, accounting, legal, and regulatory obligations.
Communications: Sending service notices, security alerts, and (with consent) marketing to businesses that have expressed interest.

5. AI & Automated Processing

5.1 Transparency. The Platform uses AI and machine learning to process Client Business Data and generate signals, alerts, summaries, and recommendations. These outputs are designed to support your decision-making, not to replace it.

5.2 No fully automated consequential decisions. We do not make fully automated decisions that produce legal or similarly significant effects on individuals without human oversight. AI-generated outputs require your review and judgment before action.

5.3 Model training. We do not use your Client Business Data to train general-purpose AI models without your explicit written consent. Anonymized, aggregated telemetry may be used to improve Platform performance.

6. Legal Bases

We process personal data under one or more of the following legal bases:

Contract: Processing necessary to deliver the Services you have engaged us to provide.
Legitimate interest: Security monitoring, fraud prevention, Platform improvement, analytics, and B2B marketing (balanced against your rights).
Consent: Where required by law, such as for certain cookies or marketing communications.
Legal obligation: Tax reporting, fraud prevention, record-keeping, and responding to lawful requests from authorities.

7. Cookies & Analytics

7.1 Consent-based analytics. We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 scripts only load after you accept cookies via our consent banner. If you decline or close the banner, no tracking scripts are loaded.

7.2 What GA4 collects. When enabled, GA4 may collect: pages viewed, session duration, approximate location (city/country), device and browser type, referrer URL, and anonymized IP address. Google may process this data on servers outside Jamaica. See Google's Privacy Policy.

7.3 Essential cookies. We use minimal essential cookies for site functionality, such as storing your cookie consent preference.

7.4 Managing preferences. You can withdraw consent anytime by clearing your browser's localStorage for our site or by using browser settings to block cookies.

We do not sell your personal data. We do not run interest-based advertising on our site.

8. Data Sharing & Sub-processors

We share personal data only with the following categories of recipients:

Infrastructure providers: Cloud hosting and storage (e.g., Vercel, AWS).
Payment processor: Stripe, for subscription billing and payment processing. See Stripe's Privacy Policy.
Analytics: Google Analytics (consent-based, website only).
AI model providers: Third-party AI services that may process Client Business Data as sub-processors under our data processing agreements.
Professional advisors: Legal and accounting advisors, under confidentiality obligations.
Authorities: When required by law or to respond to valid legal process.
Business transfers: In connection with a merger, acquisition, or sale of assets, with equivalent data protections.

We remain responsible for sub-processors acting on our instructions. We do not sell personal data.

9. International Transfers

We may store or process data outside Jamaica (for example, in the United States or European Union). When we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent contractual protections to ensure your data receives adequate protection.

10. Data Retention

Account data: Retained for the duration of your relationship with us, plus two (2) years for legitimate business and legal purposes.
Client Business Data: Retained and deleted in accordance with your service agreement and Section 10 of our Terms & Conditions (30-day export window, 90-day deletion).
Platform logs: Retained for up to 12 months, then aggregated or deleted.
Billing records: Retained as required by applicable tax and accounting laws.

11. Security

We implement technical and organizational measures to protect your data, including:

Encryption in transit and at rest.
Least-privilege access controls and role-based permissions.
Audit logging of Platform access and data operations.
Incident response procedures with defined escalation paths.
Regular security reviews and vulnerability assessments.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Your Rights

Depending on the law that applies to you (including Jamaica's Data Protection Act 2020), you may have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete personal data.
Erasure: Request deletion of your personal data when it is no longer needed.
Portability: Receive your personal data in a structured, machine-readable format.
Restriction: Request that we limit the processing of your personal data in certain circumstances.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing relies on consent, withdraw it at any time.

To exercise any of these rights, email support@instantprod.dev. We will respond within 30 days. You may also contact the Office of the Information Commissioner (Jamaica).

13. Client Business Data

Where we process Client Business Data as your data processor, you (the Client) are the data controller for that data. You are responsible for providing any required notices to, and obtaining any necessary consents from, individuals whose data you provide to the Platform.

If you are an end user of a Client's services and have questions about how your data is processed through our Platform, please refer to that Client's privacy policy or contact them directly.

14. Children

Our Services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice by updating the effective date on this page and, where appropriate, notifying you by email. Continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.

16. Contact Us

Instantprod
Email: support@instantprod.dev
Address: 2 Upper Elleston Road, Kingston CSO, Jamaica