Our Trust Center is where we document exactly how we collect, handle, and protect data β no small print, no ambiguity.
You can export your data in full at any time, and delete it permanently with a single request. We never hold your data hostage. When you leave, your data leaves with you.
We have never sold customer data or end-user behavioral data to any third party and we never will. Our business model is subscriptions β not advertising or data brokering.
Our default settings minimise data collection. You opt in to advanced tracking β we never silently expand the scope of what we collect. New features default to minimal data.
We maintain a public changelog of privacy and security policy updates. Significant changes come with at least 30 days' notice. We publish security incident reports after resolution.
| Data Type | Why We Collect It | How Long We Retain It |
|---|---|---|
| Account data Name, email address, billing details, account settings |
Service delivery, authentication, billing, and support | Account lifetime + 30 days after deletion |
| Behavioral analytics data Session recordings, heatmaps, click events, page views, survey responses |
To provide the core product analytics service to our customers | Configurable by customer (default: 2 years) |
| Payment data Transaction records, invoice history (card data handled by Stripe β we never store raw card numbers) |
Billing, financial reporting, and dispute resolution | 7 years (legal and tax requirements) |
| Support conversations Intercom messages, email threads, bug reports |
Customer support, issue tracking, and quality improvement | 3 years from last interaction |
| Usage & product analytics Feature usage events, error logs, performance metrics within the Interwow app |
Product improvement, debugging, and reliability monitoring | 90 days (aggregated insights retained longer) |
| Marketing data Email engagement (opens/clicks), UTM parameters at sign-up |
Understanding acquisition channels; sending product updates (opt-out any time) | Until unsubscribe or account deletion |
Whether you're in the EU, California, or anywhere else, we extend these rights to all users worldwide. To exercise any of these rights, email [email protected] and we'll respond within 30 days.
Request a copy of all personal data we hold about you. We'll provide it in a structured, machine-readable format within 30 days.
If any personal data we hold about you is inaccurate or incomplete, you can ask us to correct it at any time.
Request permanent deletion of your personal data. Subject to legal retention obligations, we'll purge data from all systems including backups within 30 days.
Receive your data in a commonly used, machine-readable format (JSON or CSV) to transfer to another service.
Ask us to restrict the processing of your personal data while a dispute about accuracy or legitimacy is being resolved.
Object to processing based on legitimate interests or for direct marketing purposes. We will stop unless we can demonstrate compelling legitimate grounds.
We use a limited number of carefully vetted third-party services to operate the platform. Each sub-processor is bound by appropriate data processing agreements.
| Sub-processor | Purpose | Data Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, infrastructure, and storage | EU / US (customer choice) |
| Stripe | Payment processing and subscription billing | US |
| Intercom | Customer support and in-app messaging | US |
| SendGrid | Transactional and marketing email delivery | US |
| Google Analytics | Website analytics (interwow.com only β not product data) | US |
Changes to our sub-processor list are communicated via email with 30 days' notice.
SOC 2 Type II, GDPR, and CCPA compliance details, infrastructure security practices, and our bug bounty program.
View Compliance & Security βQuestions about your data, privacy rights, or our data practices? Reach our Data Protection Officer directly. We respond within 2 business days.
[email protected]