Insight Consulting Partners LLC, doing business as Insight Consulting Tech ("Company," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at insightconsultingtech.com, the ContractHub platform, and related services (collectively, the "Services").
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account through Clerk (our authentication provider), we receive your name, email address, and profile picture (if signing in via Google or other social providers).
- Payment Information: When you subscribe to a paid plan, payment details (credit card, billing address) are collected and processed by Stripe. We do not store full credit card numbers on our servers.
- SAM.gov API Keys: If you use a BYO Key plan, your SAM.gov API key is stored using AES-256-GCM encryption and used solely to query SAM.gov on your behalf.
- Contact Form Submissions: Name, email, organization, and message content submitted through our contact form (processed via Formspree).
- Communications: Any emails or messages you send us.
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, session duration, and interaction patterns.
- Device Information: Browser type, operating system, screen resolution, and device identifiers.
- Log Data: IP address, access times, and referring URLs.
- Cookies & Local Storage: We use cookies and browser local storage for authentication sessions and user preferences.
1.3 Information from Third Parties
- Clerk: Authentication data (user ID, email, sign-in method).
- Stripe: Subscription status, billing history, and payment confirmations.
2. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Services
- Process subscriptions and payments
- Authenticate your identity and secure your account
- Execute SAM.gov API queries on your behalf using your stored API key
- Respond to your inquiries and provide customer support
- Send service-related communications (billing confirmations, security alerts, feature updates)
- Monitor usage patterns to prevent abuse and ensure platform stability
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your data for targeted advertising.
3. How We Share Your Information
We share information only in the following circumstances:
| Recipient |
Purpose |
Data Shared |
| Clerk |
Authentication |
Email, name, sign-in events |
| Stripe |
Payment processing |
Email, billing info, subscription data |
| Formspree |
Contact form processing |
Name, email, message content |
| Netlify |
Website hosting |
Access logs, IP addresses |
| Microsoft Azure |
Backend infrastructure |
Encrypted data in transit and at rest |
We may also disclose information if required by law, court order, or government request, or to protect the safety, rights, or property of our users or the public.
4. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between your browser and our servers uses TLS/HTTPS
- Encryption at Rest: SAM.gov API keys are stored with AES-256-GCM encryption
- Access Controls: Administrative access is restricted and authenticated
- Secure Authentication: Powered by Clerk with support for multi-factor authentication
- Payment Security: Stripe is PCI DSS Level 1 certified; we never store full card numbers
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
- Account Data: Retained while your account is active and for up to 30 days after deletion
- Payment Records: Retained as required by tax and financial regulations (typically 7 years)
- SAM.gov API Keys: Deleted immediately upon revocation or account deletion
- Contact Form Submissions: Retained for up to 2 years for business correspondence purposes
- Server Logs: Retained for up to 90 days for security and debugging purposes
6. Your Rights & Choices
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to certain processing activities
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at info@insightconsultingtech.com. We will respond within 30 days.
7. Cookies & Tracking
We use the following types of cookies:
- Essential Cookies: Required for authentication and site functionality (Clerk session tokens)
- Preference Cookies: Store your display preferences and settings
We do not use third-party advertising or analytics tracking cookies. You can manage cookies through your browser settings, but disabling essential cookies may prevent you from using authenticated features.
8. Children's Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
9. International Data Transfers
Our Services are operated from the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States. By using the Services, you consent to this transfer.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, and shared
- Right to delete personal information
- Right to opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. The "Effective Date" at the top of this page indicates when the policy was last revised. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: