Trust Center
How we protect your data. Last updated: July 12, 2026
IntelCue is built to collect the minimum data needed to deliver market and competitive intelligence, and to keep it secure and under your control. This page summarizes our security and privacy practices and links to the underlying policies.
Security
- Encryption. All traffic is served over HTTPS/TLS. Stored secrets such as API keys and integration tokens are encrypted at rest with authenticated AES-256-GCM and are never exposed to the browser.
- Authentication. Passwords are stored using a strong one-way hash. Sessions are token-based, and IP addresses stored for security are anonymized.
- Tenant isolation. Every data request is scoped to your workspace; one customer’s data is never accessible to another.
- Safe fetching. When we retrieve URLs you configure, requests to internal or private network addresses are blocked to prevent server-side request forgery.
- Abuse protection. Rate limiting, signed and verified inbound webhooks, and constant-time secret checks guard our endpoints.
- Least privilege. Administrative functions are restricted, and public demo accounts are read-only by default.
Privacy & data protection
- Data minimization. We store the source/publication name rather than personal author bylines, keep only unsubscribe headers from captured newsletters, anonymize IP addresses, redact email addresses from logs, automatically redact structured personal data (emails, phone numbers, IPs) from stored source content, and remove subscriber-identifying unsubscribe links from stored newsletter content.
- Retention. Source content is automatically deleted after your configured window (30, 60, or 90 days).
- Your rights (GDPR). You can access, correct, export, or delete your data. Deleting your account cascades across all of your workspace data, sessions, and tokens.
- AI processing. Content analyzed by our AI provider (Anthropic Claude) is not used to train models.
- Lawful bases & DPIA. We process on the bases of contract, legitimate interests, and consent, and maintain a Data Protection Impact Assessment for our monitoring activities. See our Privacy Policy.
Sub-processors & transfers
We publish the third-party sub-processors we use, with their purpose and location, on our Sub-processor List. Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses.
Data Processing Agreement
A Data Processing Agreement (DPA) is available to business customers on request. Contact us at [email protected] and we will provide our current DPA.
Reporting a security issue
If you believe you’ve found a security vulnerability, please report it to [email protected]. We appreciate responsible disclosure and will respond promptly.
© 2026 IntelCue. All rights reserved.