Privacy Policy

Last updated: 2026-05-15

What we collect

IntentGPT collects: email address (for authentication via magic link), workspace metadata, MCP API key metadata (prefix + last 4 + Argon2id-hashed full key), and usage events (which tool you called, how many credits it consumed, when, and the outcome). We do not collect message bodies, payment card data, or PII about the accounts you query.

How we use it

Email and workspace metadata are used to authenticate you and route you to the correct billing entity. Usage events are aggregated for Stripe metered billing (Pro tier) and to surface your /usage dashboard. We don't sell or share usage data with third parties.

Data location

US-East (Google Cloud Platform, us-central1). The intent graph (BigQuery) lives in the same region. EU residency is on the roadmap; if it's a hard requirement, email privacy@intentgpt.ai.

Right to delete

You can request deletion of your account and all associated data by emailing privacy@intentgpt.ai. We respond within 30 days. Audit log entries may be retained for one year to satisfy security audit requirements.

Subprocessors

See Subprocessors for the full list — primarily GCP (hosting), Resend (transactional email), Stripe (payments), Sentry (errors), and PostHog (cookieless product analytics).

Contact

Privacy questions: privacy@intentgpt.ai