Privacy Policy

When you purchase a brief, we collect: the email address you provide for delivery; the topic text and any follow-up text you submit; the search query the system constructs from your topic; the IP address of the browser making the request (used for rate limiting and abuse prevention); and a Stripe checkout session identifier. Payment details (card number, billing address) are collected and stored by Stripe, not by us. We do not request, and do not knowingly collect, sensitive personal information.

We use the information we collect to: produce and deliver your brief; send transactional emails (order confirmations, brief delivery, rerun offers); operate, secure, and improve the service; comply with legal obligations; and respond to your inquiries. We do not sell personal information, and we do not share personal information with third parties for their own marketing.

The service depends on the following processors, each subject to their own privacy policy:

• Stripe — payment processing.
• Anthropic — synthesis model (Claude). Your topic and the search corpus are sent to Anthropic for processing. Anthropic states it does not train on API inputs by default.
• x402 / x-research — full-archive X data access via the x402 micropayment protocol.
• Resend — transactional email delivery.
• Vercel — site hosting (storefront, chat, checkout).
• Google Cloud — backend hosting (brief fulfillment, corpus storage).
• Cloudflare — DNS and network.

We use the minimum cookies necessary to run the service (essentially session and checkout state). We do not currently use third-party analytics, advertising trackers, or behavioral profiling tools.

Corpus pages (your topic, query, and the X posts that fed your brief) are preserved indefinitely so you can return to your data via the permalink in your brief, unless you ask us to delete them. Transactional emails are retained per Resend's policy. Payment records are retained by Stripe per Stripe's policy and our tax/accounting obligations. Server logs and rate-limit records are typically retained for 30 days.

Under the GDPR, our processing of your data is based on (a) performance of a contract — to produce and deliver your brief after you purchase one; (b) our legitimate interests — to operate, secure, and improve the service; and (c) compliance with legal obligations — for example, tax and accounting recordkeeping.

If you are a California resident, you have the right to: know what personal information we have collected about you; access a copy of that information; request correction of inaccurate information; request deletion (subject to legal exceptions); and opt out of the "sale" or "sharing" of personal information (we do neither, so there is nothing to opt out of). You also have the right not to be discriminated against for exercising any of these rights. To exercise any right, email hello@intellegio.com from the address associated with your purchase.

If you are in the EU, UK, or another jurisdiction with GDPR-style protections, you have the right to: access the personal data we hold about you; request rectification of inaccurate data; request erasure (the "right to be forgotten"); restrict or object to our processing; portability of your data in a machine-readable format; and lodge a complaint with your local data protection authority. You also have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you — note that brief synthesis is an editorial output for your own use, not such a decision. To exercise any right, email hello@intellegio.com.

We are based in the United States, and our infrastructure (Vercel, Google Cloud, Stripe, Anthropic, Resend) is primarily U.S.-hosted. If you are accessing the service from outside the U.S., your data will be transferred to and processed in the U.S. We rely on standard contractual clauses and equivalent safeguards offered by our processors where applicable.

We use industry-standard measures to protect the information we hold — encryption in transit (TLS), encryption at rest where our processors provide it, capability-URL tokens for corpus access, and least-privilege access controls. No system is perfectly secure; we cannot guarantee absolute security, but we do our best to prevent unauthorized access.

The service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this policy from time to time. The effective date at the top of the page indicates the date of the most recent change. Material changes will be announced on the site or in a notice email.

Questions, requests, or complaints about this policy can be sent to hello@intellegio.com.