Privacy Policy

1. Introduction

InternalWiki (“we”, “us”, “our”) operates the website and service at internalwiki.com. This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and your rights regarding your personal data.

InternalWiki is the data processor for customer workplace data. Your organisation—the customer that subscribes to InternalWiki—is the data controller for that content. InternalWiki is the data controller only for account data and service usage data described in this policy.

2. Data we collect

A) Account data (data controller: InternalWiki)

• Email address (collected via Clerk authentication)
• Name (if provided via Google OAuth)
• Workspace name
• Authentication tokens (encrypted at rest, used for source connections)
• Usage data: questions asked, timestamps, feature usage
• Device and browser information via standard web analytics

B) Workspace content (data controller: the customer)

• Documents, messages, and files from connected sources (Google Drive, Slack, Microsoft 365)
• InternalWiki does not store raw files. Documents are chunked into passages and converted to vector embeddings. Only the chunked passages and their vector representations are persisted. Raw file content is processed in memory and discarded.
• Permission metadata (ACLs) synced from source systems
• Document metadata: title, type, last modified date, source

C) Query data

• Questions asked by users
• AI-generated answers and citations
• Confidence scores and Trust Panel data
• Conversation history

D) Data we do NOT collect

• We do not collect payment information (handled entirely by Stripe)
• We do not collect biometric data
• We do not track users across other websites
• We do not collect data from users under 16

3. How we use your data

We use the data described above for the following purposes:

• Provide the InternalWiki service: index documents, answer questions, generate citations, and enforce permissions
• Enforce access controls: permission checks run on every query using ACLs synced from your source systems
• Classify document freshness: metadata analysis to determine document lifecycle stage
• Improve answer quality: aggregate, non-personal usage patterns may inform retrieval algorithm tuning
• Communicate with you: service notifications, security alerts, and product updates (with opt-out)
• Comply with legal obligations

We do NOT share individual query data with other customers.

OpenAI processes your queries to generate answers but does NOT retain them for training (we use the API with data retention disabled).

4. Third-party processors

InternalWiki shares data with the following third-party processors, each of whom processes data solely on our instructions:

We evaluate all processors for security practices and data handling. We maintain Data Processing Agreements with each processor.

5. Data retention

• Workspace content (chunks, embeddings): retained while the source is connected. When a source is disconnected, all associated data is permanently deleted within 24 hours.
• Conversation history: retained while the workspace is active. Users can delete individual conversations at any time.
• Account data: retained while the account is active. Deleted within 30 days of an account deletion request.
• Audit logs: retained for 90 days (Team plan) or 1 year (Enterprise plan). Custom retention is available on Enterprise.
• Backups: database backups are retained for 7 days and automatically purged.

6. Data security

• All data encrypted in transit (TLS 1.2+)
• All data encrypted at rest (AES-256)
• OAuth tokens encrypted with a separate encryption key before storage
• Permission enforcement is deterministic at retrieval time—the AI only receives documents the querying user is authorised to access
• No raw documents are stored—only chunked passages and vector embeddings
• SOC 2 Type II audit in progress (target: Q3 2026)

7. Your rights (GDPR)

Under GDPR and applicable data protection laws, you have the following rights:

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure (“right to be forgotten”): request deletion of your account and all associated data
• Restriction: request we limit processing of your data
• Portability: receive your data in a structured format
• Object: object to processing based on legitimate interests
• Withdraw consent: withdraw consent at any time where processing is based on consent

How to exercise your rights

• Email privacy@internalwiki.com
• We respond within 30 days (GDPR requirement)
• Account deletion: available in Settings → Danger Zone, or by emailing privacy@internalwiki.com. All data is purged within 30 days.

For workspace administrators: you can disconnect sources (data deleted within 24 hours), delete conversations, and export audit logs at any time from the admin panel.

8. Cookies

Cookies are small text files that websites place on your device when you visit them. They are widely used to make websites work, to remember your preferences, and to understand how you use the site. InternalWiki uses a minimal set of cookies:

Essential cookies (always active)

These cookies are required for InternalWiki to function. They cannot be disabled.

Analytics cookies (optional)

These cookies help us understand how people use InternalWiki so we can improve the product. They are only set if you accept analytics cookies via the cookie banner.

We do NOT use:

• Advertising or tracking cookies
• Third-party social media cookies
• Cross-site tracking of any kind

You can manage cookie preferences via the banner shown on first visit, or by contacting privacy@internalwiki.com.

9. Data deletion and account closure

You can request complete deletion of your data at any time:

Self-service deletion

• Delete individual conversations: click the delete icon in your conversation list
• Disconnect a source: go to Sources → disconnect. All indexed content from that source is permanently deleted within 24 hours.
• Delete your workspace: Settings → Danger Zone → Delete workspace. All data purged within 30 days.
• Delete your account: Settings → Danger Zone → Delete account. Personal data removed within 30 days.

Assisted deletion

Email privacy@internalwiki.com with “Data deletion request” in the subject. We process all deletion requests within 30 days as required by GDPR.

When data is deleted

• Document chunks and vector embeddings are permanently removed from the database
• Conversation history is permanently removed
• Audit logs referencing the deleted data are anonymised
• Database backups containing the deleted data are purged within 7 days of the backup rotation cycle

10. International data transfers

Data is processed in the United States (AWS us-east-1). For users in the EU/EEA, transfers are governed by Standard Contractual Clauses with our processors. EU hosting is planned for Q4 2026.

11. Children

InternalWiki is a business product not directed at individuals under 16. We do not knowingly collect data from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email or in-app notification. Continued use of the service after changes constitutes acceptance of the revised policy.

13. Contact

InternalWiki

Email: privacy@internalwiki.com

For data protection enquiries: privacy@internalwiki.com