Privacy Policy

How iinspect handles your data

This page explains what the app receives, what it stores temporarily, and what it does not keep.

Plain answer. No customer login is required. Raw PDFs are not stored. Temporary extracted text and structured results may be kept only long enough to finish a review job and then expire automatically.

Last updated: March 26, 2026

1. What this policy covers

This policy covers the public iinspect app, including the statement review flow, the quiz flow, the card catalog pages, and the separate admin area.

2. No customer account is required

You can use the quiz and the public statement review flow without creating a customer account. Google sign-in is used only for the protected admin panel.

3. What happens when you review a statement

When you use statement review, the PDF is read in your browser. The app extracts statement text from the PDF in the browser and sends that extracted text to the server for analysis. The raw PDF itself is not stored by the app.

4. What is stored temporarily

To run the analysis job and let the browser poll for progress, the app may temporarily store extracted statement text, job metadata, and structured analysis results. On hosted deployments, these temporary records are used only to complete the job and expire automatically. The current retention window is up to 24 hours.

5. What is not stored

The app does not store raw uploaded PDFs as part of the hosted analysis flow. It also does not require a public customer profile, and it does not use ad tracking or marketing analytics scripts in the public app.

6. Quiz answers

The quick quiz is designed to work without a user account. Quiz answers are used to generate a card suggestion during your session and are not tied to a public user identity in the app.

7. Third-party services

The hosted product may rely on third-party providers to deliver the service, including:

Gemini for statement analysis, Upstash Redis for temporary job state, Vercel Blob for temporary job artifacts, and Google for protected admin login.

8. Cookies and sessions

The public app does not require a login cookie. The protected admin area uses an authentication session only for admin access.

9. Security-minded design choices

The app uses token-protected analysis jobs, same-origin checks for write actions, and no-store response headers on sensitive API responses. These controls are designed to reduce unnecessary exposure of temporary review data.

10. Your choice

If you do not want to use statement review, you can use the quiz instead. That path gives you card suggestions without uploading statement data.

11. Updates to this policy

If the way iinspect handles data changes in a material way, this page should be updated to reflect that change.