Security and trust

Your study data, handled with appropriate controls.

InsightLab stores your study inputs: target URLs, audience descriptions, tasks, and optionally PostHog context. This page describes exactly what we store, how we protect it, and the controls you retain.

What we ingest

Only the study inputs required to run the simulation.

A target URL or Figma link, an audience description, and the tasks to attempt. PostHog context is optional and never required. We do not ask for session logs, source code, or production credentials.

PII minimization

InsightLab works with URLs, task descriptions, and optional event context. If you include PostHog context in a study, PII fields can be excluded or anonymized before the study runs.

Access controls

Study data is scoped to your workspace using row-level security. It is used only to run your simulations and is never shared across accounts. Internal access follows a least-privilege model and is subject to audit logging.

Encryption

Data is encrypted in transit using TLS and encrypted at rest. Storage infrastructure uses industry-standard ciphers throughout.

Deletion on request

You retain ownership of your study data at all times. Submit a deletion request and we will remove your study inputs, simulation results, and any stored context associated with your account.

Compliance posture

An honest account of where we are.

We are an early-stage company. We would rather be transparent about our current posture than overstate certifications we have not yet completed.

Data Processing Agreement

A DPA is available for customers who require one as a condition of onboarding. Contact us and we will engage your legal team directly.

SOC 2 in progress

Formal SOC 2 Type II readiness is on our near-term roadmap. We are happy to walk your security team through our current control environment in a dedicated session.

The compliance representations on this page reflect our current state and will be updated as certifications are completed. We do not claim certifications we have not obtained.

Have a security question?

We will get your security or legal team the answers they need before you commit to onboarding.

Contact Us