Back to Home

Security

Your data security is our top priority. Learn how we protect your information.

Privacy-First Architecture
Your survey responses are stored directly in your Google Drive, not on our servers. This means you maintain complete control over your data.
Encrypted Connections
All data transmitted between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS on all connections.
Minimal Data Storage
We only store the minimum data necessary to operate the service: your authentication tokens and survey share links. No survey content or responses.
No Data Mining
We never analyze, sell, or share your survey data. The AI features process data transiently without storing it on our systems.
OAuth 2.0 Authentication
We use Google OAuth 2.0 for secure authentication. We never see or store your Google password.
Regular Security Audits
We regularly review our security practices and dependencies to ensure your data remains protected.

How Your Data Flows

1

You Create a Survey

AI generates questions based on your goal. The survey structure is saved to a Google Sheet in YOUR Drive.

2

Respondents Submit Answers

Responses go directly to your Google Sheet. We never see or store the response content.

3

AI Analyzes Responses

When you request insights, data is processed transiently. Results are saved to your Sheet, not our servers.

Google OAuth Scopes

We request only the minimum Google permissions necessary to operate InsightFlow:

  • drive.file

    Create and manage only the files InsightFlow creates, not access your entire Drive.

  • spreadsheets

    Read and write survey data to Google Sheets you create through InsightFlow.

  • userinfo.email & profile

    Identify your account and personalize your experience.

Infrastructure Security

  • Hosted on Vercel with automatic DDoS protection
  • Database hosted on Neon with encryption at rest
  • All API endpoints protected with authentication
  • Rate limiting to prevent abuse
  • Security headers (CSP, X-Frame-Options, etc.) on all pages

Revoking Access

You can revoke InsightFlow's access to your Google account at any time:

  1. Go to your Google Account settings
  2. Navigate to Security → Third-party apps with account access
  3. Find InsightFlow and click "Remove Access"

Your survey data will remain in your Google Drive even after revoking access.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to security@insightflow.highguts.com. We appreciate your help in keeping InsightFlow secure.