Privacy Policy

Introduction

IntakeTh.is ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our client intake management platform.

Information We Collect

• • Account information: email address, name, business name, and contact details when you register
• • Client information: names, emails, and project details you add to manage your clients
• • Intake content: questions & forms, documents, images & files, links, access details, contact info, contracts, and project details submitted through intake forms
• • Payment information: billing details processed securely through Stripe (we do not store card numbers)
• • Usage data: pages visited, features used, and session information to improve our service
• • Device information: browser type, IP address, and device identifiers for security purposes

How We Use Your Information

• • Provide, maintain, and improve the IntakeTh.is service
• • Process transactions and manage your subscription
• • Send transactional emails (intake links, reminders, notifications)
• • Respond to customer support requests
• • Analyze usage patterns to improve user experience
• • Detect and prevent fraud, abuse, and security incidents
• • Comply with legal obligations

Sub-Processors and Third-Party Services

We use trusted third-party services to operate IntakeTh.is. These sub-processors have access to your data only to perform specific tasks on our behalf and are obligated to protect your information:

• • Stripe (stripe.com) — Payment processing. See Stripe's Privacy Policy at stripe.com/privacy
• • Cloudflare R2 — Secure file storage for uploaded documents and assets
• • SendGrid (Twilio) — Transactional email delivery for intake links and reminders
• • Neon — PostgreSQL database hosting for application data
• • Vercel — Application hosting and deployment

Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including access controls, encryption (TLS 1.2+), secure authentication, and regular security reviews. Files uploaded through intakes are stored in isolated, encrypted cloud storage. Only authorized personnel have access to production systems, and access is logged and audited.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you cancel your subscription, your data is retained for 30 days, then permanently deleted. You may request earlier deletion by contacting support@intaketh.is.

Your Client's Data

When your clients submit information through intake forms, you act as the data controller and we act as the data processor. You are responsible for: (1) having a lawful basis to collect client data, (2) informing clients how their data will be used, (3) responding to client data requests, and (4) ensuring client data is handled in compliance with applicable laws. We process client data solely to provide the service to you.

Cookies and Tracking

We use essential cookies to authenticate users, maintain sessions, and remember preferences. We do not use third-party advertising or tracking cookies. For detailed information about our cookie usage, please see our Cookie Policy at intaketh.is/cookies.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• • Access: Request a copy of the personal data we hold about you
• • Correction: Request correction of inaccurate or incomplete data
• • Deletion: Request deletion of your personal data
• • Portability: Request your data in a machine-readable format
• • Restriction: Request that we limit processing of your data
• • Objection: Object to processing based on legitimate interests
• • Withdraw consent: Withdraw consent at any time where processing is based on consent

For European Users (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Our legal bases for processing your data include: (1) performance of our contract with you, (2) our legitimate interests in operating and improving our service, (3) your consent where applicable, and (4) compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority. For data transfers outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission.

For California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). You have the right to: (1) know what personal information we collect and how it is used, (2) request deletion of your personal information, (3) opt-out of the sale of personal information (note: we do not sell personal information), and (4) non-discrimination for exercising your rights. To exercise these rights, contact us at privacy@intaketh.is.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will be provided within 72 hours of becoming aware of a breach, where feasible, and will include: the nature of the breach, types of data affected, likely consequences, and measures taken to address the breach.

Children's Privacy

IntakeTh.is is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses and adequacy decisions where applicable.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: privacy@intaketh.is.