Privacy Policy

Last updated: May 27, 2026

This policy was substantially updated on May 18, 2026 to expand sub-processor disclosures, international transfer information, and data-subject-request procedures. For enterprise procurement questions (DPA, security review, detailed sub-processor list, compliance documentation), email info@myintelbrief.com.

MyIntelBrief is a service of Rising Vista LLC, a Wyoming limited liability company. In this Policy, "we," "us," and "MyIntelBrief" refer to Rising Vista LLC operating the MyIntelBrief platform.

1. What We Collect

  • Account data: Email address, name, and hashed password (or OAuth identity from a single-sign-on provider you choose)
  • Business data: Your business name, type, location, and the competitor URLs you monitor
  • Usage data: Pages visited, features used, scan activity, IP address, browser/device type, approximate location derived from IP
  • Payment data: Handled entirely by our payment processor — we never see or store card numbers. We retain customer IDs and subscription metadata.
  • AI inputs and outputs: Your business context and concerns text sent to our AI provider, plus the generated intelligence returned, are stored on our database so you can review past briefs.
  • Audit logs: Authentication events (login, logout, password change), administrative actions, and billing changes are logged for security and dispute resolution.

2. How We Use It

  • To provide competitive intelligence reports and email briefs (contract performance)
  • To process payments and manage your subscription (contract performance)
  • To prevent fraud, abuse, and unauthorized access (legitimate interest)
  • To send service-related emails: briefs, billing notices, security alerts, and policy updates (contract performance and legal obligation)
  • To improve the Service through aggregated, anonymized analytics (legitimate interest)

We do not sell your personal information. We do not share your data for cross-context behavioral advertising. We do not use your data for ad targeting.

3. Sub-Processors (Service Providers Who Handle Your Data)

We use the following categories of service providers to operate the Service. Each is a contractually-bound third party who processes data on our behalf and is prohibited from using your data for any purpose other than providing the contracted service to us:

  • AI / large language model provider: Your business context and concerns text are sent to a US-based AI provider to generate intelligence briefs. Our agreement with this provider prohibits them from training their models on your inputs.
  • Payment processor: A US-based payment processor handles all credit card and subscription billing. They receive your billing details directly through their secure form — we never see card numbers.
  • Identity / single-sign-on provider: If you choose to sign in with a third-party identity provider, that provider verifies your identity and shares your email + display name with us. Optional — you can use email/password instead.
  • Business-data lookup API: When you enter a business name and location, we query a third-party places API to validate and enrich the entry. Your search terms are shared with this provider.
  • Product analytics provider: We use a US-based analytics service to understand how users navigate the Service, which may include session replays of how pages are used. Password fields are always masked and never captured, and card / payment details are entered directly into our payment processor's secure form (described above), so they are never visible to the analytics service. Admin pages are excluded from analytics entirely.
  • Bot-challenge / CAPTCHA provider: A challenge widget protects sign-up and demo forms from automated abuse. The provider receives your IP address and browser fingerprint during the challenge.
  • Transactional email providers: Verification, password reset, brief delivery, and billing notices are sent via third-party email-delivery services. These providers process your email address and email content for delivery.
  • Server hosting / infrastructure: Our application runs on dedicated server infrastructure operated by a US-based hosting provider. The hosting provider has physical access to the server but no logical access to application data.
  • Off-site backup storage: Encrypted backups of our database and server files are stored with a US-based object-storage provider. Backups are encrypted before upload — the storage provider does not have access to plaintext data.

A current named list of specific sub-processors is available to enterprise customers on request. We will notify customers in advance when we add or change sub-processors that materially handle personal data. Enterprise customers may request a signed Data Processing Agreement (DPA) at info@myintelbrief.com.

4. International Data Transfers

MyIntelBrief operates from the United States. All of our sub-processors listed above store and process data in the United States. If you are located outside the US (including in the European Economic Area, the United Kingdom, or Switzerland), your data will be transferred to and processed in the United States.

For transfers from the EEA/UK/Switzerland to the US, we and our sub-processors rely on appropriate safeguards including (where applicable) the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework. Specific certifications are documented in our internal sub-processor register, available on request to enterprise customers.

5. Data Retention

We retain personal data only for as long as needed to provide the Service or comply with legal obligations. Specific retention periods:

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion, except where retention is required by law (e.g., billing records).
  • Intelligence briefs and competitor snapshots: Retained 90 days (rolling window) so you can review recent history.
  • AI prompt logs: Inputs and outputs from the AI provider are stored on your account for 90 days. Aggregated, anonymized prompt patterns may be retained longer for service improvement.
  • Authentication and audit logs: Retained for 12 months for security investigation and dispute resolution.
  • Payment and billing records: Retained for 7 years to comply with US tax and financial-recordkeeping law.
  • Backups: Encrypted backups are retained on rolling windows of up to 30 days. After deletion of an account, deleted data may persist in backups until the backup retention window expires.

6. Security

We implement industry-standard security measures including:

  • Passwords hashed with bcrypt (cost factor 13)
  • All web traffic encrypted via TLS 1.3
  • Secure, HttpOnly, SameSite session cookies
  • CSRF protection on all state-changing endpoints
  • IP-based and per-user rate limiting
  • Bot-challenge protection on authentication and signup forms
  • Network-edge DDoS protection
  • Encrypted off-site backups
  • Restricted database access (no public ingress)

7. Breach Notification

If we become aware of a security breach affecting your personal data, we will notify affected users by email and the regulator(s) of competent jurisdiction within 72 hours of discovery, as required by GDPR Article 33. For US users, we will comply with applicable state breach-notification laws (including California Civil Code § 1798.82).

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data — we will respond within 30 days.
  • Correction: Update inaccurate data in Account Settings, or email us for changes you cannot make yourself.
  • Deletion: Delete your account and associated data via the Delete Account button in Account Settings, or by email.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit how we process your data while a dispute is being resolved.
  • Objection: Object to processing based on legitimate interest.
  • Marketing opt-out: Unsubscribe link in every marketing email.
  • Withdraw consent: Where processing is based on consent (e.g., optional analytics), you may withdraw at any time without affecting prior processing.

To exercise any of these rights, email info@myintelbrief.com. We will respond within 30 days. We do not charge a fee for reasonable requests and we do not discriminate against users who exercise their privacy rights.

9. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • The right to know what categories and specific pieces of personal information we collect, the sources, and the purposes (disclosed in Sections 1–3 above).
  • The right to delete personal information (see Section 8).
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information.
  • The right to limit use of sensitive personal information.
  • The right to non-discrimination for exercising privacy rights.

"Do Not Sell or Share My Personal Information": We do not sell or share your personal information for cross-context behavioral advertising. If this ever changes, we will update this policy and provide an opt-out mechanism. To exercise other CCPA rights, email info@myintelbrief.com with the subject "CCPA Request."

10. EU/EEA/UK Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, MyIntelBrief acts as the data controller for your personal data. Our legal bases for processing are identified in Section 2.

You have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your authority at edpb.europa.eu/about-edpb/board/members. For UK residents, contact the Information Commissioner's Office (ICO).

11. Cookies and Tracking

We use the following cookies:

  • Session cookie (essential, first-party): keeps you logged in. Expires when your browser closes or 24 hours of inactivity, whichever comes first.
  • CSRF token cookie (essential, first-party): prevents cross-site request forgery on forms.
  • Language preference cookie (functional, first-party): remembers your selected interface language.
  • Analytics cookies (analytics, third-party): tracks usage patterns. Set when you visit the site.
  • Bot-challenge cookies (security, third-party): challenge state, set only when you encounter a challenge.

We do not use advertising cookies, retargeting pixels, or cross-site tracking cookies.

Do Not Track (DNT): We honor browser DNT signals by disabling analytics for users who send "DNT: 1" headers. Essential cookies (session, CSRF) remain because the site cannot function without them.

12. SMS Communications

By providing your phone number and opting in to receive SMS communications from MyIntelBrief (a service of Rising Vista LLC), you consent to receive text messages regarding your account, service updates, notifications, and (where you have separately opted in) promotional or marketing communications. Message and data rates may apply depending on your mobile carrier and plan. Message frequency varies.

We use your phone number solely for the purposes described at the time of collection and in accordance with this Privacy Policy. We do not share your phone number with third parties for their marketing purposes. SMS opt-in data, including phone numbers and consent records, is never sold, rented, or transferred to outside parties for their own use.

How to opt in: You may opt in via our consent page at myintelbrief.com/IVRconsent, by checking an SMS-opt-in box during account creation, or by replying to a confirmation message we send. Opt-in is voluntary and is not a condition of any purchase.

Opting out: You may opt out of receiving SMS marketing messages at any time by replying STOP to any message you receive from us. After opting out, you will no longer receive marketing text messages, but we may still send you SMS communications related to your transactions, account, security alerts, or other essential service operations where you remain an active customer. Reply HELP to any message for assistance, or contact us at info@myintelbrief.com.

Your responsibilities: You are responsible for notifying us of any changes to your mobile number to ensure proper communication. If you change or deactivate your mobile number, it is your responsibility to update your account information promptly to prevent us from communicating with someone who later acquires your old number.

Consent records: We retain a record of each SMS opt-in event — including the phone number, the exact consent language shown, the date and time, and the originating IP address — for the duration of our messaging relationship with you and for a reasonable period thereafter, as required by carrier compliance regulations (A2P 10DLC) and applicable law.

If you have any questions about our SMS practices, please contact us at info@myintelbrief.com.

13. Children's Privacy

MyIntelBrief is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

14. Whitelabel and Consultant Accounts

Some MyIntelBrief accounts are operated by consultants who manage sub-business accounts on behalf of their clients. If you are a sub-business of a consultant account, your consultant has administrative access to your business data and brief history. We act as a sub-processor for the consultant in this arrangement; the consultant is the controller of their clients' data. Consultants are contractually required to obtain appropriate authorization from their clients.

15. AI Processing Disclosure

The Service uses artificial intelligence (specifically, large language models) to generate competitive intelligence briefs from the data you provide. AI-generated content may contain inaccuracies — you should verify important details independently. We do not use your business data to train third-party AI models, and our agreement with our AI provider prohibits them from training their models on your prompts.

16. Changes to This Policy

We may update this policy from time to time. For material changes (new sub-processor categories, expanded data collection, changes to your rights), we will notify active subscribers by email at least 30 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance.

Prior versions of this policy are available on request.

17. Contact

For questions about this policy, to exercise your rights, or to request a Data Processing Agreement:

  • Email: info@myintelbrief.com
  • Subject line for privacy-specific requests: "Privacy Request" or "GDPR Request" or "CCPA Request"
💬