This Privacy Policy explains how Integer Software LLC (doing business as "Integer") ("Integer," "we," "us," or "our"), a Delaware limited liability company qualified to do business in New York, collects, uses, discloses, and protects personal information in connection with our reviewer-management and AI-assisted response platform, including our dashboard web application, mobile applications, command-line interface (CLI), Model Context Protocol (MCP) server, APIs, and related services (collectively, the "Service").
About our role. Integer offers the Service primarily to business customers ("Customers"). When a Customer uses the Service to manage reviews about its business or to send AI-assisted responses, Integer acts as a service provider under the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA") and as a processor under the EU General Data Protection Regulation ("GDPR") and UK GDPR. The Customer is the "business" / "controller" of that personal information and is responsible for the lawfulness of the underlying processing. When you visit our marketing site, sign up for an account, or contact us directly, Integer acts as a controller of your personal information and this Policy applies in full.
1. Scope
This Policy applies to personal information processed by Integer in connection with:
- The Integer dashboard and marketing site at https://www.withinteger.com;
- The Integer mobile applications for iOS and Android;
- The Integer CLI and SDKs;
- The Integer MCP server and APIs; and
- Sales, support, marketing, and security operations.
This Policy does not apply to: (a) third-party review platforms or other third-party services that a Customer connects to the Service; (b) the websites or applications of our Customers; or (c) any data processed solely on behalf of a Customer under a Data Processing Addendum ("DPA"), which is governed by that DPA and the Customer's own privacy notice.
2. Personal information we collect
a. Account and identity information. Name, work email, employer/organization name, role, password (hashed), and authentication identifiers.
b. Billing information. Billing contact, tax ID, billing address, and payment method metadata. Card numbers are processed by our payment processor and are not stored by Integer.
c. Customer Content. Information Customers (or their authorized users) upload, generate, or transmit through the Service, including: reviews and review metadata imported from connected review platforms; reviewer names, screen names, and other reviewer-supplied data; business and property information; prompts, instructions, and AI-generated draft responses; CLI/MCP usage logs tied to a Customer's tenancy.
d. Usage and device information. Log data, IP address, device identifiers, browser type, operating system, mobile advertising identifiers (only with consent where required), referring URLs, pages or screens viewed, feature usage, crash data, and approximate location derived from IP.
e. Cookies and similar technologies. See our Cookie Notice for the categories, purposes, and your choices.
f. Communications. Messages you send to support, sales, or security; survey responses; and call recordings where lawfully disclosed.
g. Information from third parties. Identity providers (e.g., SSO), connected review platforms (with Customer authorization), enrichment vendors, and fraud-prevention partners.
We do not intentionally collect special categories of personal data (e.g., health, biometric, precise geolocation) and ask Customers not to upload such data to the Service.
Categories collected, purposes, and recipients (CCPA/CPRA summary)
| Category of Personal Information (Cal. Civ. Code §1798.140) | Examples Integer collects | Business or commercial purpose | Categories of recipients |
|---|---|---|---|
| Identifiers | Name, work email, IP address, account ID | Provide Service, authenticate, security | Subprocessors, Customer admins, authorities as required |
| Customer records (§1798.80(e)) | Name, billing contact, payment metadata | Billing, account management | Payment processor, accounting/tax advisors |
| Commercial information | Subscription, plan, usage | Billing, analytics | Subprocessors |
| Internet/network activity | Log data, device data, feature usage | Operate Service, security, analytics | Subprocessors |
| Geolocation (approximate, IP-derived) | Coarse city/region | Security, analytics | Subprocessors |
| Inferences | Usage patterns, preference settings | Improve Service | Internal |
| Professional/employment | Employer, role | Provide Service, account context | Internal |
Integer does not intentionally collect Sensitive Personal Information as defined by §1798.140(ae). Integer has not Sold or Shared Personal Information in the preceding 12 months as those terms are defined under CCPA/CPRA.
3. Sources of personal information
We collect personal information directly from you, automatically through your use of the Service, from our Customers (when you are an end user, reviewer, or recipient of an AI-assisted response), and from third parties such as identity providers, integration partners, and publicly available sources.
4. How we use personal information
We use personal information for the following purposes:
- Provide and operate the Service, including authenticating users, syncing reviews from connected platforms, and generating AI-assisted draft responses.
- Bill and account-manage, including invoicing, tax reporting, and dunning.
- Support and communicate, including responding to inquiries and sending administrative messages.
- Improve the Service, including diagnosing errors, measuring performance, and developing new features. Integer does not use Customer Content to train our own foundation models or to train any third-party model in a way that benefits other Customers. Aggregated and de-identified data may be used for analytics and product improvement.
- Secure the Service, including fraud prevention, abuse monitoring, and incident response.
- Marketing, including newsletters and product updates, subject to your preferences and applicable law.
- Legal and compliance, including responding to lawful requests, enforcing our Terms, and meeting obligations under SOC 2, GDPR, CCPA/CPRA, and other frameworks.
Legal bases (EEA/UK)
Where GDPR or UK GDPR applies, we rely on the following legal bases: (i) performance of a contract (Art. 6(1)(b)) for account, billing, and core Service delivery; (ii) legitimate interests (Art. 6(1)(f)) for security, abuse prevention, analytics, and improving the Service, balanced against your rights; (iii) consent (Art. 6(1)(a)) for optional cookies and certain marketing; and (iv) legal obligation (Art. 6(1)(c)) for tax, accounting, and lawful-request compliance.
5. AI processing and disclosures
Integer uses large language models and other machine-learning systems to generate draft responses, suggestions, summaries, and similar outputs ("AI Output").
- AI Output is probabilistic and may be inaccurate, incomplete, or unsuitable. Customers and authorized users are responsible for reviewing AI Output before publishing or sending it.
- We use third-party model providers (Anthropic, OpenAI, and Google) under terms that prohibit those providers from training on Customer Content submitted through Integer.
- Integer does not sell or share personal information for cross-context behavioral advertising, and does not use sensitive personal information for purposes other than those permitted under CPRA §7027(m).
- Integer does not engage in automated decision-making that produces legal or similarly significant effects on individuals as defined under GDPR Art. 22. Customers who deploy automated decisions through the Service are responsible for compliance with Art. 22 and equivalent law.
- AI disclosure tooling. Integer provides tooling for Customers to disclose to recipients that responses are AI-generated or AI-assisted. Customers are responsible for enabling such disclosures where required by law, including the California Bolstering Online Transparency Act (Cal. Bus. & Prof. Code §17940 et seq.), Article 50 of the EU AI Act (Regulation (EU) 2024/1689), the Utah AI Policy Act, and similar transparency laws.
- Not a "high-risk AI system." Integer does not market the Service for use in consequential decisions affecting employment, education, lending, housing, insurance, healthcare, government benefits, or similar categories regulated as "high-risk AI" under the Colorado AI Act (SB 24-205), the EU AI Act, or analogous laws. Customers who repurpose the Service for such decisions are solely responsible for compliance.
6. How we disclose personal information
We disclose personal information to:
- Subprocessors and service providers under written contracts that restrict use to providing services to Integer. As of the effective date, our principal Subprocessors processing personal information in production are: Clerk (authentication and identity), Railway (application hosting and runtime), Cloudflare (DNS, CDN, edge security, and R2 object storage), Temporal Cloud (workflow orchestration), and PostHog (product analytics, feature flags, error tracking, and mobile session replay). We separately engage Google (Google OAuth via Clerk, Google Play, and Google Fonts) and Apple (Sign in with Apple and App Store / TestFlight distribution) as platform providers. AI model providers (Anthropic, OpenAI, and Google) will be added when used to process Customer Content in production. Our current Subprocessor list is available at /subprocessors and is updated when changes occur.
- Customers, when you are an authorized user of a Customer's tenancy (e.g., your administrator can see your account and activity).
- Professional advisors, including auditors, lawyers, and accountants.
- Authorities, where required by law, subpoena, court order, or to protect rights, safety, or property.
- Corporate transactions, in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality.
In the preceding 12 months we have not "sold" personal information and have not "shared" personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. We do not knowingly collect or sell the personal information of consumers under 16.
7. International data transfers
Integer is based in the United States and processes personal information in the United States and in regions where our cloud providers operate. Where we transfer personal information from the EEA, UK, or Switzerland to a country not deemed adequate, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum or UK IDTA, as applicable), supplementary measures including encryption in transit and at rest, and our DPA. A copy of our SCCs and DPA is available on request at [email protected].
8. Retention
We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention windows:
- Account records: for the life of the account, plus up to 90 days after termination, then deleted or de-identified.
- Customer Content: per the Customer's instructions and DPA; deleted within 30 days of the end of the subscription unless legal hold applies.
- Billing records: seven (7) years for tax/accounting.
- Security logs: up to 13 months.
- Backups: purged on a rolling cycle not to exceed 35 days after primary deletion.
9. Your privacy rights
a. All users
You may contact us at [email protected] to ask about your personal information, update your account, or unsubscribe from marketing.
b. California residents (CCPA/CPRA)
You have the right to: (i) know what personal information we have collected, used, disclosed, or sold/shared; (ii) delete personal information, subject to exceptions; (iii) correct inaccurate personal information; (iv) opt out of sale/sharing of personal information (we do not sell or share, but the link below is provided in any case); (v) limit use of sensitive personal information; and (vi) be free from retaliation for exercising these rights.
Submit a request to [email protected]. We will verify your identity using account credentials or, for non-account holders, by matching identifying details against our records. You may use an authorized agent with written permission. We respond within 45 days (extendable by 45 days where permitted). Do Not Sell or Share My Personal Information.
California "Shine the Light" (Cal. Civ. Code §1798.83). California residents may request information about Personal Information Integer has disclosed to third parties for those third parties' direct-marketing purposes during the preceding calendar year. Integer does not currently disclose Personal Information to third parties for those third parties' direct marketing. To submit a Shine the Light request, email [email protected] with the subject line "California Shine the Light Request."
c. EEA / UK / Swiss residents (GDPR / UK GDPR)
You have the right to access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time without affecting prior processing. Where Integer acts as a processor, please direct rights requests to the Customer who controls your data; we will assist that Customer in responding. You may lodge a complaint with your supervisory authority. Integer has not yet appointed an Art. 27 EU representative or UK representative; one will be designated prior to engaging in regular processing in scope of the EU or UK GDPR.
d. Other US states
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights to access, delete, correct, and opt out of targeted advertising, sale, and certain profiling. We honor these rights through the same channels described above.
10. Mobile applications and account deletion
You may export and delete your Integer account and associated personal information at any time:
- Export your data first (recommended): open Settings → Account → Export in the dashboard or mobile app, or email [email protected].
- Delete in the mobile app: Settings → Account → Delete Account.
- Delete on the web: sign in to the dashboard and open Settings → Account → Delete Account.
- Delete by email: [email protected].
Deletion requests are processed within 30 days. Some information may be retained as described in Section 8 (e.g., billing records, legal holds, backup cycles).
Account deletion will: (a) terminate access to the Service for that account; (b) delete authentication credentials, profile data, and content associated with that user; and (c) initiate deletion of associated Customer Content unless retention is required by law or the Customer's separate agreement. If you are a member of a Customer's tenancy, your administrator may continue to retain content you contributed to that tenancy in accordance with the Customer's own policies.
11. Security
Integer maintains administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, least-privilege provisioning, MFA for production access, vulnerability management, code review, secure SDLC, vendor risk review, logging and monitoring, and incident response. We are working toward SOC 2 Type II attestation. No system is perfectly secure, and we cannot guarantee absolute security.
Responsible disclosure. Security researchers may report suspected vulnerabilities to [email protected]. Integer will not pursue legal action against researchers acting in good faith under Integer's published vulnerability disclosure policy.
12. Children
The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.
13. Cookies and tracking
We and our service providers use strictly necessary, functional, analytics, and (where consented) marketing cookies. EEA, UK, and California visitors are presented with a cookie consent banner offering granular choices. We honor Global Privacy Control ("GPC") signals as opt-outs for residents of states that recognize them.
14. Changes to this Policy
We may update this Policy from time to time. We will post the new effective date at the top and, for material changes, provide additional notice (e.g., email or in-app banner). Continued use of the Service after the effective date constitutes acceptance.
15. Contact us
- Email: [email protected]
- Mail: Integer Software LLC, Attn: Privacy, 169 Madison Ave, STE 64131, New York, NY 10016, United States
- EU representative (Art. 27 GDPR): Not currently appointed. Will be designated prior to processing personal data of EU data subjects in scope of GDPR.
- UK representative: Not currently appointed. Will be designated prior to processing personal data of UK data subjects in scope of UK GDPR.