Privacy Policy

Effective: May 7, 2026

What Instila is

Instila is a knowledge extraction service. You connect your business tools — Slack, Gmail, Zendesk, Notion, GitHub — and Instila reads them to identify candidate skills: structured rules about how your company operates. You validate each one before it enters your skills file.

What we collect

Account data. When you sign up, we collect your work email address and company name via Clerk, our identity provider.

Source excerpts. When you connect an integration, Instila reads your data to find candidate skills. We store only the specific excerpts — the individual messages, sentences, or passages — that served as evidence for each skill. We do not store your full inbox, channel history, ticket queue, or document library. Only evidence survives.

Waitlist data. If you join the waitlist, we store your email address and how you found us (UTM parameters, referrer).

Usage data. Basic logs — pages visited, features used, errors — for debugging and improving the product. We do not sell this data and we do not use it to profile you for advertising.

What we do not collect

  • Full email threads, Slack channel histories, Zendesk ticket bodies, or complete Notion documents beyond the excerpts cited as evidence.
  • Any data from sources you have not explicitly connected.
  • Payment card numbers — billing is handled entirely by Stripe.

How we use your data

  • To provide, operate, and improve the Instila service.
  • To email you about your account, validation queue, or validated skills (subject to a hard cap of one email per day per user).
  • To send you a weekly digest if you opt in.

We do not train AI models on your data — ours, Anthropic's, or anyone else's. We do not sell your data.

Data retention and deletion

  • Disconnect a source → all excerpts and metadata from that source are deleted within 24 hours.
  • Reject a skill → its supporting excerpts are deleted with it immediately.
  • Close your account → all your data is deleted within 30 days.
  • You can request deletion at any time by emailing privacy@instila.net.

Sub-processors we use

  • Clerk — identity and authentication.
  • Supabase — database hosting. Your excerpts are stored here, encrypted at rest with AES-256.
  • Anthropic — the AI that reads your sources and identifies candidate skills. Your data is sent to Anthropic for processing and is governed by Anthropic's API data handling policy, which prohibits training on API inputs.
  • Vercel — application and edge hosting.
  • Resend — transactional email delivery.
  • Stripe — payment processing. Instila never sees or stores your card number.

Security

AES-256 encryption at rest. TLS 1.3 in transit. Full audit log of every data access, extraction run, and skill modification. Per-customer pipeline isolation — one account's data cannot affect another's. We target SOC 2 Type II certification within 12 months of public launch.

Your rights (GDPR & CCPA)

If you're in the EU, UK, or California, you have the right to access, correct, export, or delete your personal data at any time. To exercise any of these rights, email privacy@instila.net. We will respond within 30 days.

Cookies

We use a single session cookie for authentication (set by Clerk). No advertising cookies. No third-party tracking pixels. No cookie consent banner needed because that's the only cookie we set.

Changes to this policy

We will notify you by email before any material change to this policy. The effective date at the top of this page will always reflect the current version.

Contact

Questions or requests: privacy@instila.net
Instila — Toronto, Ontario, Canada