Privacy Policy

Last updated: 5 March 2026

This Privacy Policy explains how InnTelligence B.V. (trading as InnConnect) collects, uses, stores, and protects personal data when you use our services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable Dutch and European legislation.

1. Who We Are

InnConnect is a service provided by InnTelligence B.V., registered in the Netherlands (KvK: 94901708, BTW: NL866930450B01), located at M.A. Reinaldaweg 2D, 3446 CB Woerden. We provide AI-powered customer support chatbot software as a service (SaaS) to businesses.

2. What Data We Collect

Account Information

When you register for or administer an InnConnect account, we collect:

  • Name and email address
  • Organisation name
  • Password (stored encrypted)
  • Billing information (processed by our payment provider)

Chat & Conversation Data

When end users interact with a chatbot powered by InnConnect, we process:

  • Chat messages and conversation history
  • Session identifiers and timestamps
  • Optional: name or email if provided voluntarily by the end user

Usage & Technical Data

We automatically collect:

  • IP address (anonymised for analytics)
  • Browser type and device information
  • Pages visited and feature usage within the admin portal

3. Why We Process Your Data

We process personal data for the following purposes and legal bases:

  • Service delivery — to operate the chatbot, admin portal, and knowledge base (legal basis: contract performance)
  • Account management — to authenticate users and manage subscriptions (legal basis: contract performance)
  • Improvement — to analyse usage patterns and improve our service (legal basis: legitimate interest)
  • Security — to detect and prevent abuse, fraud, and security incidents (legal basis: legitimate interest)
  • Legal obligations — to comply with tax, accounting, and other legal requirements (legal basis: legal obligation)

4. AI Processing & Transparency

InnConnect uses artificial intelligence (AI) to generate chatbot responses. In accordance with the EU AI Act, we inform you that:

Chat messages are sent to our AI provider (Mistral AI) for response generation. This provider:

  • Process data under strict data processing agreements
  • Do not use your data to train their models (where contractually guaranteed)
  • Are selected for their GDPR compliance and security standards

AI-generated responses are clearly delivered through our chatbot widget. The knowledge base content provided by our customers shapes the responses — InnConnect does not autonomously create or publish content without human oversight.

5. Data Storage & Security

We take the security of your data seriously and implement appropriate technical and organisational measures:

  • All data is hosted on servers within the European Union (Netherlands)
  • Data is encrypted in transit (TLS 1.2+) and at rest
  • Each tenant's data is logically isolated in separate databases
  • Access to production systems is restricted and logged
  • Regular security audits and vulnerability assessments are performed

6. Third-Party Processors

We share personal data with the following categories of processors, each under a data processing agreement (DPA):

  • AI provider — Mistral AI (chat response generation)
  • Payment processor — Pay.nl (payment handling)
  • Hosting provider — TransIP (infrastructure, EU-based)
  • Email service — TransIP SMTP (transactional emails)

A Data Processing Agreement (DPA) is available upon request for customers who need to assess our processing activities under their own GDPR obligations.

7. Cookies

InnConnect uses a minimal number of cookies:

  • Functional cookies — required for login sessions, CSRF protection, and language preferences. These are strictly necessary and do not require consent.
  • Analytics cookies — used only when you accept them via our cookie banner. These help us understand how visitors use our website.

You can manage your cookie preferences at any time through your browser settings or by using the cookie banner on our website.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of your personal data
  • Right to rectification (Art. 16) — correct inaccurate personal data
  • Right to erasure (Art. 17) — request deletion of your personal data
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to restriction (Art. 18) — request that we limit processing of your data

To exercise any of these rights, contact us at privacy@innconnect.io. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9. Data Retention

We retain personal data only for as long as necessary:

  • Account data — retained for the duration of your subscription, plus 30 days after termination for data export
  • Chat conversation data — retained according to the tenant's configured retention policy (default: 12 months)
  • Billing records — retained for 7 years as required by Dutch tax law

10. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us:

InnTelligence B.V.
M.A. Reinaldaweg 2D
3446 CB Woerden
The Netherlands

Email: privacy@innconnect.io
KvK: 94901708
BTW: NL866930450B01