intake.link

Privacy Policy

Last updated: January 2025

1. Introduction

intake.link ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information such as your name, email address, and organization name. We use Clerk for authentication, which may collect additional information as described in their privacy policy.

2.2 Tenant Configuration

We store information you provide to configure your intake forms, including your firm name, branding preferences (colors, logo), form field configurations, and notification settings.

2.3 Intake Submissions

When someone submits an intake form you've created, we collect and store the submission data on your behalf. This may include personal information such as names, contact information, and any other data fields you've configured in your form.

2.4 Usage Data

We automatically collect certain information when you use our Service, including your IP address, browser type, operating system, pages visited, and time spent on pages. We use this data to improve our Service and for analytics purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and deliver intake form submissions
  • Send you notifications about your account and submissions
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Data Storage and Security

We use industry-standard security measures to protect your data. Your data is stored using Upstash Redis, a secure, encrypted database service. We implement appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction of your data.

4.1 Data Retention

  • Intake submissions: Retained for 90 days, then automatically deleted
  • Partial/incomplete submissions: Retained for 30 days
  • Account and tenant data: Retained until you delete your account
  • Audit logs: Retained for 1 year for compliance purposes

You can export your data at any time through the dashboard (Pro and Enterprise plans).

4.2 Audit Logging

We maintain audit logs of access to sensitive data and system actions for security monitoring and compliance purposes. These logs include information about who accessed data, when, and what actions were performed. IP addresses in audit logs are cryptographically hashed to protect privacy while maintaining security visibility.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We use third-party services (such as Clerk for authentication, Vercel for hosting, and Upstash for data storage) that process data on our behalf.
  • Webhooks: If you configure webhooks, submission data will be sent to your specified endpoints.
  • Legal Requirements: We may disclose information if required by law or in response to valid legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: You can access your account information through the dashboard.
  • Correction: You can update your account and form settings at any time.
  • Deletion: You can request deletion of your account by contacting us.
  • Data Portability: Pro and Enterprise users can export submission data.
  • Opt-out: You can opt out of marketing communications at any time.

7. Your Responsibilities as a Form Owner

As a user of intake.link who creates intake forms, you act as a data controller for the personal information collected through your forms. You are responsible for:

  • Obtaining appropriate consent from individuals submitting information
  • Providing your own privacy notice to form submitters
  • Handling submitted data in compliance with applicable privacy laws
  • Responding to data subject requests from individuals who submitted forms

8. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We may use analytics tools to understand how users interact with our Service. You can control cookie preferences through your browser settings.

9. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Subprocessors

We use the following third-party service providers (subprocessors) to help deliver our Service. Each has been vetted for security and privacy practices.

Enterprise customers may request a complete subprocessor list and notification of changes.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at inbox@intake.link.