Privacy Policy

• We collect the information you give us when you sign up + use the Service (account details, client data, documents, website content).
• We don't sell your data. We don't use it to train AI models.
• We share data only with the vendors we need to run the Service (listed below).
• You can export or delete your data at any time.
• Questions? hi@instantclient.ai.

Instant Client is operated by Squiggly Labs Pty Ltd (“we”), an Australian company. We're the data controller for the information you give us when you create an account.

• Account info: name, email, password hash, sign-in timestamps.
• Workspace data: clients, leads, documents, fee presets, website content, brand kit, custom fields, images you upload.
• Billing info: handled by Stripe — we never see your full card number. We do receive your Stripe customer ID and the metadata on your subscription.
• Usage info: basic logs (IP, browser, what you clicked) for security + product analytics.
• AI prompts: when you use the chat or AI tool calls, your prompts + relevant context (e.g. the client record you're scoped to) are sent to our AI provider (currently OpenAI) so it can respond.

• To run the Service — show you your data, send emails you've triggered, run AI features.
• To bill you, if you're on a paid plan.
• To send service-related emails (verification, password reset, important account notices).
• To improve the Service (aggregated, non-identifying usage analysis).
• To meet our legal obligations.

We do not sell your data, share it with advertisers, or allow our AI providers to train their models on your content.

• Convex — primary database for your workspace data.
• Neon (Postgres) — stores authentication records (user, session, password hash).
• Vercel — hosts the web app + serves static assets.
• Resend — sends transactional emails (verification, reset, automations).
• Stripe — payment processing + customer portal.
• OpenAI — powers the AI assistant. OpenAI's data-usage policy applies; we use API access (no training on inputs).

Each vendor has its own privacy practices. We've picked them carefully — but please review their policies if you're subject to specific compliance requirements.

Your workspace data is stored on infrastructure in the Asia-Pacific region. Some processing (Stripe, OpenAI) may happen in the United States. If you're in the EU/UK, cross-border transfers are covered by Standard Contractual Clauses with the relevant vendors.

We keep your data for as long as your account is active. If you cancel, your data is available for export for 30 days, then deleted. Backups are purged within 30 days of the same.

We keep limited records (e.g. invoices, security logs) for as long as we're required to by Australian law.

You can:

• Access + export your data via the API or by emailing us.
• Correct inaccurate data via the in-app editor.
• Delete your data by closing your account.
• Object to certain processing (e.g. marketing — but we don't do marketing emails by default).

If you're in the EU/UK, the GDPR gives you these rights formally. Australian users have similar rights under the Australian Privacy Act.

We use a single first-party cookie to keep you signed in (better-auth.session_token). We don't run third-party advertising trackers or analytics that identify you.

We may update this policy as the Service evolves. Material changes will be flagged in-app or by email. The “Last updated” date at the top tells you when this version took effect.

Questions: hi@instantclient.ai.

Unhappy with how we've handled your data? You can complain to the Office of the Australian Information Commissioner (oaic.gov.au).