Iriscale
Platform
Chief Marketing AgentSEOGEO · AEO · AIOSocial Media ManagementPaid Ads Management
PricingAbout
Resources
LearnBlog

Privacy Policy

Effective Date: March 18, 2026

1. Introduction

This Privacy Policy explains how Naro Tech LLC, operating as Iriscale (“Iriscale,” “we,” “us,” or “our”), collects, uses, shares, and protects personal data when you use our AI-powered B2B marketing intelligence platform available at iriscale.com (the “Service”). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

This policy applies to all users of the Service, including customers who subscribe to our platform, authorised users within customer organisations, and visitors to our website. Iriscale acts as a data processor on behalf of its customers for customer-uploaded data, and as a data controller for data collected directly from users.

2. Data We Collect

2.1 Information You Provide

  • Account information: name, email address, company name, job title, and billing details when you create an account or subscribe.
  • Customer content: website URLs, marketing copy, keywords, competitor lists, business descriptions, and any other data you upload or input into the platform.
  • Connected account tokens: when you connect third-party accounts (e.g., Google Search Console, social media platforms), we store encrypted access tokens that are scoped to the specific integration and can be revoked by you at any time through your account settings.
  • Communications: messages you send to us via email, in-app chat, or support requests.

Important: The personal data we collect is limited to account information for authorised platform users within customer organisations. Iriscale does not store personally identifiable information belonging to our customers’ end-users or clients.

2.2 Information Collected Automatically

  • Usage data: features accessed, queries submitted to AI agents, frequency and duration of sessions, and interaction patterns.
  • Device and technical data: IP address, browser type, operating system, device identifiers, and referring URLs.
  • Cookies and similar technologies: session cookies, analytics cookies (e.g., Google Analytics), and local storage tokens. See Section 8 for details.

2.3 Information from Third Parties

  • Single sign-on (SSO) providers (e.g., Google) when you choose to authenticate via a third-party service.
  • Payment processors (e.g., Stripe) for billing verification. We do not store full payment card numbers.

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing the Service: running AI agents for marketing strategy, keyword research, competitor analysis, and content generation.
  • Account management: creating and maintaining your account, processing payments, and communicating about your subscription.
  • Improvement and development: analysing aggregate usage patterns to improve features, fix bugs, and develop new capabilities.
  • Security: detecting and preventing fraud, abuse, and unauthorised access.
  • Legal compliance: meeting our obligations under applicable laws and regulations.
  • Communications: sending transactional emails, service updates, and (with your consent) marketing communications.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing, we rely on the following:

  • Contract performance (Art. 6(1)(b)): processing necessary to deliver the Service under your subscription agreement.
  • Legitimate interests (Art. 6(1)(f)): improving the Service, ensuring security, and conducting analytics, where these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): where you have opted in to marketing communications or non-essential cookies.
  • Legal obligation (Art. 6(1)©): where we are required to retain data for tax, accounting, or regulatory purposes.

5. AI Processing and Data Sharing

The Service uses a combination of proprietary models and algorithms, as well as third-party AI model providers, to deliver its AI-powered features. Your Customer Content is primarily processed by our own systems. Where a task requires a third-party AI model, our agents may transmit the minimum data necessary to that provider to perform the requested task.

  • Data sent to third-party AI providers is limited to relevant excerpts needed for the specific task.
  • Our agreements with these providers prohibit them from using your data to train their models.
  • All transmissions to third-party providers occur over encrypted connections (TLS 1.2+) and are not stored by these providers beyond the duration needed to process the request, subject to their data-processing agreements.
  • Processing performed by our proprietary models and algorithms does not transmit your data to any third party.

A list of third-party sub-processors, including AI model providers, is maintained in Schedule 1 of the Data Processing Addendum in our Terms of Service. We may add or change sub-processors from time to time, and will notify customers at least 30 days in advance of engaging a new sub-processor that processes personal data.

6. Other Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Service providers: cloud hosting (e.g., AWS), payment processing (e.g., Stripe), analytics (e.g., Google Analytics, PostHog), and customer support tools, each bound by data-processing agreements.
  • Legal requirements: when required by law, regulation, legal process, or enforceable governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With your consent: where you explicitly authorise sharing with a third party.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Active accounts: data is retained for the duration of your subscription.
  • Account closure: after you request account deletion, we maintain a 90-day recovery window during which you may reactivate your account. After this window, personal data is purged within 30 days.
  • Financial records: billing and transaction records are retained for 7 years to comply with tax and accounting obligations.
  • Aggregated/anonymised data: may be retained indefinitely for analytics and product improvement.

8. Cookies and Tracking Technologies

We use the following categories of cookies:

  • Strictly necessary: session management and authentication. These cannot be disabled.
  • Analytics: understanding how users interact with the Service (e.g., Google Analytics). You can opt out via your browser or our cookie banner.
  • Functional: remembering your preferences and settings.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings or our cookie consent tool.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and multi-factor authentication for internal systems.
  • Regular security assessments and vulnerability scanning.
  • Incident response procedures with notification within 72 hours as required by GDPR.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data, subject to legal retention requirements.
  • Restriction: request that we limit processing of your data in certain circumstances.
  • Portability: receive your data in a structured, commonly used, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@iriscale.com. We will respond within 30 days (or as required by applicable law).

10.1 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with the following additional rights:

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions permitted by law.
  • Right to opt out of sale or sharing: Iriscale does not sell personal information and does not share personal information for cross-context behavioural advertising purposes.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, contact us at support@iriscale.com. We will verify your identity before processing your request and respond within 45 days as required by California law.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and countries where our AI model providers operate. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised transfer mechanisms.

12. Children’s Privacy

The Service is designed for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Naro Tech LLC (operating as Iriscale) Email: support@iriscale.com Website: iriscale.com

Supervisory authority: If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.