Skip to content
RateMyInternship
Review

Privacy Policy

Last updated: June 16, 2026

This policy explains what personal data InsightIntern ("we", "us") collects, why, how long we keep it, and the rights you have under the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar laws. By using the site you agree to this policy.

1. Data we collect

  • Account data: email, hashed password (or OAuth identifier), display name.
  • Review content: text, ratings, role, season, school, location you choose to submit. Reviews are displayed without your name.
  • Employer data: work email, company affiliation, billing details (processed by Stripe — we never see card numbers).
  • Technical data: IP address, browser type, pages visited, used only to operate and secure the service.
  • Cookies: a single first-party session cookie for authentication. We do not use third-party advertising or tracking cookies.

2. Why we use it (GDPR lawful bases)

  • Contract (Art. 6(1)(b)): to create your account, accept reviews, deliver employer subscriptions.
  • Legitimate interests (Art. 6(1)(f)): to prevent fraud, abuse and fake reviews, and to secure the platform.
  • Legal obligation (Art. 6(1)(c)): to keep tax/billing records and respond to lawful requests.
  • Consent (Art. 6(1)(a)): for any optional product emails — you can withdraw at any time.

3. Who we share it with

We share data only with processors who help us run the service, under written agreements:

  • Supabase (Lovable Cloud) — database & authentication hosting.
  • Stripe, Inc. — payment processing for employer subscriptions.
  • Cloudflare — content delivery & DDoS protection.

We do not sell personal information and we do not share it for cross-context behavioral advertising (CCPA/CPRA). We will disclose information when required by valid legal process.

4. International transfers

Data may be processed in the United States and the European Union. Transfers from the EEA/UK rely on the European Commission's Standard Contractual Clauses with our processors.

5. Retention

  • Account data: until you delete your account.
  • Reviews: kept while the company page exists; you can request removal of your own reviews at any time.
  • Billing records: 7 years (tax law).
  • Server logs: 30 days.

6. Your rights

Subject to local law, you have the right to access, correct, delete, restrict, port, or object to processing of your data, and to withdraw consent at any time. California residents additionally have the right to know, delete, correct, and to opt out of "sale" or "sharing" (we do neither). Send requests to privacy@insightintern.com. You also have the right to complain to your local supervisory authority (e.g. your national DPA, ICO in the UK, CNIL in France).

7. Children

The service is intended for users aged 16 and over. We do not knowingly collect personal data from children under 13 (COPPA) or under 16 (GDPR Art. 8). If you believe a child has provided us data, contact us and we will delete it.

8. Security

We use industry-standard encryption in transit (TLS), encryption at rest, row-level security on our database, and least-privilege access controls. No system is perfectly secure; we will notify affected users of any breach as required by law.

9. Changes

Material changes will be announced on the site at least 14 days before taking effect.

10. Contact / Data Controller

InsightIntern — privacy@insightintern.com.