Policy Document

Privacy Policy

Last updated: February 2026

InsideScoop LLC, a Kentucky limited liability company

At InsideScoop, privacy is the foundation of everything we build. We understand that sharing workplace experiences requires trust, and we take that responsibility seriously. As a whistleblower and workplace intelligence platform, we hold ourselves to the highest standard of data protection. This policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information

Email address — Used for authentication and account recovery

Pseudonym — Your anonymous display name

Authentication data — OAuth tokens from Google/GitHub (we don't store passwords)

User-Generated Content

• Reviews and ratings you submit
• Discussion posts and replies
• Votes and reactions

Technical Information

• Browser type and version
• General geographic region
• Device type (mobile/desktop)
• Usage patterns

2. What We Don't Collect

✗Real name

✗Precise location

✗Employment verification

✗Government IDs

✗Payment info

3. How We Use Your Data

Platform Operation

To provide our services, authenticate users, and display reviews and discussions.

Analytics

To understand usage patterns and improve the platform. Analytics are anonymized and aggregated.

Content Moderation

To enforce community guidelines and remove harmful content.

4. Cookies & Local Storage

We do not use cookies for advertising or cross-site tracking.

Session Cookies (NextAuth)

Essential for authentication. These cookies keep you logged in and are strictly necessary for platform operation. No consent banner is required because they are not used for tracking.

No Advertising Cookies

We do not use any advertising cookies, analytics tracking cookies, or third-party tracking cookies. There are no pixel trackers, no retargeting, and no cross-site tracking of any kind.

Local Storage

We use your browser's local storage to save UI preferences such as theme settings and keyboard shortcut configurations. This data never leaves your device.

5. Data Sharing

We do not sell your data.

Limited sharing circumstances:

Legal requirements — If required by valid legal process

Safety — To prevent imminent harm to users or others

Service providers — With trusted partners under strict confidentiality (see Section 6)

6. Third-Party Services

We rely on a limited set of trusted third-party services. Here is exactly what each receives:

Supabase

Purpose: Database hosting (PostgreSQL). All user data is stored here.

Data received: All account and content data.

supabase.com/privacy

Stripe

Purpose: Payment processing for Pro subscriptions.

Data received: Email address and payment details.

InsideScoop never sees or stores your credit card numbers. All payment data is handled directly by Stripe.

stripe.com/privacy

Anthropic (Claude AI)

Purpose: Powers content moderation and “The Analyst” intelligence feature.

Data received: Review text may be processed for moderation. Intelligence queries are processed by AI.

anthropic.com/privacy

Google / GitHub

Purpose: OAuth authentication only.

Data received: We receive your email address from them. They do not receive any information about your InsideScoop activity.

Stadia Maps / MapLibre

Purpose: Map tile rendering for geographic features.

Data received: Your IP address is visible to tile servers during map requests. No user data is shared.

7. Automated Processing & AI Disclosure

InsideScoop uses artificial intelligence in the following areas:

Content Moderation

AI flags reviews and posts that may violate community guidelines for review.

Corruption & Ethics Scores

Generated from public government data and aggregated anonymous reviews. These scores reflect statistical analysis of public records — they are not verified investigations.

“The Analyst” Intelligence Queries

User queries to The Analyst are processed by AI to generate intelligence reports and insights.

Company Matching

AI assists in matching user-submitted companies to existing database records.

Human review available: Users can contact [email protected] to request human review of any AI-moderated decision.

No data retention by AI: Our AI processors do not retain user data beyond the immediate processing request.

8. Data Retention

Active

Account Data

Retained while your account is active.

30 days

After Account Deletion

Personally identifiable data is purged within 30 days. Anonymous reviews remain on the platform as they contain no personally identifiable information.

90 days

IP Address Hashes

Retained for security purposes, then permanently purged.

24 hrs

Rate Limiting Logs

Retained for 24 hours to prevent abuse, then automatically purged.

2 years

Audit Logs

Retained for legal compliance purposes.

Varies

Stripe Billing Data

Retained per Stripe's own policies and applicable tax requirements.

9. Your Rights

Access— Request a copy of your data

Correction— Update your information

Deletion— Request account removal

Portability— Export in machine-readable format

10. Data Breach Notification

For a whistleblower platform, we treat breach response with the highest urgency given the sensitive nature of our users' participation.

In the event of a data breach affecting user data, InsideScoop will:

Notify Affected Users Within 72 Hours

All users whose data may have been affected will be notified within 72 hours of discovery.

Notify Relevant Authorities

We will notify regulatory and law enforcement authorities as required by applicable law.

Full Disclosure & Remediation

We will provide details of what data was affected and the steps being taken to remediate the breach.

11. California Residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act:

Right to Know

You have the right to know what personal data we collect about you. See Section 1 for full details.

Right to Delete

You can delete your account at any time from Settings. See Section 8 for data retention details.

Right to Opt-Out of Sale

We do not sell personal information. Period.

Right to Non-Discrimination

We will not treat you differently for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at [email protected]

12. International Users & GDPR

Legal Basis

We process personal data under legitimate interest (providing the platform) and consent (where applicable).

International Transfers

Your data is stored and processed in the United States. By using InsideScoop, you consent to this transfer. We rely on Standard Contractual Clauses where required.

EU/EEA Rights

In addition to the rights listed in Section 9, EU/EEA residents may: request restriction of processing, object to processing, lodge a complaint with their local data protection authority, and request data portability.

Data Protection Contact

For GDPR-related inquiries, contact [email protected]

Children's Privacy

InsideScoop is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.

13. Contact Us

For privacy-related questions or to exercise your rights:

Entity: InsideScoop LLC, a Kentucky limited liability company

Email: [email protected]

Mailing Address: #1101 1680 Campbell Ln STE 109, Bowling Green, KY 42104, United States

We may update this privacy policy from time to time. We will notify users of any material changes by posting the new policy on this page and updating the “Last updated” date.