Indexara
Sign inGet started

Privacy Policy

Last updated: March 4, 2026

1. Introduction

Indexara ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Indexara platform ("Service").

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Name
  • Email address
  • Password (stored as a salted hash; we never store plaintext passwords)
  • Organization name (if applicable)

2.2 Billing Information

Payment processing is handled by Square and PayPal. We do not store credit card numbers, CVVs, or full card details on our servers. These providers may collect payment information in accordance with their privacy policies: Square Privacy Policy, PayPal Privacy Policy.

2.3 Your Content

Documents, files, and data you upload to the Service ("Your Content") are processed for indexing and search. This includes generating text embeddings and search indices. Your Content is stored in isolated, per-organization containers and storage volumes.

2.4 Usage Data

We automatically collect:

  • Search queries and usage counts (for enforcing plan limits)
  • API access logs (IP address, timestamps, endpoints accessed)
  • Browser type, operating system, and device information
  • Pages visited and features used within the Service

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your documents and generate search indices
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmations, billing receipts, security alerts)
  • Enforce usage limits and prevent abuse
  • Respond to support requests
  • Comply with legal obligations

We do not use Your Content to train machine learning models. We do not sell, rent, or share Your Content with third parties.

4. Data Storage and Security

4.1 Where Data Is Stored

Your data is stored on servers located in the United States. Document data is stored in Amazon Web Services (AWS) infrastructure, including S3 for object storage and EFS for container file systems.

4.2 Data Isolation

Each organization's workspace runs in an isolated container with dedicated storage. Your data is not accessible to other organizations or users outside your team.

4.3 Security Measures

  • All data in transit is encrypted using TLS 1.2+
  • Passwords are hashed using bcrypt with individual salts
  • API authentication uses signed JWT tokens
  • Database access is restricted to application services only
  • Regular security updates are applied to all infrastructure

5. Data Retention

  • Active accounts: Your Content and account data are retained for as long as your account is active.
  • Cancelled accounts: Your Content is retained for 30 days after cancellation to allow re-activation, then permanently deleted.
  • Deleted accounts: All associated data is permanently deleted within 30 days.
  • Usage logs: Retained for up to 90 days for operational purposes, then aggregated or deleted.
  • Billing records: Retained as required by applicable tax and accounting laws.

6. Third-Party Services

We use the following third-party services that may process your data:

  • Square — Payment processing
  • PayPal — Payment processing
  • Amazon Web Services (AWS) — Infrastructure hosting, storage, and compute

Each third-party service operates under its own privacy policy. We select partners that maintain appropriate security and privacy standards.

7. AI Processing

The Service uses locally-hosted AI models (sentence-transformers, FAISS) to generate document embeddings and perform semantic search. This processing occurs entirely within our infrastructure. Your Content is not sent to external AI services for processing unless you explicitly use an integration (such as connecting to an AI assistant via MCP), in which case the AI assistant's privacy policy applies to data shared with it.

8. Cookies and Tracking

The Service uses essential cookies for authentication (session tokens). We do not use third-party tracking cookies, advertising cookies, or analytics services that track individual users across websites.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and account.
  • Export: Request an export of Your Content in a portable format.
  • Objection: Object to certain processing of your personal data.

To exercise any of these rights, contact us at support@indexara.ai. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will delete such information promptly.

11. International Data Transfers

If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: