Privacy Policy

Insightek (Suzhou Insightek Technology Co., Ltd.) is a B2B industrial AI company building visual inspection and action compliance AI agents for manufacturing customers. This Privacy Policy explains how we handle personal data in connection with our website, our sales and support processes, and — where applicable — our deployed products.

This policy applies to: (a) visitors to insightek.ai and its subdomains; (b) individuals who submit inquiries or request demos through our contact forms; (c) authorized personnel at customer organizations who interact with our deployed products; and (d) recipients of our business communications.

This policy does not apply to the industrial imagery or operational data that our products process on behalf of customer organizations — that data is governed by the master services agreement (MSA) or data processing agreement (DPA) between Insightek and the customer.

Effective date of this version: 2026-04-08.

We collect only the data we need to respond to inquiries, deliver our services, and meet legal obligations. The table below summarizes the categories of personal data we process and why.

We do not purchase marketing lists, and we do not enrich contact records through third-party data brokers.

Sales and pre-sales engagement. When you request a demo, download a datasheet, or submit a contact form, we use your business contact details to respond, to schedule meetings, and to send relevant follow-up materials related to your stated interest.

Service delivery and support. During proof of concept (POC) and production deployments, we use the contact information of authorized customer personnel to coordinate installation, training, troubleshooting, and support.

Product improvement. Aggregated and anonymized operational metrics may be used to improve model performance and product quality. Raw customer imagery and operational data is never used for model training without explicit written consent from the customer organization under a separate data agreement.

Legal compliance. We process data as needed to comply with applicable laws, respond to lawful requests from public authorities, and protect our legal rights.

We do not sell personal data. We share personal data only with a small set of vetted sub-processors required to deliver our services, and only to the extent necessary for that purpose. Our current sub-processor categories include cloud hosting and content delivery, transactional email delivery, business communications and calendaring, and customer relationship management.

A current list of named sub-processors is available on request under NDA. Enterprise customers subject to GDPR, PIPL, or similar regimes will receive a specific sub-processor schedule in their data processing agreement, and will be notified of material changes in advance.

We may also disclose personal data if required to do so by law, to enforce our agreements, or to protect the rights, property, or safety of Insightek, our customers, or the public.

We retain personal data only for as long as is necessary for the purposes for which it was collected. Specific default retention windows: website analytics and server logs — up to 12 months; inbound inquiries that do not progress into a commercial relationship — up to 24 months; commercial contacts and account records for active customers — duration of the commercial relationship plus 6 years to meet statutory recordkeeping requirements; communications archived under a specific legal hold — until the hold is released.

Customer operational data (images, detections, logs generated by our deployed products) is governed by the customer MSA or DPA and is typically retained on customer infrastructure under customer control.

When retention expires, we delete, anonymize, or archive the data under controlled access consistent with the purpose that required archiving.

Depending on where you reside, you may have the following rights regarding your personal data: the right to access the data we hold about you; the right to correct inaccurate or incomplete data; the right to request deletion, subject to legal retention requirements; the right to data portability for data you provided directly; the right to object to or restrict certain processing; the right to withdraw consent where processing relies on consent; and the right to lodge a complaint with your local supervisory authority.

Under GDPR (European Union / United Kingdom), you may contact us or your local data protection authority. Under PIPL (People's Republic of China), you may contact us to exercise equivalent rights as defined by the law.

To exercise any of these rights, please email us at the contact address below. We will respond within the legally required timeframe (typically 30 days) and may ask for reasonable information to verify your identity before fulfilling the request.

Our website currently does not set tracking cookies, does not load third-party marketing pixels, and does not use third-party analytics that identify individual visitors. We use only strictly necessary cookies required for basic site functionality (such as language preference).

If we introduce analytics or marketing cookies in the future, we will deploy a consent management platform (CMP) consistent with GDPR and PIPL requirements, update this policy, and make the updated version available before the change takes effect.

Insightek is headquartered in Suzhou, China. Depending on the customer and engagement, personal data may be processed in the People's Republic of China and in other jurisdictions where our sub-processors operate.

Where we transfer personal data across borders, we rely on lawful transfer mechanisms such as standard contractual clauses, customer consent, or contractual safeguards as required by applicable law. Enterprise customers with specific cross-border requirements should request a DPA that documents the transfer mechanism for their engagement.

Insightek is a B2B company. Our website, products, and services are directed at businesses and their authorized personnel, not at children. We do not knowingly collect personal data from individuals under the age of 16. If you believe that we have inadvertently collected such data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. When we make material changes, we will update the effective date at the top of this document and, where appropriate, provide additional notice (for example, a prominent notice on the website or a direct email to active customers).

We encourage you to review this policy periodically. Your continued use of our website or services after an update constitutes acknowledgment of the updated policy, subject to your rights under applicable law.

If you have questions about this Privacy Policy, wish to exercise any of the rights described above, or would like to request a data processing agreement, please contact our Data Protection Officer at the email address below. We aim to respond to all inquiries within 10 business days.