Skip to main content

Privacy Policy

Effective Date: February 1, 2025

This Privacy Policy describes how CDK Insights ("we", "us", "our") collects, uses, and protects your personal data when you use CDK Insights.

Data Controller: CDK Insights, Lee Priest trading as Instance Labs

Address: United Kingdom

Contact: privacy@cdkinsights.dev

  1. What We Collect
    • Name, email, company info (if provided)
    • Payment info (processed securely by Stripe; we do not store your full payment details)
    • Usage logs and activity metadata
    • Limited, transient CDK code (for AI analysis only)
  2. How We Use It
    • Deliver and improve services
    • Authenticate users
    • Process payments
    • Respond to support queries
  3. Third-Party Access
    We only share data with:
    • Payment providers (Stripe, see their Privacy Policy)
    • Infrastructure hosts
    • Legal authorities if required
    We do not sell your data.
  4. AI and Transient Code Processing
    AI features may process snippets of CDK code. These are not stored after the analysis completes unless you choose to save them.
  5. Cookies
    We use cookies for authentication, session management, and analytics. For full details about the cookies we use and how to manage them, please see our Cookie Policy.
  6. Data Retention
    • Accounts: retained until deleted
    • Backups: up to 30 days
    • Billing: retained for legal purposes
  7. Your Rights (GDPR/UK GDPR)
    If you are in the UK or EU, you have the following rights:
    • Access: Request a copy of your personal data
    • Rectification: Correct inaccurate data
    • Erasure: Request deletion of your data ("right to be forgotten")
    • Portability: Receive your data in a machine-readable format
    • Restriction: Request we limit processing of your data
    • Object: Object to processing based on legitimate interests
    • Withdraw consent: Where processing is based on consent

    To exercise any of these rights, contact us at privacy@cdkinsights.dev. We will respond within 30 days.

  8. Legal Basis for Processing (GDPR)
    We process your data under the following legal bases:
    • Contract: To provide our Services to you
    • Legitimate interest: To improve our Services and prevent fraud
    • Legal obligation: To comply with tax and accounting requirements
    • Consent: For marketing communications (you can withdraw anytime)
  9. International Data Transfers
    Your data may be processed outside the UK/EU by our service providers (e.g., AWS, Stripe, AI providers). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
  10. Supervisory Authority
    If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint
  11. Security
    We use TLS, secure credentials, and access controls.
  12. Contact
    Email: support@cdkinsights.dev
Back to HomeArrow Right Icon