Privacy Policy

Effective Date: May 12, 2026
Last Updated: May 12, 2026

IntellPro ("IntellPro," "we," "us," or "our") operates the IntellPro platform and the website at intellpro.com and intellpro.ai (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website, use our Services, or otherwise interact with us.

We provide an AI-powered research management platform for buy-side financial institutions, including hedge funds, asset managers, and private credit funds. Because our clients are subject to financial regulation (including SEC oversight and Regulation S-P), and because we hold SOC 2 certification, we treat information security and privacy as foundational to our business.

This Policy is directed to residents of the United States. The Services are not intended for use by individuals outside the United States, and we do not offer the Services to consumers in the European Economic Area or the United Kingdom.

If you have questions about this Policy, contact us at success@intellpro.com.

1. Scope and Roles

This Policy applies to:

  • Website visitors at intellpro.com, intellpro.ai, and related subdomains
  • Prospects and marketing contacts who receive communications from us
  • Authorized users of the IntellPro platform employed by our client firms
  • Other individuals who interact with us in a business context (e.g., partners, vendors, applicants)

Service provider role. When we process personal information that our client firms upload, sync, or otherwise route through the platform — including content from Microsoft 365 (SharePoint, Exchange/Outlook, Teams), Slack, Bloomberg, and third-party research providers — we act as a service provider to the client under U.S. state privacy laws. The client determines the purposes and means of that processing, and the client's privacy notice governs how the underlying individuals' rights are handled. We process such data only under written instructions in our customer agreements and Data Processing Addendum (DPA).

When we collect information directly from you — for example, through our website, marketing emails, or sales conversations — we act as a business under U.S. state privacy laws, and this Policy governs that processing.

2. Information We Collect

2.1 Information you provide directly

  • Contact and account information: name, business email, employer, job title, phone number, and credentials when you request a demo, sign up for our newsletter, create a platform account, or contact us.
  • Communications: the contents of emails, support tickets, sales conversations, and feedback you send to us.
  • Billing information: for paying customers, billing contacts and payment metadata (we do not store full payment card numbers; card processing is handled by our payment processor).

2.2 Information collected automatically when you visit our website

  • Device and usage data: IP address, browser type and version, operating system, referring/exit pages, pages viewed, timestamps, and approximate location derived from IP.
  • Cookies and similar technologies: see Section 8 below.

2.3 Information collected through use of the platform

When authorized users at a client firm use IntellPro, we process:

  • Authentication data: identifiers from Microsoft Entra ID, OAuth tokens, and session metadata required to authenticate users and read data from connected systems.
  • Client content: documents, emails, chat messages, attachments, research reports, and other content that the client directs the platform to ingest from connected sources (e.g., SharePoint, Exchange, Slack, Teams, Bloomberg, third-party research). This content is processed under the customer agreement and DPA; it is not used for our own marketing or model training.
  • Usage telemetry: queries submitted, MCP tool calls, search results returned, features used, error logs, and performance metrics. We use this to operate, secure, and improve the Services.

2.4 Information from third parties

  • Enrichment and prospecting data: business contact information from data providers used for B2B sales and marketing (e.g., LinkedIn profiles, public company information).
  • Service providers: information from our authentication, hosting, analytics, and email vendors as described in Section 6.

We do not knowingly collect information from children under 16. The Services are not directed to children.

3. How We Use Information

We use information for the following purposes:

  • Providing the Services — operating the platform, indexing and searching client content, returning research results through our hybrid search pipeline, and supporting MCP-based access by client-authorized LLMs (such as Claude).
  • Account administration — provisioning users, managing entitlements, and supporting client tenants.
  • Security and fraud prevention — monitoring for unauthorized access, abuse, and policy violations; maintaining audit trails required by our SOC 2 controls and by client regulatory obligations (including SEC books-and-records and Regulation S-P safeguards).
  • Service improvement — analyzing aggregated, de-identified usage patterns to improve reliability, search quality, and product features. We do not use client content to train foundation models or any model that benefits other customers.
  • Communications — responding to inquiries, sending transactional messages (e.g., security alerts, billing notices), and sending marketing emails to prospects and customers who have not opted out. Marketing emails include an unsubscribe link in every message.
  • Legal and compliance — meeting our legal obligations, enforcing our terms, defending claims, and cooperating with lawful requests from regulators.

4. AI, Automated Processing, and Client Content

IntellPro uses large language models, embeddings, and other machine-learning components to process client content. We want to be explicit about how this works:

  • No model training on client content. We do not use client content to train, fine-tune, or otherwise improve foundation models, whether ours or any third party's. Our processing of client content is limited to indexing, retrieval, summarization, and response generation in service of the client's queries.
  • Third-party AI providers. Some processing involves third-party model providers (e.g., for embeddings or generation). These providers act as our sub-processors under terms that prohibit their use of client content for their own training. A current list of sub-processors is available on request.
  • Tenant isolation. Each client's content is logically isolated. Search indexes, embeddings, and metadata are scoped to the client tenant and are not shared across customers.
  • No solely automated decisions with legal effects. We do not use the Services to make decisions about individuals that produce legal or similarly significant effects without meaningful human involvement.

5. How We Share Information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under U.S. state privacy laws.

We disclose information only as follows:

  • With your or the client's direction — for example, when a client authorizes the platform to surface content to a particular user or to an LLM tool.
  • Service providers / sub-processors — hosting, infrastructure, authentication, search, analytics, communications, and payment processing vendors that are contractually bound to process information only on our behalf and consistent with this Policy.
  • Professional advisors — attorneys, accountants, and auditors bound by confidentiality.
  • Corporate transactions — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and continued protection of the information.
  • Legal and regulatory — when required by law, court order, or to respond to lawful requests from regulators (including the SEC), or where necessary to protect rights, safety, or property. We will notify affected clients to the extent legally permitted.
  • Aggregated or de-identified information — we may share information that cannot reasonably be used to identify any individual.

6. Sub-Processors and Key Vendors

We rely on the following categories of sub-processors. A current list with specific entity names is available to clients on request and is referenced in our DPA:

  • Cloud infrastructure: Amazon Web Services and Microsoft Azure (United States regions).
  • Search and indexing: Elastic Cloud.
  • AI / model providers: providers of embedding, reranking, and language-model APIs used to power search and synthesis.
  • Authentication and identity: Microsoft Entra ID and the client's identity provider.
  • Email and communications: transactional and marketing email providers.
  • Analytics: privacy-respecting product and website analytics.

We notify customers of material sub-processor changes consistent with our DPA.

7. Data Location

We are headquartered in the United States, and information we process is stored and processed in the United States. We do not direct the Services to users outside the United States.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to operate the site, remember preferences, measure traffic, and (where applicable) support marketing. We use:

  • Strictly necessary cookies for site functionality and security.
  • Analytics cookies to understand how visitors use the site.
  • Marketing cookies in limited circumstances and only with consent where required.

You can control cookies through your browser settings and, where applicable, through the cookie banner on our website. We honor recognized opt-out signals (including Global Privacy Control) where required by law.

9. Data Retention

We retain personal information for as long as needed to provide the Services and for the purposes described in this Policy, and then only as long as required to:

  • meet legal, tax, accounting, and regulatory obligations (including SEC and Reg S-P books-and-records expectations of our clients, where we host data on their behalf);
  • enforce our agreements and defend legal claims;
  • maintain reasonable business records, including security and audit logs.

Specific retention periods for client content are set in the applicable customer agreement and DPA. Upon termination, client content is deleted or returned in accordance with those agreements.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and loss. These controls are aligned with our SOC 2 program and include encryption in transit and at rest, role-based access control, least-privilege administrative access, network segmentation, logging and monitoring, secure software development practices, vendor risk management, and incident response procedures.

In the event of a security incident affecting personal information, we will notify affected clients and individuals as required by applicable law and our contractual commitments.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Your Privacy Rights

Depending on the U.S. state in which you reside, you may have rights with respect to your personal information. These can include the rights to:

  • Access the personal information we hold about you, including the categories and specific pieces of information collected
  • Correct inaccurate or incomplete information
  • Delete your personal information, subject to legal exceptions
  • Receive a copy of your information in a portable format
  • Opt out of "sales" or "sharing" — we do not sell or share personal information for cross-context behavioral advertising
  • Opt out of targeted advertising — we do not use personal information for targeted advertising
  • Opt out of profiling that produces legal or similarly significant effects — we do not engage in such profiling
  • Limit the use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right
  • Appeal a denial of a rights request, where applicable under state law
  • Lodge a complaint with your state attorney general or applicable regulator

To exercise these rights, email privacy@intellpro.com. We will verify your request and respond within the timeframes required by applicable law.

If you are an authorized user of a client's IntellPro tenant, please direct rights requests concerning content processed on the client's behalf to that client. We will support our clients in responding to such requests as required by our DPA.

We will not discriminate against you for exercising your privacy rights.

11.1 California-specific disclosures

For California residents under the CCPA/CPRA, in the prior 12 months we have collected the categories of personal information described in Section 2 (identifiers, professional or employment information, internet/network activity, commercial information, and limited inferences). We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We do not knowingly collect or process sensitive personal information for purposes that trigger the right to limit use under the CPRA.

11.2 Authorized agents

You may designate an authorized agent to make a request on your behalf. We may require verification of the agent's authority and of your identity.

11.3 Financial information

Personal information that we process on behalf of a client and that is subject to the Gramm-Leach-Bliley Act or SEC Regulation S-P is governed by the client's privacy notice and by our customer agreement and DPA, and is generally excluded from the scope of the U.S. state consumer privacy laws referenced above.

12. Marketing Communications

We send marketing emails to business contacts who have requested information, attended our events, or are otherwise reasonably interested in our Services. Every marketing email contains an unsubscribe link, and you can also email unsubscribe@intellpro.com. Transactional and account messages are not subject to marketing opt-out.

13. Third-Party Sites and Services

The Services may link to third-party sites or integrate with third-party platforms (including Microsoft 365, Slack, Bloomberg, and others selected by the client). We are not responsible for the privacy practices of those third parties. Review their policies separately.

14. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where appropriate, notify clients and users through the Services or by email. Continued use of the Services after an update constitutes acceptance of the revised Policy.

15. Contact Us

IntellPro
Attn: Privacy
Email: success@intellpro.com
Web: https://intellpro.com

Let’s Talk

Discover What IntellPro Can Do for You

Contact us to explore how we can support your team. We’ll help you work smarter, faster, and more securely.

Contact Us

Copyright ©2025 IntellPro | Designed by Mesa Media

Home
Contact
Privacy Policy