Privacy Policy

Last updated: February 7, 2026

1. Introduction

BankTechIntel (“we,” “our,” or “the Service”) is committed to protecting the privacy of our users. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have regarding your data. By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you register, we collect your full name, email address, organization name (bank name), and a password. Passwords are cryptographically hashed and are never stored in plain text.
  • Assessment Responses: During the guided self-assessment, you provide details about your bank’s core banking provider, operational capabilities, technology infrastructure, and existing software environment.
  • Software Inventory Data: You may confirm, remove, or manually add software assets to your inventory, including details such as vendor names, product categories, deployment models, and approval status.
  • Uploaded Documents: You may upload PDF, DOCX, or TXT files for compliance analysis. We extract and store the text content of these documents. Original file formats are not retained after text extraction.
  • Pain Points and Feedback: Responses to optional questionnaires about operational challenges and technology pain points.

2.2 Information Generated by the Service

  • Inferred Software Assets: Our inference engine generates a list of likely software in your environment based on your assessment responses and industry patterns. These are estimates and are clearly marked as inferred.
  • Risk Scores and Analyses: Algorithmically calculated risk scores, compliance gap analyses, and governance readiness scores based on your inventory data.
  • AI-Generated Documents: Regulatory documentation, compliance analyses, and supplementation content generated by AI based on your data.
  • Vendor Drift Events: Monitoring data about changes to vendor products in your inventory, gathered through AI-powered research.

2.3 Automatically Collected Information

  • Session Data: We use server-side sessions to maintain your login state. Session identifiers are stored in cookies in your browser.
  • Audit Logs: We log significant actions within the platform (such as assessment completion, document generation, and administrative changes) for security and compliance purposes.
  • Usage Patterns: We may track which features you use and how you navigate the platform to improve the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To run your assessment, generate your software inventory, calculate risk scores, produce governance readiness reports, and generate regulatory documentation.
  • Account Management: To create and manage your account, authenticate your identity, verify your email address, and manage user roles within your organization.
  • Communication: To send you email verification messages, password resets, and essential service notifications. We do not send marketing emails without your explicit consent.
  • Service Improvement: To understand how the Service is used, identify issues, and improve our algorithms, inference engine, and user experience.
  • Security and Compliance: To detect and prevent unauthorized access, maintain audit trails, and comply with applicable legal requirements.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

4.1 Third-Party AI Providers

When you generate, analyze, or supplement documents, the relevant content (including software asset details, risk findings, and document text) is sent to our AI processing provider for processing. This data is transmitted securely and is used solely for generating your requested output. We recommend reviewing our AI provider’s data usage policies, as their handling of data is governed by their own terms.

4.2 Email Service Provider

We use SendGrid to deliver transactional emails such as email verification and password reset messages. Your email address and name are shared with SendGrid solely for the purpose of delivering these emails.

4.3 Webhook Integrations (Administrator-Configured)

If your organization’s administrator configures webhook integrations (such as GoHighLevel CRM), certain assessment data may be transmitted to those external services upon assessment completion. This includes contact information, bank details, and summary assessment results. The administrator is responsible for ensuring appropriate data handling by the receiving service.

4.4 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

  • Database Security: All data is stored in a PostgreSQL database with encrypted connections. Data is logically isolated by tenant (organization) so that one bank’s data is not accessible to another.
  • Password Protection: Passwords are hashed using bcrypt with a cost factor of 12 before storage. We never store or have access to your plain-text password.
  • Session Security: Sessions are managed server-side with secure, httpOnly cookies. Session data is stored in the database, not in your browser.
  • Access Controls: The platform enforces role-based access controls. Regular users can only access their own organization’s data. Administrative functions require elevated privileges.
  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.

6. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

  • Account Data: Retained until you request account deletion or your organization’s administrator removes your account.
  • Assessment and Inventory Data: Retained for the duration of your account to enable ongoing governance monitoring and reporting.
  • Generated Documents: Retained with full version history for compliance audit trail purposes. Document versions are preserved even when documents are regenerated or edited.
  • Audit Logs: Retained for a minimum of seven (7) years to support regulatory examination requirements, or longer if required by applicable law.
  • Uploaded Document Text: Retained until the associated document record is deleted or the account is removed.

7. Cookies and Tracking

The Service uses the following cookies and local storage:

  • Session Cookie: A server-side session identifier used to maintain your authenticated state. This is essential for the Service to function and cannot be disabled.
  • Theme Preference: Your light/dark mode preference is stored in your browser’s local storage for convenience. This does not track you or leave your device.
  • Tour Completion: Whether you have completed the onboarding tour is stored in local storage to avoid showing it again. This does not leave your device.

We do not use third-party tracking cookies, advertising cookies, or analytics services that track you across other websites.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: You can view your assessment data, software inventory, generated documents, and account information through the platform at any time.
  • Correction: You can update your account information and edit or remove inaccurate data in your software inventory directly through the Service.
  • Deletion: You may request deletion of your account and associated data by contacting your BankTechIntel representative. Note that certain audit log data may be retained as required by applicable regulations.
  • Data Export: You can export your regulatory documentation as PDF files through the Service’s built-in export features.
  • Objection: You may object to certain processing activities by contacting us. However, objecting to essential processing may limit your ability to use the Service.

9. Children’s Privacy

The Service is designed for use by banking professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

10. International Data Transfers

Your data may be processed and stored in locations outside your country of residence, including in the United States. When data is sent to third-party AI providers for document generation and analysis, it may be processed in various global locations as determined by those providers. By using the Service, you consent to the transfer of your information to these locations, where data protection laws may differ from those in your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact your BankTechIntel representative or reach out through your designated support channel.