Your Site

Privacy Policy

1. INTRODUCTION

InProd Solutions Pty Ltd (“InProd,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.inprod.io (the “Website”), use our cloud-based DevOps and configuration management service (the “Service”), or otherwise interact with us.

1.1 Scope

This Privacy Policy applies to:

  • Visitors to our Website
  • Individuals who register for or use our Service
  • Individuals who contact us for support or information
  • Recipients of our marketing communications

1.2 Business-to-Business Service

InProd provides services to business customers. If you are using our Service as an employee, contractor, or authorized user of one of our business customers, this Privacy Policy describes how we handle your personal information. For information about how we process data on behalf of our business customers, please refer to our Data Processing Addendum at www.inprod.io/legal.

1.3 Acceptance

By accessing our Website or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Website or Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

Account Registration:

  • Name
  • Email address
  • Company name
  • Phone number (optional)
  • Job title (optional)
  • Account credentials (username and password – stored encrypted)

Payment Information:

  • Billing contact information
  • Payment card information (processed and stored by our payment processor Stripe; we do not store complete card details on our servers)

Support and Communications:

  • Information you provide when contacting our support team via email or through Jira Service Desk
  • Correspondence and communications with us
  • Feedback, surveys, and testimonials

Marketing Communications:

  • Email address when you subscribe to our newsletter or marketing communications
  • Preferences for communication

2.2 Information Collected Automatically

When you access our Website or use our Service, we automatically collect certain information:

Usage Information:

  • Pages visited and features used
  • Time spent on pages
  • Click patterns and navigation paths
  • Features and functionality accessed
  • Configuration changes and deployments made
  • Search queries within the Service

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring/exit pages
  • Date and time stamps
  • Clickstream data

Cookies and Similar Technologies:

  • We use cookies, web beacons, and similar tracking technologies
  • See Section 8 (Cookies and Tracking Technologies) for details

2.3 Analytics and Error Tracking

We use third-party analytics and monitoring tools to help us understand how users interact with our Service and to identify and fix errors:

PostHog:

  • Usage analytics and behavioral data
  • Session recordings and user interactions
  • Frontend error tracking
  • Feature usage and adoption metrics

Rollbar:

  • Frontend JavaScript error tracking and monitoring
  • Error logs and stack traces

Logz.io:

  • Application logs and monitoring data
  • Performance metrics

These tools may collect information about your use of the Service, including pages visited, features used, and technical information about your device and connection.

2.4 Information from Third Parties

Social Login:
If you choose to log in using a third-party authentication service (such as Google or Microsoft), we receive basic profile information from that service, which may include your name, email address, and profile picture, in accordance with that service’s authorization process.

Business Application Integrations:
When you connect our Service to your Business Applications (such as contact center platforms, CRM systems, or other enterprise software), we collect configuration data necessary to provide the integration functionality.

2.5 Information We Do Not Collect

We do not knowingly collect personal information from:

  • Children under the age of 16
  • End customers or end users of our customers’ services

3. HOW WE USE YOUR INFORMATION

3.1 Purposes of Processing

We use your personal information for the following purposes:

Service Provision:

  • To provide, maintain, and improve our Service
  • To process your account registration and manage your account
  • To authenticate users and maintain account security
  • To process configuration changes and deployments
  • To provide technical support and respond to your inquiries
  • To enable integrations with Business Applications

Analytics and Improvement:

  • To understand how users interact with our Service
  • To analyze usage patterns and feature adoption
  • To identify and fix technical issues and errors
  • To improve our Service functionality and user experience
  • To develop new features and functionality

Communications:

  • To send transactional emails (account notifications, password resets, service updates)
  • To send product updates and announcements
  • To send marketing communications (with your consent and the ability to opt out)
  • To respond to your inquiries and support requests
  • To send administrative information about your account or subscription

Business Operations:

  • To process payments and manage billing
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations and enforce our terms
  • To protect our rights, privacy, safety, and property
  • To conduct internal research and development

Legal Compliance:

  • To comply with applicable laws, regulations, and legal processes
  • To respond to lawful requests from public authorities
  • To enforce our agreements and terms of service
  • To protect against legal liability

For users in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your personal information include:

  • Contract Performance: Processing necessary to provide the Service under our agreement with you or your employer
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service, preventing fraud, and ensuring security
  • Consent: Processing based on your explicit consent, such as for marketing communications
  • Legal Obligation: Processing necessary to comply with legal obligations

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers and Sub-processors

We share your personal information with third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only as necessary to provide their services and to protect your information.

Our current service providers include:

Service Provider Purpose Location
Hetzner Online GmbH Cloud hosting and infrastructure Germany, United States
Microsoft Azure Cloud hosting and infrastructure Australia
SparkPost (MessageBird) Email delivery United States
Stripe Payment processing United States
Atlassian (Jira Service Desk) Customer support platform Multiple regions
PostHog Product analytics and error tracking United States
Rollbar Error monitoring United States
Logz.io Log management Multiple regions

A complete and current list of our sub-processors is available at www.inprod.io/legal.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or use of your personal information.

We may disclose your personal information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, legal proceedings)
  • Requests from government authorities or law enforcement
  • Protection of our rights, privacy, safety, or property
  • Protection of the rights, privacy, safety, or property of others
  • Investigation of fraud, security, or technical issues

We may share your personal information for other purposes with your explicit consent.

4.5 What We Do Not Do

We do not:

  • Sell your personal information to third parties
  • Rent or lease your personal information
  • Share your personal information with third parties for their own marketing purposes
  • Use your personal information for purposes incompatible with those disclosed in this Privacy Policy

5. DATA SECURITY

5.1 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards:

  • Encryption in transit using TLS 1.2 or higher
  • Encryption at rest using AES-256 encryption
  • Multi-factor authentication for administrative access
  • Role-based access control (RBAC)
  • Regular security assessments and vulnerability testing
  • 24/7 security monitoring and intrusion detection
  • Firewall protection and network segmentation

Organizational Safeguards:

  • Employee background checks and confidentiality agreements
  • Annual security awareness training for all personnel
  • Documented security policies and procedures
  • Incident response procedures
  • Regular security audits and reviews
  • Limited access to personal information on a need-to-know basis

5.2 Data Retention and Storage

Your personal information is stored in secure data centers located in:

  • Australia (Microsoft Azure – Sydney region)
  • Germany (Hetzner Online GmbH)
  • United States (Hetzner Online GmbH – Ashburn, Virginia)

The specific storage location depends on the data center region you select when creating your account. Your data and backups remain within your selected region.

5.3 Your Responsibility

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using a strong, unique password
  • Enabling multi-factor authentication where available
  • Promptly notifying us of any unauthorized access to your account

5.4 Security Incidents

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law, typically within 72 hours of becoming aware of the breach.

6. DATA RETENTION

6.1 Active Accounts

We retain your personal information for as long as your account remains active and as necessary to provide you with the Service.

6.2 Inactive Accounts

If you do not log in to your account for six (6) months, your account will be considered inactive. We will:

  • Send you a notification email before any action is taken
  • Retain inactive accounts for six (6) months
  • After six (6) months of inactivity, we may delete or anonymize your account data

6.3 Deleted Accounts

When you request account deletion or we delete an inactive account:

  • We will delete or anonymize your personal information within thirty (30) days
  • Some information may be retained in backup systems for up to an additional 30 days
  • We may retain certain information as required by law or for legitimate business purposes (such as fraud prevention, dispute resolution, or enforcing our agreements)

6.4 Marketing Communications

If you unsubscribe from marketing communications:

  • We will promptly remove you from our marketing lists
  • We will retain your email address for sixty (60) days to honor your unsubscribe request and prevent re-adding you to marketing lists
  • After 60 days, your email address may be permanently deleted unless required for other purposes

We may retain certain information for longer periods when:

  • Required by law, regulation, or legal process
  • Necessary for tax, accounting, or other compliance purposes
  • Needed to resolve disputes or enforce our agreements
  • Required for fraud prevention or security purposes

In such cases, we will retain only the minimum necessary information and will delete it when the retention purpose no longer applies.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Request a copy of your personal information in a portable format (CSV or JSON)
  • Review and verify the accuracy of your information

To request access to your data, contact us at legal@inprod.io or export your data directly through the Service interface.

7.2 Correction and Update

You have the right to:

  • Correct inaccurate personal information
  • Update incomplete personal information
  • Modify your account information

You can update most account information directly through your account settings, or contact us at support@inprod.io for assistance.

7.3 Deletion (Right to be Forgotten)

You have the right to request deletion of your personal information. You may:

  • Delete your account through the account settings
  • Contact support@inprod.io to request account deletion
  • We will process deletion requests within thirty (30) days

Note: We may retain certain information as described in Section 6 (Data Retention) for legal compliance or legitimate business purposes.

7.4 Restriction and Objection

You have the right to:

  • Restrict or object to certain processing of your personal information
  • Object to direct marketing communications
  • Object to automated decision-making or profiling (we do not engage in automated decision-making that produces legal effects)

To exercise these rights, contact us at legal@inprod.io.

7.5 Marketing Opt-Out

You can opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at legal@inprod.io

Note: Even if you opt out of marketing communications, we will still send you transactional emails related to your account and use of the Service.

You can control cookies through your browser settings. See Section 8 (Cookies and Tracking Technologies) for more information.

7.7 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.

Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale: We do not sell personal information and have not sold personal information in the preceding 12 months.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
Authorized Agent: You may designate an authorized agent to make requests on your behalf.

To exercise your CCPA/CPRA rights, contact us at legal@inprod.io. We will verify your identity before processing your request.

7.8 European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

Right of Access: Right to obtain confirmation of whether we process your data and access to your personal information.
Right to Rectification: Right to have inaccurate personal information corrected.
Right to Erasure: Right to have your personal information deleted in certain circumstances.
Right to Restriction: Right to restrict processing of your personal information.
Right to Data Portability: Right to receive your personal information in a structured, commonly used format.
Right to Object: Right to object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent: Right to withdraw consent where processing is based on consent.
Right to Lodge a Complaint: Right to lodge a complaint with your local supervisory authority.

To exercise your GDPR rights, contact our Data Protection Officer at legal@inprod.io.

7.9 Australian Privacy Rights

If you are located in Australia, you have rights under the Australian Privacy Act 1988:

Right to Access: Right to request access to your personal information.
Right to Correction: Right to request correction of inaccurate or incomplete personal information.
Right to Complain: Right to complain to the Office of the Australian Information Commissioner (OAIC).

To exercise your rights under Australian law, contact us at legal@inprod.io.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content.

8.2 Types of Cookies We Use

Essential Cookies:

  • Required for the Website and Service to function properly
  • Enable account authentication and security features
  • Remember your preferences and settings
  • Cannot be disabled without impacting functionality

Analytics Cookies:

  • Help us understand how visitors use our Website and Service
  • Collect information about pages visited, features used, and errors encountered
  • Used to improve our Service and user experience
  • Provided by PostHog

Session Recording:

  • We use PostHog to record user sessions within the Service
  • Session recordings help us understand user behavior and identify usability issues
  • Recordings capture mouse movements, clicks, and page interactions
  • Recordings are stored securely and accessed only by authorized personnel
  • Sensitive information (passwords, payment details) is automatically masked

8.3 Third-Party Cookies

Our service providers may set cookies when you use our Service:

  • PostHog (analytics and session recording)
  • Rollbar (error tracking)

These third parties have their own privacy policies governing their use of information.

Session Cookies: Temporary cookies that are deleted when you close your browser.

Persistent Cookies: Remain on your device until they expire or you delete them. Our persistent cookies typically expire after:

  • Authentication cookies: 30 days
  • Analytics cookies: 13 months

8.5 Managing Cookies

You can control and manage cookies through your browser settings:

Browser Controls:

  • Most browsers allow you to refuse cookies or delete cookies
  • Consult your browser’s help documentation for instructions
  • Note: Disabling essential cookies may impact Service functionality

Opt-Out of Analytics:

  • PostHog: You can opt out of analytics tracking by contacting support@inprod.io
  • Note: Opting out of analytics may limit our ability to improve the Service

Do Not Track:

  • Some browsers include a “Do Not Track” (DNT) feature
  • We currently do not respond to DNT signals, as there is no industry standard for how to interpret them

9. INTERNATIONAL DATA TRANSFERS

9.1 Global Operations

InProd is based in Australia, but we operate globally and may transfer your personal information to countries other than your own. When you select your data center region (Australia, Germany, or United States), your data is stored and processed in that region.

9.2 Cross-Border Transfers

We may transfer your personal information to our service providers located in different countries, including:

  • United States (Hetzner, SparkPost, Stripe, PostHog, Rollbar)
  • Germany (Hetzner)
  • Australia (Microsoft Azure)
  • Multiple regions (Atlassian, Logz.io)

9.3 Safeguards for International Transfers

When we transfer personal information from the European Economic Area, United Kingdom, Switzerland, or Australia to other countries, we implement appropriate safeguards:

Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses for transfers to countries without adequacy decisions.

Adequate Level of Protection: We ensure that transferred data receives an adequate level of protection through:

  • Contractual obligations with service providers
  • Technical security measures (encryption, access controls)
  • Organizational safeguards (data protection policies, training)

Australian Privacy Act Compliance: For transfers from Australia, we comply with Australian Privacy Principle 8.1, ensuring overseas recipients are bound to protect the information in a manner consistent with the Australian Privacy Principles.

9.4 Your Data Stays in Your Region

When you select a data center region during account setup:

  • Your data is stored in that region
  • Backups remain in the same region
  • Data is not transferred to other regions except as necessary for service provider operations (e.g., email delivery, payment processing, support ticketing)

10. CHILDREN’S PRIVACY

10.1 Age Restriction

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

10.2 Parental Notice

If you are a parent or guardian and believe that your child under 16 has provided us with personal information, please contact us at legal@inprod.io. We will take steps to delete such information from our systems.

10.3 Verification

If we learn that we have collected personal information from a child under 16, we will delete that information as quickly as possible. If you believe we might have information from or about a child under 16, please contact us.

11. THIRD-PARTY WEBSITES AND SERVICES

Our Website and Service may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services.

11.2 No Responsibility

We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through our Website or Service.

11.3 Business Application Integrations

When you integrate our Service with your Business Applications (such as CRM systems, contact center platforms, or other enterprise software), those applications are governed by their own privacy policies. We are not responsible for the privacy practices of such third-party applications.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the “Last Updated” date at the top of this Privacy Policy
  • Post the updated Privacy Policy at www.inprod.io/legal
  • Notify you of material changes via email to your account email address
  • Provide at least thirty (30) days notice before material changes take effect

12.2 Material Changes

Material changes include:

  • Changes to the purposes for which we collect or process personal information
  • Changes to the categories of personal information we collect
  • Changes to the categories of third parties with whom we share personal information
  • Changes that materially reduce your privacy rights

12.3 Your Acceptance

Your continued use of our Website or Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you should discontinue use of our Service and contact us to close your account.

12.4 Review

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your personal information.

13. CONTACT INFORMATION

13.1 Privacy Inquiries

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

InProd Solutions Pty Ltd
Suite 906, 585 Little Collins Street
Melbourne, Victoria 3000, Australia

Email: legal@inprod.io
Data Protection Officer: legal@inprod.io
General Inquiries: hello@inprod.io
Support: support@inprod.io
Website: www.inprod.io

13.2 Response Time

We will respond to your privacy-related inquiries and requests within:

  • GDPR requests: 30 days (extendable by 2 months for complex requests)
  • CCPA requests: 45 days (extendable by 45 days with notice)
  • Australian Privacy Act requests: 30 days
  • General inquiries: 7 business days

13.3 Supervisory Authorities

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority.

EU Supervisory Authorities: A list is available at https://edpb.europa.eu/about-edpb/board/members_en

If you are located in Australia, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001, Australia
Phone: 1300 363 992
Website: www.oaic.gov.au

If you are a California resident, you may contact the California Attorney General with privacy-related concerns.

14. ADDITIONAL INFORMATION

14.1 Business Contact Information

Our Service is designed for business use. If you are using our Service as an employee or on behalf of a business customer:

  • Your employer or the business customer is the controller of your personal information
  • We process your personal information on behalf of your employer or the business customer
  • For questions about how your personal information is handled, contact your employer or the business customer
  • See our Data Processing Addendum at www.inprod.io/legal for details on data processing arrangements with business customers

14.2 Automated Decision-Making

We do not use your personal information for automated decision-making that produces legal effects or similarly significantly affects you.

14.3 Sensitive Personal Information

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation). If you provide such information, you consent to our processing of it in accordance with this Privacy Policy.

14.4 No Sale of Personal Information

We do not sell your personal information and have not sold personal information within the preceding 12 months.

15. DEFINITIONS

For purposes of this Privacy Policy:

“Personal Information” means information that identifies, relates to, describes, or can be reasonably linked, directly or indirectly, to an identified or identifiable individual.
“Processing” means any operation performed on personal information, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.
“Service” means InProd’s cloud-based DevOps and configuration management platform, accessible via web browser or API.
“Website” means www.inprod.io and all associated subdomains.
“You” or “Your” refers to the individual accessing our Website or using our Service.
This Privacy Policy is effective as of the date stated at the top of this document.

Last Updated: 09/10/2025

InProd Solutions Pty Ltd
Suite 906, 585 Little Collins Street
Melbourne, Victoria 3000, Australia

Email: hello@inprod.io
Support: support@inprod.io
Legal: legal@inprod.io
Website: www.inprod.io

For previous versions of this Privacy Policy, please contact legal@inprod.io.
This document is subject to change. InProd will provide notice of material changes in accordance with our Cloud Services Agreement.