Privacy Notice
Effective: May 12, 2026 Last updated: May 12, 2026
This Privacy Notice explains how Ingest LLC ("Ingest," "we," "us," or "our") collects, uses, shares, and protects personal information. It applies to our website at https://ingestdata.ai, our customer portal, and our communications with prospects, customers, and the public.
If you are an individual whose personal information is processed by Ingest on behalf of one of our business customers (for example, because your name or email appears in data that one of our customers ingests through our service), please see the section Personal Information We Process for Our Customers below.
Who we are
Ingest LLC is a Massachusetts limited liability company that provides a software-as-a-service platform for moving data between third-party APIs and customer data warehouses.
- Mailing address: 24 Willow Ave, Apt 1, Somerville, MA 02144, USA
- Privacy contact: privacy@ingestdata.ai
- Phone: 617-213-0629
For privacy inquiries, you can always reach us at privacy@ingestdata.ai.
Quick summary
| Do we sell or share personal information for cross-context behavioral advertising? | No. |
| Do we use personal information to train AI or machine-learning models? | No. |
| Where is your data stored? | United States (Amazon Web Services, us-east-1) |
| How long do we keep customer-controlled data? | Up to 3 days in our staging infrastructure before delivery to the customer's destination warehouse |
| Who do we share data with? | A small set of disclosed sub-processors (see Sub-processors below) |
Personal information we collect about you
Below is the personal information Ingest collects directly from website visitors, prospects, customer contacts, and others who interact with us.
Categories of personal information
Using the categories defined in California Civil Code Section 1798.140, Ingest may collect the following:
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, business email address, IP address, device identifiers | Yes |
| Customer records (Cal Civ Code 1798.80(e)) | Name, business contact information, employment information | Yes |
| Protected classifications | Age, race, gender, etc. | No |
| Commercial information | Records of products or services purchased, communications about purchases | Yes |
| Biometric information | Fingerprints, voiceprints, faceprints, etc. | No |
| Internet or other electronic network activity | Browsing on ingestdata.ai, interactions with our communications | Yes |
| Geolocation data | Approximate location based on IP address | Yes (approximate only) |
| Audio, visual, thermal, olfactory, or similar information | Photos, recordings | No |
| Professional or employment-related information | Job title, employer name, role at customer | Yes |
| Education information | Education history | No (except in hiring context, see Job Applicants) |
| Inferences | Profiles drawn from any of the above | Limited, used only to qualify business interest |
| Sensitive personal information | Government ID, financial account, precise geolocation, race/ethnicity, religious belief, contents of private communications, genetic data, sexual orientation, etc. | No |
Sources of personal information
We collect personal information from:
- You directly: when you visit our website, fill out a form, contact us, sign up for the customer portal, or enter into a business relationship with us.
- Your employer: when your employer engages Ingest as a customer and identifies you as a point of contact.
- Third-party business sources: publicly-available business contact information (e.g., LinkedIn, company websites) when researching potential customers or business partners.
- Automatic collection: when you visit our website, our hosting and analytics tools automatically collect technical information such as IP address, browser type, pages viewed, and referrer.
Why we collect personal information
We use personal information for the following business purposes:
- To provide the service: authenticating users on the customer portal, enabling features, supporting customer engagements.
- To communicate: sending service updates, security notices, customer communications, and responding to inquiries.
- For sales and marketing: identifying and engaging potential customers, sending information about Ingest's services to interested parties (with opt-out).
- For security and fraud prevention: detecting and responding to unauthorized access, abuse, or fraud.
- For legal compliance: meeting our obligations under applicable law, including responding to lawful requests by public authorities.
- For business operations: accounting, financial reporting, contract administration.
We do not use personal information collected through our website, customer portal, or communications to train, fine-tune, or otherwise improve any machine-learning or artificial-intelligence model.
Personal information we process for our customers
When our business customers configure Ingest to retrieve data from third-party APIs (for example, their HubSpot, Salesforce, or Shopify account), the data we move on their behalf may include personal information about individuals whose information appears in those third-party systems. Examples include the customer's own customers, prospects, survey respondents, and employees.
For this personal information, Ingest acts as a "service provider" under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and as a "processor" under the EU and UK General Data Protection Regulation (GDPR). Our role is limited to moving the data on documented instructions from our customer.
Specifically, when we process personal information on behalf of a customer:
- We process it only for the contracted business purpose set out in the executed services agreement and Data Processing Addendum.
- We do not retain, use, or disclose personal information outside that contracted purpose.
- We do not sell or share personal information.
- We do not combine personal information from one customer with personal information from any other source.
- We do not use the data to train any machine-learning or artificial-intelligence model.
- Our staging copy of the data is held in our infrastructure for no longer than 3 days before being delivered to the customer's destination warehouse, after which it is automatically deleted.
- The durable copy of the data resides in the customer's own data warehouse, under the customer's control.
If you are the individual whose information is being processed by Ingest on behalf of one of our customers, the customer (not Ingest) is the controller of that information. To exercise your privacy rights regarding that data, for example, to request access or deletion, please contact the customer directly. Ingest will support our customer in fulfilling your request.
Cookies and similar technologies
When you visit our website, we use a limited set of cookies and similar technologies:
- Strictly necessary cookies: required to operate the website and the customer portal (for example, session cookies that keep you logged in).
- Functional cookies: remember your preferences (for example, region, language).
- Analytics: measure usage of the website. We use privacy-respecting analytics that minimize personal information collection.
We do not use cookies or similar technologies to target advertising to you based on your activity across other websites ("cross-context behavioral advertising").
You can disable or block cookies through your browser settings. Disabling strictly-necessary cookies may impair the functionality of the website and customer portal.
How we share personal information
We share personal information with the following categories of recipients:
Sub-processors
We engage a small number of sub-processors to deliver our service. Each is bound by contractual obligations to protect personal information consistent with this notice.
| Sub-processor | Service | Location |
|---|---|---|
| Amazon Web Services, Inc. | Cloud infrastructure | United States (us-east-1) |
| Snowflake Inc. | Customer-owned data warehouse | Customer-selected (typically United States) |
| GitHub, Inc. | Source-code management | United States |
| Google LLC (Google Workspace) | Corporate email and identity | United States |
| Vercel Inc. | Frontend hosting (customer portal) | United States |
| Supabase Inc. | Customer portal authentication and database | United States |
We will notify customers in advance of any change to this sub-processor list as required by their applicable contract.
Legal and protective disclosures
We may disclose personal information when we believe in good faith that disclosure is necessary to:
- Comply with applicable law or legal process (subpoena, court order, governmental request).
- Enforce our contracts and policies, including investigating potential violations.
- Protect the rights, property, or safety of Ingest, our customers, or others.
- Respond to security incidents or prevent fraud.
Business transfers
If Ingest is involved in a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. Any such transferee will be bound by terms consistent with this Privacy Notice or will provide you with notice of any material change.
We do not sell or share personal information
We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioral advertising.
International data transfers
Ingest stores and processes personal information in the United States. If you are accessing Ingest from outside the United States, your information will be transferred to and processed in the United States.
Where we process personal information of individuals in the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (2021 set) and, where applicable, the UK International Data Transfer Addendum, as the legal mechanism for the transfer, together with supplementary safeguards described in our Data Processing Addendum available to customers on request.
How long we keep personal information
We retain personal information only for as long as necessary to fulfill the purposes described in this notice, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.
| Information | Retention period |
|---|---|
| Website analytics | Typically up to 12 months |
| Prospect and lead information | Up to 3 years from last engagement, or earlier on request |
| Customer business contact information | Duration of the engagement plus 7 years (for legal and tax obligations) |
| Customer-controlled data we process as a service provider/processor | Up to 3 days in our staging infrastructure, then deleted; the durable copy lives in the customer's data warehouse under their control |
| Operational and audit logs | 90 days by default, longer if required for incident investigation |
| Records subject to a legal hold | Duration of the hold |
For more detail, see Ingest's Records Retention Policy, available to customers on request.
Security
We protect personal information using technical and organizational measures appropriate to the risk, including:
- Encryption at rest (AES-256) and encryption in transit (TLS 1.2 or higher) for all customer data
- Strict access controls with named individual identities, mandatory multi-factor authentication, and least-privilege scoping
- Continuous monitoring via AWS GuardDuty and AWS CloudTrail
- Vulnerability management with continuous dependency scanning
- Mandatory peer code review on every production change
- Incident response with a 72-hour customer notification commitment for confirmed breaches affecting customer data
No security control can guarantee absolute protection. We work continuously to improve our security posture and disclose material incidents to affected parties in accordance with applicable law.
Your privacy rights
Depending on where you live and the law that applies to your information, you may have the following rights:
Under U.S. state privacy laws (CCPA/CPRA and similar laws)
- Right to know what personal information we have collected about you
- Right to delete your personal information, subject to limited exceptions
- Right to correct inaccurate personal information
- Right to portability of your personal information in a usable format
- Right to opt out of the sale or sharing of personal information (not applicable to Ingest, we do not sell or share)
- Right to limit use and disclosure of sensitive personal information (Ingest does not collect sensitive personal information as defined under CCPA/CPRA)
- Right to non-discrimination for exercising any of these rights
Under GDPR (for individuals in the EEA, UK, or Switzerland)
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten"), subject to limited exceptions
- Right to restrict processing
- Right to data portability
- Right to object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent where processing is based on consent
- Right to lodge a complaint with a supervisory authority (in the EEA, your local Data Protection Authority; in the UK, the Information Commissioner's Office)
How to exercise your rights
To exercise any of these rights, please email privacy@ingestdata.ai with:
- Your name and contact information
- A description of the right you wish to exercise
- Sufficient information for us to verify your identity (we may request additional information to confirm we are responding to the correct individual)
We will respond within the timeframe required by applicable law (typically 45 days under CCPA/CPRA and 30 days under GDPR, in each case extendable in limited circumstances with notice to you).
You may also designate an authorized agent to make a request on your behalf. We will require verification of the agent's authority.
We will not discriminate against you for exercising your privacy rights.
Requests regarding data we process for our customers
If your privacy request relates to data Ingest processes on behalf of a customer (see Personal Information We Process for Our Customers above), please contact that customer directly. They are the controller of that data; Ingest will support them in responding to your request. If you are unsure who that customer is, you may contact us at privacy@ingestdata.ai and we will help direct your inquiry.
Children
Ingest's services are not directed to children under 13 (or under 16 in jurisdictions where the applicable age threshold is higher), and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without verified parental consent, we will delete it. If you believe we have inadvertently collected such information, please contact privacy@ingestdata.ai.
Job applicants
If you apply for a job at Ingest, we collect:
- Information you provide in your application (name, contact information, resume, work history, education)
- Information from references you authorize us to contact
- Results of pre-hire background screening (criminal history, employment verification) conducted by a third-party screening provider, where applicable and where you have authorized the screening
We use this information solely for evaluating your application and managing the hiring process. Unsuccessful application data is retained for the period required by applicable law (typically 3 years in the U.S.) and then deleted.
Changes to this notice
We may update this Privacy Notice from time to time. The "Last updated" date at the top of this notice indicates when it was most recently revised. Material changes will be communicated through prominent notice on our website and, for customers, by email. We encourage you to review this notice periodically.
Contact us
For any privacy inquiry, request, or concern:
- Email: privacy@ingestdata.ai
- Mail: Ingest LLC, 24 Willow Ave, Apt 1, Somerville, MA 02144, USA
- Phone: 617-213-0629
If you have a concern about how we handle personal information that we are unable to resolve, you have the right to lodge a complaint with a data protection authority in your country (in the EEA), the UK Information Commissioner's Office (in the UK), or the California Privacy Protection Agency (for California residents).