Privacy Policy
This Privacy Policy explains how Intent Strategic Intelligence, S.L. (“Intent”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you access or use Intent, available at intent.am, including our websites, applications, dashboards, APIs, reports, simulations, recommendations, website analysis tools, competitive intelligence features, and related services (collectively, the “Service”).
This Privacy Policy applies to personal data that we process as a controller for our own business purposes, such as account administration, billing, security, support, marketing, and product analytics.
Where we process personal data contained in Customer Data on behalf of a business customer, we generally act as a processor or service provider under the customer’s instructions. That processing is governed by our agreement with the customer, including any applicable Data Processing Agreement (“DPA”).
1. Who We Are
Controller: Intent Strategic Intelligence, S.L. Website: intent.am Registered office: Madrid, Spain Contact email: lucas@intent.am
We have not appointed a Data Protection Officer at this time. If we appoint one in the future, we will update this Privacy Policy with the relevant contact details.
2. Personal Data We Collect
We may collect and process the following categories of personal data.
2.1 Account and Identity Data
- name;
- work email address;
- company or organization;
- role or job title;
- workspace membership;
- authentication identifiers;
- profile settings;
- user permissions.
2.2 Contact and Communication Data
- messages you send to us;
- support requests;
- sales communications;
- feedback;
- meeting notes;
- email interactions;
- customer success communications.
2.3 Billing and Commercial Data
- subscription plan;
- invoices;
- payment status;
- billing contact details;
- company tax details;
- transaction metadata.
Payment card details may be processed by third-party payment processors. We do not intentionally store full payment card numbers unless expressly stated.
2.4 Usage and Device Data
- log data;
- IP address;
- device information;
- browser type;
- operating system;
- session information;
- pages viewed;
- features used;
- timestamps;
- error logs;
- performance data;
- security logs;
- approximate location inferred from IP address.
2.5 Customer Data Processed Through the Service
Depending on how Customer uses the Service, Customer Data may include:
- URLs;
- website content;
- landing page content;
- screenshots;
- DOM structures;
- accessibility trees;
- visual layouts;
- page metadata;
- product copy;
- pricing information;
- marketing content;
- analytics data;
- CRM data;
- user journey data;
- session or behavioral data;
- survey responses;
- uploaded files;
- prompts and instructions;
- reports and generated outputs;
- competitor website data;
- public web data;
- synthetic personas;
- simulated audience segments;
- inferred behavioral attributes;
- model-generated predictions or recommendations.
Some Customer Data may contain personal data if it is present in websites, analytics tools, user sessions, integrations, uploaded files, or other data sources connected or submitted by Customer.
2.6 Synthetic, Simulated, and Inferred Data
The Service may generate synthetic, simulated, inferred, statistical, or model-based data, including:
- simulated personas;
- predicted behaviors;
- audience segments;
- journey simulations;
- conversion likelihood estimates;
- trust, friction, clarity, or intent scores;
- recommendations;
- benchmarking metrics.
Synthetic or simulated data may reduce the use of directly identifying personal data, but it may still be derived from, combined with, or influenced by real data.
2.7 Data from Third-Party Services
If Customer connects third-party services, such as analytics tools, CRM systems, advertising platforms, authentication providers, collaboration tools, or data warehouses, we may process data made available through those integrations according to Customer’s configuration and instructions.
3. Sources of Personal Data
We collect personal data from:
- you directly;
- your employer, organization, or workspace administrator;
- Authorized Users;
- connected integrations;
- authentication providers;
- payment processors;
- analytics and security tools;
- public websites or publicly available sources analyzed through the Service;
- websites, applications, or data sources submitted or authorized by Customer;
- third-party service providers.
4. How We Use Personal Data
We use personal data to:
- provide, operate, maintain, and secure the Service;
- create and manage accounts;
- authenticate users;
- administer workspaces;
- provide website analysis, simulations, reports, recommendations, and competitive intelligence features;
- process Customer Data according to Customer’s instructions;
- provide support;
- process billing and payments;
- monitor usage limits;
- manage Intent-managed domain restrictions;
- process domain protection, exclusion, suppression, or restriction requests;
- improve product performance and reliability;
- detect, prevent, and investigate fraud, abuse, security incidents, and unauthorized access;
- communicate about the Service;
- send administrative, legal, security, and product notices;
- analyze product usage and improve features;
- develop new features, models, workflows, and functionality;
- comply with legal obligations;
- enforce our Terms of Service and other agreements.
5. Legal Bases for Processing
Where GDPR or similar laws apply, we rely on one or more of the following legal bases:
- Contract: to provide the Service, manage accounts, process subscriptions, and perform agreements.
- Legitimate interests: to secure the Service, improve products, prevent abuse, support customers, analyze usage, operate our business, and manage domain restrictions, provided those interests are not overridden by applicable rights.
- Consent: where required for certain marketing communications, cookies, or optional processing.
- Legal obligation: to comply with tax, accounting, legal, regulatory, and security obligations.
- Customer instructions: where we process personal data as a processor on behalf of Customer.
6. Customer as Controller; Intent as Processor
For personal data contained in Customer Data, Customer generally determines the purposes and means of processing. In that case, Customer is generally the controller or business, and Intent is generally the processor or service provider.
Customer is responsible for:
- having a lawful basis for submitting or connecting personal data to the Service;
- providing required notices to individuals;
- obtaining required consents or permissions;
- configuring the Service lawfully;
- ensuring that website analysis, competitive intelligence, analytics integrations, and data uploads are lawful;
- responding to data subject requests where Customer is the controller.
Intent processes Customer Data according to Customer’s instructions, the Terms of Service, the applicable agreement, and any applicable DPA.
7. Website Analysis and Third-Party Websites
The Service may analyze websites, pages, screenshots, DOM structures, public content, competitor websites, and other digital properties submitted by Customer.
Such analysis may incidentally process personal data if personal data appears on the analyzed website, page, screenshot, metadata, script, analytics feed, or connected data source.
Customer is responsible for ensuring that it has the right, permission, authorization, or lawful basis to submit websites, domains, URLs, screenshots, pages, and related data to the Service.
We may limit or refuse analysis of certain websites, domains, or data sources where we believe processing may create legal, security, privacy, operational, or reputational risk.
8. Intent-Managed Domain Restrictions
Intent may maintain internal systems that restrict, suppress, exclude, or otherwise limit analysis of certain domains, websites, pages, brands, or assets.
These restrictions may be based on internal policy, customer protection features, subscription plan limits, abuse prevention, legal risk, technical reasons, domain owner requests, or contractual commitments.
Intent-managed domain restrictions are internal Service controls. They do not necessarily mean that the relevant domain is legally restricted, technically protected by the domain owner, private, confidential, or inaccessible on the public internet.
Depending on the applicable subscription plan or written agreement, some customers may be allowed to analyze domains that are otherwise restricted by Intent’s internal systems, provided that such analysis is otherwise lawful and does not bypass third-party technical, contractual, or legal restrictions.
9. Sensitive Personal Data
The Service is not intended for processing special category data or highly sensitive personal data unless expressly agreed in writing.
You should not submit:
- health data;
- biometric data;
- genetic data;
- precise geolocation data;
- children’s data;
- government identifiers;
- payment card data;
- passwords or authentication secrets;
- trade union membership data;
- criminal offense data;
- data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or sexual orientation.
If Customer submits sensitive personal data, Customer is responsible for ensuring that such processing is lawful and authorized.
10. AI, Models, and Automated Processing
The Service may use artificial intelligence, machine learning, large language models, computer vision, statistical models, heuristic models, and third-party model providers to generate outputs.
These systems may process Customer Data, website data, prompts, screenshots, text, metadata, synthetic data, and real data depending on how the Service is used.
Intent does not use Customer Confidential Information to train public third-party foundation models unless expressly stated in a written agreement or enabled by Customer configuration.
We may use aggregated, anonymized, or de-identified data to improve the Service, develop features, evaluate performance, and improve reliability.
11. Cookies and Similar Technologies
We may use cookies, local storage, pixels, SDKs, and similar technologies to:
- keep users signed in;
- remember preferences;
- secure accounts;
- analyze usage;
- improve performance;
- detect abuse;
- support marketing where permitted.
Where required by law, we will request consent before using non-essential cookies.
You can control cookies through your browser settings, though disabling cookies may affect Service functionality.
12. How We Share Personal Data
We may share personal data with:
- hosting providers;
- infrastructure providers;
- authentication providers;
- payment processors;
- analytics providers;
- model providers;
- support and customer success tools;
- email and communication providers;
- security and monitoring providers;
- professional advisors;
- affiliates;
- regulators, courts, law enforcement, or public authorities where required by law;
- parties involved in a merger, acquisition, financing, corporate reorganization, or sale of assets.
We require service providers to process personal data only as necessary to provide services to us and subject to appropriate contractual protections.
We do not sell personal data in the ordinary sense of selling personal information for money.
13. International Transfers
We may process and transfer personal data outside your country, including to countries that may not provide the same level of data protection.
Where required, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, data processing agreements, or other lawful transfer mechanisms.
14. Data Retention
We retain personal data for as long as necessary to:
- provide the Service;
- maintain accounts;
- comply with legal obligations;
- resolve disputes;
- enforce agreements;
- prevent abuse;
- maintain security;
- support backups and audit logs.
Customer Data retention may depend on the applicable plan, workspace settings, order form, DPA, or Customer instructions.
We may retain aggregated, anonymized, or de-identified data for longer periods where it no longer identifies an individual or Customer.
15. Security
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
These measures may include access controls, encryption, logging, monitoring, backups, authentication controls, vendor review, and internal security practices.
No method of transmission, storage, model processing, or electronic system is completely secure.
If you believe your account or data has been compromised, contact us at lucas@intent.am.
16. Your Rights
Depending on your location and applicable law, you may have rights to:
- access your personal data;
- correct inaccurate personal data;
- delete personal data;
- restrict processing;
- object to processing;
- request portability;
- withdraw consent;
- opt out of certain marketing communications;
- lodge a complaint with a supervisory authority.
To exercise rights, contact us at lucas@intent.am.
If your personal data is processed by Intent on behalf of a Customer, we may refer your request to that Customer or act according to the Customer’s instructions.
You also have the right to lodge a complaint with the Spanish Data Protection Agency or with another competent supervisory authority.
17. Marketing Communications
We may send marketing communications where permitted by law.
You can opt out of marketing emails by using the unsubscribe link or contacting us.
Even if you opt out of marketing, we may still send transactional, security, legal, billing, and service-related communications.
18. Children
The Service is intended for business use and is not directed to children.
You must not use the Service to knowingly collect or process children’s personal data unless expressly authorized by law and by written agreement with Intent.
19. Confidential Business Data
The Service may process confidential business information, including website strategy, product copy, pricing, analytics, competitor analysis, conversion data, experiments, reports, and recommendations.
We use such information only as described in this Privacy Policy, the Terms of Service, applicable agreements, and Customer instructions.
20. Domain Exclusion, Restriction, and Protection Requests
Domain owners, verified customers, or authorized representatives may contact us to request review, exclusion, suppression, restriction, or special treatment of specific domains or pages within the Service.
We may require verification of domain ownership or authority before acting on such requests.
We do not guarantee that exclusion, suppression, or restriction will apply to data obtained outside the Service, data already processed before the request, public information, customer-provided data, or legally permitted uses.
Requests can be sent to lucas@intent.am.
21. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will provide notice through the Service, by email, by posting on intent.am, or by other reasonable means.
The updated Privacy Policy will be effective on the date stated above.
22. Contact Us
For privacy matters: lucas@intent.am For security matters: lucas@intent.am For legal notices: lucas@intent.am For support: lucas@intent.am
Intent Strategic Intelligence, S.L. Madrid, Spain Website: intent.am