Back to Home

Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy ("Policy") describes how Insight AI VN ("Company", "we", "us", "our") collects, uses, processes, stores, shares, and protects your personal information when you visit our website insight.ai.vn ("Website") and use any products, applications, or services provided by Insight AI VN (collectively, "Services"). By accessing the Website or using our Services, you acknowledge that you have read, understood, and agree to this Policy in its entirety. If you do not agree, please discontinue use of our Services. This Policy complies with Vietnam's Personal Data Protection Decree (13/2023/ND-CP), the Cybersecurity Law 2018, the Electronic Transactions Law 2023, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable international data protection laws where relevant.

2. Data Controller

Insight AI VN is the data controller responsible for your personal data under applicable law. Address: Ho Chi Minh City, Vietnam Privacy email: privacy@insight.ai.vn Legal email: privacy@insight.ai.vn General email: contact@insight.ai.vn

3. Scope of Application

This Policy applies to:
  • The website insight.ai.vn and all its subpages
  • All mobile applications developed and distributed by Insight AI VN (including but not limited to: WiseNest, and future products)
  • All related online services, APIs, and tools
  • All forms of communication between you and Insight AI VN (email, contact forms, social media)
  • Individual products may have supplementary privacy policies specific to that product, which take precedence within the scope of the respective product. See WiseNest Privacy Policy

4. Information We Collect

We collect the following types of information:
  • Personal Identification Information: Full name, email address, phone number (if provided), profile photo, and authentication data from social login providers (Google, Apple, Facebook).
  • Device Information: Device model, operating system, app version, unique device identifiers, system language, timezone.
  • Usage Data: Usage frequency, features accessed, session duration, in-app actions, preference settings.
  • User Content: Data you enter into our products (e.g., food items, shopping lists, personal notes).
  • Transaction Information: Subscription status, transaction IDs, purchase history. Credit card/payment details are NOT stored by us — they are processed entirely by Apple/Google.
  • Technical Data: IP address, browser type, internet service provider, referring/exit pages, timestamps.
  • Location Information: General country/region only for localization purposes. We do NOT collect precise GPS location.
  • Communication Data: Support email content, feedback, and attachments you voluntarily send to us.

5. Purposes of Information Use

We use collected information for the following purposes:
  • Service Provision: Operating, maintaining, and improving our products and features.
  • Personalization: Customizing user experience and suggesting relevant content.
  • Data Synchronization: Syncing data across devices for registered users.
  • Notifications: Sending service notifications, security alerts, and product information.
  • Customer Support: Responding to inquiries, handling complaints, providing technical support.
  • Analytics & Improvement: Analyzing usage trends, detecting bugs, improving products.
  • Security: Detecting and preventing fraud, abuse, and security threats.
  • Legal Compliance: Meeting legal, regulatory, and law enforcement requirements.
  • Marketing (only with consent): Sending information about new products, promotions — you may unsubscribe at any time.

6. Legal Basis for Data Processing

We process personal data based on the following legal grounds:
  • Consent: You have provided explicit consent for processing (Article 11, Decree 13/2023/ND-CP).
  • Contractual Performance: Processing necessary to provide services under the agreement between you and us.
  • Legitimate Interests: Improving services, ensuring security, preventing fraud — balanced against your rights.
  • Legal Obligation: Compliance with Vietnamese law and applicable international regulations.
  • Vital Interests: In emergency situations involving your safety.

7. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data: • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest. • Access Control: Principle of least privilege — only authorized personnel may access personal data. • Storage: Data is stored on reputable cloud services (including but not limited to: Google Cloud Platform, Azure) in data centers meeting ISO 27001 standards. • Security Audits: Regular security assessments and vulnerability testing. • Monitoring: 24/7 monitoring systems to detect anomalous access. While we make every effort to protect your data, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention Period

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy:
  • Active Accounts: Data is retained throughout the active life of the account.
  • After Account Deletion: Personal data is deleted within 30 days of an account deletion request.
  • Backups: Retained for up to 90 days for disaster recovery purposes.
  • Transaction Data: Retained as required by accounting and tax law (minimum 5 years under Vietnamese Accounting Law).
  • Legal Data: May be retained longer if required by law or to resolve disputes.
  • Anonymized Data: Fully anonymized data may be retained indefinitely for statistical analysis.

9. Data Sharing and Disclosure

We do NOT sell, rent, or commercially trade your personal information. We may share data with:
  • Service Providers: Third parties assisting in service operations (cloud hosting, analytics, payment processing) — bound by confidentiality and data processing agreements.
  • Analytics Partners: Anonymized data for usage analysis (Google Analytics, Firebase Analytics).
  • Law Enforcement: When required by legitimate requests from competent government authorities, court orders, or legal obligations.
  • Rights Protection: When necessary to protect the rights, property, or safety of Insight AI VN, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or restructuring — you will be notified in advance.
  • With Consent: When you explicitly agree to specific sharing.

10. Cross-Border Data Transfers

Your data may be transferred to and processed in countries outside Vietnam (including the United States, Singapore, EU). We ensure: • Compliance with Article 26, Decree 13/2023/ND-CP on cross-border personal data transfers. • Application of Standard Contractual Clauses (SCCs) with data recipients. • Technical and legal safeguards equivalent to or exceeding Vietnamese law requirements. • Data transfer impact assessments where necessary.

11. Data Subject Rights

Under Vietnamese law (Decree 13/2023/ND-CP) and international regulations, you have the following rights:
  • Right to Know: To be informed about the processing of your personal data, unless otherwise provided by law.
  • Right to Consent: To consent or decline consent for data processing, unless otherwise provided by law.
  • Right of Access: To request a copy of your personal data.
  • Right to Withdraw Consent: To withdraw previously given consent at any time.
  • Right to Erasure: To request deletion of your personal data, unless retention is required by law.
  • Right to Restrict Processing: To request limitation of data processing scope.
  • Right to Data Portability: To receive your data in a machine-readable format.
  • Right to Object: To object to data processing in certain circumstances.
  • Right to Complain: To file complaints with the Ministry of Public Security (the designated data protection authority in Vietnam) or the data protection authority in your jurisdiction.
  • Right to Compensation: To claim damages when data is processed in violation of regulations.
  • Right to Self-Protection: To self-protect according to legal provisions upon discovering data processing violations.

12. Exercising Your Rights

To exercise any of your rights, please contact privacy@insight.ai.vn. We will: • Verify your identity before processing requests • Respond within 72 hours of receiving the request • Complete processing within 30 days (may extend by an additional 30 days for complex requests, with notification) • Process the first request free of charge within each 12-month period You may also: • Export your data through account settings in the app • Delete your account through app settings • Manage notification and privacy preferences within the app

13. Children's Protection

Our Services are not intended for children under 13 years of age (or under 16 in the EU/EEA). We do not knowingly collect information from children below this age. For users aged 13 to 16, parental or legal guardian consent is required. In Vietnam, under Decree 13/2023/ND-CP, processing personal data of children (under 16) always requires parental or guardian consent. If you discover that a child has provided personal information without appropriate consent, please contact privacy@insight.ai.vn immediately.

14. Cookies and Tracking Technologies

The Website may use: • Essential Cookies: Required for basic functionality (login sessions, language preferences). • Analytics Cookies: To understand how you use the Website (Google Analytics — anonymized data). • Preference Cookies: To remember your display preferences. Mobile apps may use: • Device Identifiers: For anonymous analytics. • Local Storage: Preferences and cached data. • Analytics SDKs: Firebase Analytics (anonymized data). You may manage cookies through your browser settings. Disabling essential cookies may affect Website functionality.

15. Third-Party Links and Services

The Website and Apps may contain links to third-party services. We do not control and are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of all third-party services before providing personal information.

16. Data Breach Response

In the event of a personal data breach, we will: • Notify the competent authority (Ministry of Public Security) within 72 hours of discovery, in compliance with Article 23 of Decree 13/2023/ND-CP. • Notify affected data subjects without undue delay. • Document breach details, consequences, and remedial measures taken. • Implement technical measures to mitigate impact and prevent recurrence.

17. Policy Changes

We may update this Policy from time to time. Any material changes will be communicated via: • Notices on the Website • Email (if you have subscribed) • In-app notifications The "Last updated" date at the top of this page reflects the current version. Continued use of the Services after changes constitutes acceptance of the updated Policy. For material changes, we will seek explicit consent where required.

18. Contact

If you have questions, comments, or requests regarding this Privacy Policy, please contact: Insight AI VN Address: Ho Chi Minh City, Vietnam Privacy email: privacy@insight.ai.vn Legal email: privacy@insight.ai.vn Support email: support@insight.ai.vn We are committed to responding within 5 business days.
Back to HomeTerms of Service