Privacy Policy
1. Overview
ISONQ LLC ("ISONQ," "we," "our," or "us") provides a local-first semantic search application designed for professionals and healthcare organizations. This Privacy Policy describes how we handle information when you use our software and services.
By using ISONQ, you agree to the practices described in this policy.
2. Local-First Architecture
ISONQ is designed as a local-first application. This means your files, emails, messages, and search queries are processed and stored entirely on your device. Our servers are not involved in storing, transmitting, or processing your content.
When you connect ISONQ to Microsoft 365, data flows directly from Microsoft's servers to your local device. ISONQ's servers do not intercept, relay, or have access to this data transfer.
3. Data Processing
The following table describes where different types of data are processed and stored:
| Data Type | Storage Location | Purpose |
|---|---|---|
| Local files | Your device | Indexed for semantic search |
| Microsoft 365 emails | Your device | Synced and indexed locally |
| Teams messages | Your device | Synced and indexed locally |
| Search queries | Your device | Processed locally |
| Search index | Your device | Encrypted local database |
| License key | ISONQ servers | Subscription validation |
4. Microsoft 365 Integration
ISONQ connects to Microsoft 365 using OAuth 2.0 authentication with delegated permissions. This distinction is important for understanding our access model.
Delegated Permissions
Delegated permissions mean the access token is generated on your device during the OAuth flow and is used exclusively by your local ISONQ application. ISONQ's servers never receive, store, or transmit this token. We have no technical mechanism to access your Microsoft 365 account or data.
This is in contrast to application permissions, which would allow a service provider to access data on behalf of all users in an organization. ISONQ does not use application permissions.
Permissions Requested
ISONQ requests the following Microsoft Graph API permissions:
- Mail.Read — Read your email messages
- Chat.Read — Read your Teams chat messages
- Files.Read — Read your OneDrive files (optional)
- User.Read — Read your basic profile information
You can review and revoke these permissions at any time through your Microsoft account at myaccount.microsoft.com/permissions.
5. Data We Collect
For license validation and product improvement, ISONQ collects limited information:
- License key
- Hardware identifier (for license enforcement)
- Application version
- Anonymous usage statistics (if enabled)
Data We Do Not Collect
We do not collect, transmit, or have access to:
- Contents of your files or documents
- Contents of your emails or messages
- Your search queries
- Your Microsoft 365 credentials or access tokens
- File names, folder structures, or metadata
- Any personally identifiable information from your documents
6. HIPAA Compliance
ISONQ is designed to support HIPAA-compliant workflows for healthcare organizations handling Protected Health Information (PHI).
- Local processing: PHI is processed and stored exclusively on your device and never transmitted to ISONQ servers.
- PHI sanitization: When using AI-assisted features, ISONQ automatically detects and redacts PHI before any data is sent to third-party AI providers.
- Audit logging: Comprehensive access logs are maintained locally for compliance reporting.
- Encryption at rest: All indexed data is encrypted using AES-256 on your device.
Business Associate Agreements (BAA) are available for customers on Practice and Enterprise subscription tiers. Contact compliance@isonq.com to request a BAA.
7. Security
We implement the following security measures:
- Encryption at rest: AES-256 encryption for all indexed data stored on your device.
- Encryption in transit: TLS 1.3 for all network communications.
- Local storage: Your search index is stored in an encrypted database on your device.
- No cloud backup: Your index and content are never uploaded to cloud storage.
- Credential security: Microsoft 365 access tokens are stored encrypted on your device and are never transmitted to ISONQ.
8. Third-Party Services
ISONQ integrates with the following third-party services:
- Microsoft Graph API: For Microsoft 365 data synchronization. Governed by Microsoft's Privacy Statement.
- AI Providers (optional): Claude (Anthropic), OpenAI, or Google Gemini for AI-assisted features. Only HIPAA-sanitized data is transmitted. Governed by respective provider privacy policies.
- Stripe: For payment processing. Governed by Stripe's Privacy Policy.
9. Your Rights
Because ISONQ is a local-first application, you maintain direct control over your data:
- Access: Your data is stored on your device and is directly accessible to you.
- Deletion: You can clear your search index at any time through Settings.
- Disconnection: You can revoke Microsoft 365 access at any time through your Microsoft account or ISONQ settings.
- Opt-out: You can disable anonymous usage analytics in Settings.
- Portability: Your data is stored in standard formats on your device.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes through email and in-app notification. Continued use of ISONQ after changes constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: privacy@isonq.com
ISONQ LLC
Lakewood, Colorado, USA