Intel Engine is a private beta I operate under Intel Engines LLC. This page tells you, in plain terms, what data the platform collects, where it lives, who has access to it, what we do to protect it, and what controls you have. It is meant to be a complete picture, not marketing language.
Because we are a private beta operated by a single person, we have not undergone third-party compliance audits (GDPR, CCPA, SOC 2, HIPAA, or others). We do not claim compliance with any of those frameworks. We are giving you the facts so you can make your own decision.
What we store
The following data is stored when you use Intel Engine:
Account data — your username, a bcrypt hash of your password (never the password itself), your chosen display name, your role (user or admin), the timestamps when you accepted the terms of use and when you acknowledged this disclosure.
Session data — a session token that proves you are logged in, with an expiry timestamp. The token is set as an httpOnly cookie that JavaScript on the page cannot read.
Invitation tokens — short-lived tokens (24-hour expiry) used to set your initial password after an invite.
Project ownership — which intelligence projects you have access to.
Conversations with the onboarding agent — when you talk to the chat agent during onboarding, the full conversation is saved within the Intel Engine platform's file storage so you can resume where you left off and so the agent can build your intelligence profile.
Feedback tickets — when you submit feedback (including conversations with the feedback agent), the full ticket including your message is stored as a JSON file and indexed in the database.
Pipeline run artifacts — when intelligence pipelines run for your project, the prompts sent to and responses received from the LLM are saved within the Intel Engine platform for debugging and auditability. These can include excerpts of content you have provided.
Files you upload — any files you upload to a project are saved within the Intel Engine platform and retained for the life of the project.
Generated digests — the HTML intelligence digests produced for your project are stored within the Intel Engine platform and accessible to you via the project pages in the application.
Your browser additionally stores two small items locally on your device: the session cookie described above, and a timestamp recording when you accepted the terms of use. Neither contains any conversation content. We do not use tracking cookies, third-party analytics, or advertising tags. We do not load JavaScript from third-party services.
Where it lives
Account, session, ownership, invitation, and feedback-index data — a PostgreSQL database within the Intel Engine platform.
Conversation history, feedback tickets, pipeline artifacts, uploaded files, and generated digests — file storage within the Intel Engine platform.
Outbound email content — invitations and notifications you receive from us pass through our email delivery vendor (see "Who else sees it" below).
Off-site backups
We do not currently maintain off-site or automated backups of the database or the file storage. If our infrastructure is lost we may not be able to recover your data. We recommend you keep your own copies of any digests or exports that matter to you. This is a known limitation of operating as a private beta and is a candidate for change as we grow.
Who else sees it
Running Intel Engine requires sending data to a small number of vendors. Each vendor sees only the data described below, governed by their own privacy policy. Where a vendor's handling of your data is load-bearing for what Intel Engine does, we name them explicitly.
Every conversation with the onboarding agent and the feedback agent, and every intelligence-pipeline prompt or response, is processed by Anthropic's Claude API. This is central to how the platform works. Anthropic's handling of your prompts and responses is governed by their privacy policy, which we link to rather than paraphrase.
Transactional email delivery (your invitation email, feedback acknowledgments). Resend sees the recipient address, the From address, and the email body. Resend uses Amazon SES underneath, which sees the same envelope.
Cloudflare
DNS resolution for the intelengines.com domain and inbound email routing. Cloudflare sees network metadata associated with requests; no application data.
DigitalOcean
Hosts the application server and database. Like any cloud-hosting provider, DigitalOcean has the technical ability to access data at rest on the machine it runs on; we do not believe they do so in normal operation.
The platform also calls public-data and search APIs as part of intelligence gathering. These queries are generated by the system from your project configuration and do not include your personal data.
How we protect your data
This section describes specific defenses in code today. We have not undergone third-party security audits, so we name only defenses that are verifiable in the source code, and we are honest about what we have not yet built.
Authentication and access:
Passwords are hashed using bcrypt before being stored. We never store or log passwords in plaintext.
Session cookies are httpOnly (JavaScript on the page cannot read them), secure (transmitted only over HTTPS), and samesite=lax.
Connections to the application are TLS-encrypted end to end (your browser to Cloudflare, and Cloudflare to the origin server, are both HTTPS).
After five failed login attempts, accounts are locked for 15 minutes.
All routes other than the login page, invitation page, health-check endpoint, and this privacy page require an authenticated session. Each project is scoped to its owner; you can only access projects you have been granted.
Input handling:
User input is HTML-escaped before display in the application or in emails we send. This includes feedback content, chat input echoes, project names, and digest filenames.
AI-generated chat content is additionally sanitized through a strict HTML allowlist (DOMPurify 3.4.2) before being rendered, so script tags, event handlers, and other code-execution vectors are stripped automatically — even if the AI's output is steered to include them.
File uploads are checked for path-traversal attempts; filenames containing ".." or "/" are rejected.
Database queries use parameterized statements throughout; we do not compose SQL strings from user input.
Output filtering:
A pattern-based scrubber removes internal system terminology from any output that reaches you (digests, exports, emails). A regression-test suite re-checks this on every release.
Intelligence-pipeline outputs are validated against a strict JSON schema; outputs that don't match the schema are rejected before they reach you.
The feedback agent is configured to treat your messages as data to analyze, not as instructions to execute. Its output is constrained to a strict JSON schema with a small enumerated set of categories.
Email and infrastructure:
Outbound email is authenticated with SPF, DKIM, and DMARC at the DNS level so recipients can verify it is genuinely from us.
API keys are never passed on a process command line; they're written to a private temporary file, used once, and deleted.
What we don't have yet (and what we plan):
Two-factor authentication. Passwords are the only login factor today.
General rate-limiting beyond the login-failure lockout.
Content-Security-Policy and other security response headers.
A formal third-party security audit or penetration test.
A bug bounty program.
An automated breach-detection or alerting system.
A log-redaction system that scrubs operator logs of sensitive content (operator logs may contain conversation excerpts for debugging, as noted in "Operator access" below).
An audit log a user could request to verify the operator pledge.
If something goes wrong:
We do not have a formalized incident-response process. If I became aware of a security incident affecting your data, I would contact affected users by email within 72 hours of detection, describing what happened, what data was involved, and what to do. This commitment is documented here even though the formal process has not been built; building it is part of the work planned for the public release stage.
Operator access
Intel Engine is operated by Bobby McCulley as a private beta. As the sole operator, Bobby has technical (root) access to the production server, the database, and the file storage. This is the same access any single-operator software project has. We do not currently have automated systems that limit what the operator can see; that level of separation is part of the work planned for the public release stage.
Operator pledge
I do not read conversation content unless I am investigating a bug or responding directly to your feedback. When I need to look at content, I look at the minimum necessary to do the work. I will tell you when I have done so if it pertains to your account.
— Bobby McCulley
Operator logs (system stdout, error traces, pilot-run telemetry) may contain short excerpts of conversation content for debugging purposes. These logs are accessible only to the operator and rotate per standard system log retention.
How long we keep it
Account, session, ownership, and feedback-index data — retained indefinitely unless you ask us to delete it.
Invitation tokens — expire automatically after 24 hours. Used tokens cannot be reused.
Pipeline run artifacts — retained per your project's configuration (typically the most recent 7 daily runs and the most recent 4 weekly runs; older runs are removed automatically).
Conversation history, feedback tickets, uploaded files, generated digests — retained for the life of your project unless you ask us to delete it.
Vendor-side retention — Anthropic, Resend, and other vendors apply their own retention policies to the data they see. We do not control those.
What you can do today
The platform is early; not every user control is automated yet. Today you can:
Read your own intelligence digests via the project pages.
Submit feedback through the feedback button in the application; I review every ticket personally.
Request that your account and associated data be deleted by submitting a feedback ticket asking for deletion. I will manually remove your records and confirm.
Request a copy of the data we have stored on you by submitting a feedback ticket; we will export and send it manually.
Self-service account deletion and self-service data export are planned for a future release. We will tell you when those land.
A note on intelligence output
Intelligence digests and chat-agent responses are generated by large language models. Their output is non-deterministic and may vary run to run, even with the same inputs. The system can produce inaccurate or incomplete content. Treat the output as informational, not as advice; we describe the limits of liability in the terms of use.
Changes to this disclosure
We will update this page as the platform evolves. Significant changes (a new vendor, a new data type, a change in operator access) will trigger a re-acknowledgment request the next time you log in. Less significant changes (clarifications, wording) will be noted by the "Last updated" date at the top of the page without re-prompting.
Questions or requests
Use the feedback button in the application. I read every ticket personally and will respond to data-related requests.