Privacy Policy
Privacy Policy
Last updated June 11, 2026
MortarIQ is an AI data readiness scanner operated by Intellibricks Inc. We connect to your warehouse with read-only access and only ever read schema metadata, never your actual data. This policy explains what we collect, how we use it, and who we share it with.
Who is responsible for your data
MortarIQ is operated by Intellibricks Inc., established in Ontario, Canada. For your account data and product analytics, we are the controller (the business deciding how that data is used). For the warehouse metadata you connect, your organization is the controller and we process it on your behalf under our Data Processing Addendum.
This policy is written to meet the expectations of Canada's PIPEDA, the EU/UK GDPR, and the CCPA. We are not directed at children, and the service is not for anyone under 18.
What we collect
Account information
When you sign up, our authentication provider (Clerk) collects your name, email address, and organization. We use this to create your workspace and sign you in.
Warehouse metadata
When you connect a data warehouse, we read schema metadata only: INFORMATION_SCHEMA tables, columns and constraints, descriptions and comments, policy tags and classification labels, partitioning configuration, and modification timestamps. We never run SELECT against your tables and never see your row-level data, query results, or actual values.
Assessment results
The readiness scores, factor breakdowns, requirement results, and recommendations we generate from your metadata. These are stored so you can view history and track changes over time.
Warehouse credentials
If you save a connection for scheduled scans, the credentials you provide are encrypted before storage (see How we protect it). If you do not save a connection, credentials are used only for that single assessment and are never written to disk.
Payment information
Handled entirely by Stripe. We never see or store your full card details. We keep only a Stripe customer reference and your subscription status.
Usage analytics and errors
We use PostHog to understand product usage (pages visited, features used) and Sentry to capture application errors. Error reports are scrubbed of credentials and secrets before they leave the application. This is product telemetry, not your warehouse data.
How we use it and on what basis
We use the information above to provide the service: to run assessments, generate and store your readiness reports, manage your subscription, support you, and improve the product. Where the GDPR applies, our legal bases are performance of the contract (running the service you signed up for), our legitimate interests (securing and improving the product), and consent where the law requires it.
We do not sell your data. Your metadata, assessment results, and credentials are never used to train AI models, generate cross-customer benchmarks, or improve the product for other customers.
Who we share it with (subprocessors)
We rely on a small set of vetted service providers. Each processes only what it needs:
Anthropic
Generates the readiness narrative and recommendations. We send assessment results: scores, requirement outcomes, and the metadata-derived diagnostics they cite, which can include database, schema, table, and column names. That specificity is what makes recommendations actionable. We never send your data values and never your credentials. Anthropic does not train on API inputs and retains them only briefly for abuse monitoring.
Supabase
Database and storage for your account, assessment results, and encrypted connections.
Clerk
Authentication and organization management.
Stripe
Subscription billing and payment processing.
Railway
Application hosting.
Sentry
Error monitoring. Reports are scrubbed of credentials and request bodies before sending.
PostHog
Product analytics.
Resend
Transactional and digest email delivery.
How we protect it
Encryption
Saved warehouse credentials are encrypted at rest with AES-256-GCM, and the encryption key is managed outside the database, so a database compromise alone cannot reveal them. Credentials are never logged or exposed to our team. All connections use TLS.
Tenant isolation
Every query for your data is scoped to your organization through a single, tested set of access functions. Automated tests fail the build if any of them stops enforcing that scope.
Least privilege
We request only metadata-reading permissions on your warehouse, and the read-only SQL we run is published at /security/queries.
Data retention and your rights
Assessment history is retained according to your plan (Free: latest only; Pro: 30 days; Team: 365 days; Enterprise: unlimited). You can delete a saved connection at any time from Settings. Credentials are permanently removed, not soft-deleted. When you delete your account, we delete your data within 30 days, with residual copies in encrypted backups purged on the backup provider's rotation schedule.
Depending on your location (including under PIPEDA, the EU/UK GDPR, and the CCPA), you may have the right to access, correct, export, or delete your personal data, and to complain to your data-protection authority. To exercise any of these rights, or to request deletion of your account and associated data, email support@intellibricks.app. We respond within the timelines the applicable law requires.
Cookies
The only cookies we set are strictly necessary authentication cookies (set by Clerk). Our product analytics (PostHog) runs cookieless, holding its state in memory only, so it sets no cookies and writes nothing to your browser's storage. We do not use advertising cookies.
International transfers
Our subprocessors may process data in the United States and other countries. Where required, transfers of personal data out of the EEA/UK rely on appropriate safeguards such as the Standard Contractual Clauses. Our Data Processing Addendum is available at /dpa.
Changes
We will update this page when our practices change and revise the last-updated date. Material changes affecting how we handle personal data will be communicated to account owners.
Questions?
Email support@intellibricks.app. See also our security practices.