Invook ("Invook", "we", "our", "us") provides AI agents that help users automate recurring work across business apps, documents, inboxes, and knowledge sources ("Services").
We are committed to protecting your privacy and handling your data transparently and securely.
This Privacy Policy explains how we collect, use, store, share, and protect personal data in compliance with:
- India's Digital Personal Data Protection Act, 2023 (DPDP Act)
- EU General Data Protection Regulation (GDPR)
- UK GDPR
- California Consumer Privacy Act (CCPA/CPRA)
- Other applicable international data protection laws
1. Scope
This Privacy Policy applies to:
- Visitors to our website
- Users of Invook (free and paid plans)
- Workspace members and collaborators
- Clients invited into shared spaces
2. Information We Collect
2.1 Information You Provide
- Name
- Email address
- Organization name
- Profile information
- Billing information (processed via third-party payment providers)
- Content uploaded to Invook:
- Documents, links, and other files
- Prompts and agent instructions
- Agent outputs and task history
- App connection metadata and workflow context
2.2 Automatically Collected Information
- IP address
- Device type
- Browser information
- Usage analytics
- Log data
- Error diagnostics
2.3 Agent Workflow Data
When you use AI agents in Invook, we may process:
- Prompts and task instructions
- Input files and connected app context you authorize
- Generated drafts, summaries, and workflow outputs
- Metadata related to agent execution
These are stored within your workspace unless otherwise specified.
3. How We Use Your Information
We use your data to:
- Provide and maintain the Services
- Authenticate users
- Run authorized AI agent workflows
- Store and retrieve workflow outputs
- Improve product performance
- Provide customer support
- Comply with legal obligations
- Prevent fraud or misuse
We do not sell personal data.
4. AI Model Processing
Invook integrates third-party AI infrastructure providers.
Your inputs may be processed by the following subprocessors strictly to provide the Services:
AI & Infrastructure Subprocessors
- Amazon Web Services (AWS) – Core cloud infrastructure
- AWS Bedrock – Claude model inference
- AWS S3 – File and object storage
- Analytics providers – Product analytics and website measurement
- Payment providers – Billing and subscription processing
These subprocessors process data only as necessary to provide functionality.
We require all subprocessors to maintain appropriate security and confidentiality standards.
5. Data Storage & Security
Invook implements technical and organizational safeguards, including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted cloud storage
- Access controls and role-based permissions
- Secure authentication systems
- Infrastructure hosted on reputable cloud providers
We take reasonable steps to protect your information, but no system is 100% secure.
6. Data Ownership
You retain ownership of:
- Files you upload
- Prompts you submit
- Agent outputs generated within your workspace
Invook does not claim ownership over user content.
Unless explicitly stated:
- We do not use your private workspace data to train third-party AI models.
- Your content is processed only to provide the Services.
7. Data Retention
We retain personal data:
- As long as your account remains active
- As necessary to provide Services
- As required by law
- For legitimate business purposes (e.g., security, fraud prevention)
You may request deletion of your account and associated data.
8. International Data Transfers
Invook operates globally.
Your data may be processed in:
- India
- United States
- Other countries where our subprocessors operate
Where required, we implement:
- Standard Contractual Clauses (SCCs)
- Lawful transfer mechanisms under GDPR
- Safeguards under India's DPDP Act
9. Your Rights
Depending on your jurisdiction, you may have the right to:
Under GDPR / UK GDPR:
- Access your data
- Correct inaccurate data
- Delete your data
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
Under India DPDP Act:
- Right to access information about processing
- Right to correction and erasure
- Right to grievance redressal
- Right to nominate a representative
Under CCPA/CPRA:
- Know what personal data is collected
- Request deletion
- Opt out of sale/sharing
- Non-discrimination for exercising rights
To exercise rights, contact: support@thinkingsoundlab.com
10. Children's Privacy
Invook is not intended for individuals under 18.
We do not knowingly collect personal data from minors.
11. Cookies & Analytics
We may use cookies and similar technologies to:
- Maintain sessions
- Improve user experience
- Analyze usage patterns
- Secure the platform
You may control cookies through browser settings.
12. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated via:
- Email notification
- Website notice
- Platform notification
13. Contact Information
For privacy-related inquiries:
Invook
Email: support@thinkingsoundlab.com
Address: Ashok Vihar Colony, Bypass Road, Gaya, Bihar, 823001
14. Data Protection Officer / Grievance Officer (India)
In compliance with India's DPDP Act:
Grievance Officer:
Email: support@thinkingsoundlab.com
Response Timeline: As required under applicable law
15. Legal Basis for Processing (GDPR)
We process data under the following lawful bases:
- Contract performance
- Legitimate interest
- Consent
- Legal obligation
16. Technical Stack Disclosure (Transparency)
Invook is built using:
Frontend:
- Next.js
- React
- TypeScript
- Tailwind CSS
Backend & Infrastructure:
- AWS
- AWS Bedrock
- AWS ECS
- AWS Application Load Balancer
- AWS S3
Operations & Measurement:
- PostHog
- Vercel Analytics
- GitHub
These technologies do not independently collect personal data beyond what is necessary to operate the Services.