LEGAL

GDPR

Effective May 1, 2026 | How ins-pi handles customer and personal data — by design, by default, and by contract.

Architectural principle: customer enterprise data never leaves the customer's ServiceNow instance. ins-pi GmbH and ins-pi Inc. — independent companies under the shared ins-pi brand — both operate to this standard.

Where ins-pi delivers Applications through an OEM arrangement, data protection responsibilities are governed by the applicable OEM agreement and its associated DPA.

1. Architecture boundary: where data lives

The YouDesign Transformation Suite is delivered as ServiceNow Store certified plugins that run entirely inside the customer's ServiceNow instance, within the platform's security perimeter. Neither ins-pi company operates servers that receive, store, or process customer data in connection with the Applications.

  • No telemetry. No usage analytics, no tracking pixels, no phone-home mechanism.
  • No standing access. ins-pi personnel have no access to a customer's instance unless the customer explicitly grants it for a defined support or consulting engagement.
  • No sub-processors for the Applications — no customer data reaches ins-pi in the first place.

On this basis, neither ins-pi company is a controller or processor for personal data inside a customer's ServiceNow instance under normal operating conditions. The customer is the controller; the ServiceNow platform contract governs the hosting relationship.

Both ins-pi companies operate an Information Security Management System (ISMS) aligned with ISO/IEC 27001.

2. Tier 1 vs Tier 2 Applications

TIER 1 · ZERO EXTERNAL FOOTPRINT TIER 2 · OPTIONAL AI

No external APIs. No AI. No data leaves the instance. All processing inherits the ServiceNow platform's encryption, RBAC, and audit controls.

 Tier 1 baseline plus optional AI features. When the customer enables AI, they select and contract with the AI provider directly. Built-in data masking runs locally in the customer's instance before any transmission. ins-pi is neither a relay nor a sub-processor for the AI data flow.

PRODUCTS:

  • YouDesign Freelucy
  • YouDesign Blueprints
  • YouDesign Processes
  • Designer

PRODUCTS:

  • YouDesign Models
  • YouDesign Command

 

 

 

3. DPA & rights

Where an ins-pi company acts as a processor — typically a support engagement that grants access to personal data — the relationship is governed by the applicable Software License Agreement and a supplementary DPA incorporating the EU Commission's Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum. The current version of ins-pi's DPA may be requested by sending an e-mail to: legal@ins-pi.com.

Data-subject rights (access, rectification, erasure, restriction, portability, objection, complaint to a supervisory authority) are set out in full in the Privacy Statement. Privacy mailbox — routed to the correct controller: privacy@ins-pi.com.