Loading...
We use PostHog to understand how Insight is used and improve the experience. This involves anonymous usage data only — your listening history and personal data are never shared with analytics services. You can change this anytime in Settings.
Built for trust, not just compliance
Insight is built on Supabase — an open-source platform with SOC2-compliant infrastructure. Every component of our data layer is transparent and auditable, from authentication to storage.
Every personal data table enforces Row-Level Security (RLS). This means the database itself guarantees that you can only access your own data — it's not just application logic, it's a fundamental architectural safeguard.
All communication between your browser and our servers uses HTTPS/TLS encryption. Your data is protected in transit at every step.
When you connect Spotify, we request only read-only permissions by default. Write permissions (like saving a track) are requested incrementally — only when you explicitly initiate that action.
Sensitive operations like token management happen server-side. Access tokens are stored in secure httpOnly cookies and are never exposed to client-side code.
Our entire technology stack — Next.js, Supabase, Radix UI — is open-source and community-backed. No black boxes, no proprietary data pipelines.
Last updated: 2026-02-15