Privacy Policy

Effective 2026-05-25 · Last reviewed 2026-05-25

This policy describes how Isovel, Inc. (“Isovel,” “we,” “us”) handles information when you visit getisovel.com, join our waitlist, communicate with us, or use the Isovel product in trial or paid form.

We try to write this the way you’d want to read it. The short version is at the top. The full detail follows.

The short version

  • We collect what we need to run the waitlist, talk to you about Isovel, and operate the product. We don’t sell your personal information.
  • Your Business Central tenant is your system of record. Isovel reads a copy of the data you authorize into our analytics environment, computes forecasts and recommendations, and writes approved changes back into Business Central. To the extent that data includes personal information, we handle it only on your instructions as your service provider / processor — you remain in control of it.
  • We don’t use one customer’s data to train models that benefit another customer.
  • We use a small, vetted set of sub-processors (Google Cloud for hosting, PostHog for product analytics, an email provider for transactional mail). We list them and update the list when it changes.
  • Trial customers can ask us to delete their data at any time. Paid customers can export their data and request deletion under their Subscription Agreement. Our processing of personal data is governed by our Data Processing Addendum.
  • Isovel is offered to customers in the United States and Canada. It is not directed to the EEA, the UK, or Switzerland, and we don’t offer EU data residency.
  • For privacy questions or requests, email support@getisovel.com.

Who we are

Isovel, Inc. is a Delaware corporation. Our product is an agentic AI supply chain planning co-pilot for Microsoft Dynamics 365 Business Central. The marketing site is getisovel.com; the trial signup runs there.

If we ever change controllers (acquisition, restructure), we’ll update this page and notify customers under contract.

Our role and how the data flows

Business Central is your system of record. When you connect Isovel, you authorize us to read a copy of specified Business Central data into our analytics environment, where we forecast demand and generate replenishment and inventory recommendations. With your approval, Isovel writes those approved changes back into Business Central. A human on your side approves write-backs; Isovel does not make final, unsupervised changes to your records.

For the personal information that may be contained in that data (for example, contact names or emails inside vendor or customer records), you are the controller and Isovel acts as your processor / service provider, handling it only on your documented instructions and not for our own independent purposes. The customer that operates the Business Central tenant — not Microsoft — is the controller of that data; Microsoft and Isovel are each service providers acting under your authorization. Most of the operational data we process (items, locations, inventory levels, sales history, purchase orders) is business data rather than personal information.

What we collect

From visitors to getisovel.com:

  • Basic device and request data (IP, user agent, referrer, pages viewed) — standard web-server logs.
  • Product analytics events from PostHog (page views, clicks, scroll depth). Aggregated and pseudonymous unless you’ve identified yourself by signing up. We do not use session recording or replay.
  • A small number of first-party cookies set by us or our sub-processors. We don’t run advertising trackers.

From waitlist members and early-access signups:

  • Name, work email, company, role.
  • Optional profiling fields (BC version, SKU count, integrations) you give us during progressive profiling.
  • Any messages you send us.

From trial and paid customers:

  • Authentication identifiers (Microsoft Entra account ID via WorkOS at GA).
  • BC tenant identifiers and OAuth tokens issued by Microsoft.
  • BC data we pull under your authorization — items, locations, sales history, purchase orders, vendor records, and related planning data needed to forecast and recommend.
  • Product telemetry (which screens you visit, which recommendations you approve or roll back) so we can improve the product.

We do not collect:

  • Payment card data directly. When billing turns on, a PCI-compliant processor handles cards; we receive only a token and last-four digits.
  • Sensitive categories of personal data (health, biometrics, government IDs). Isovel is not designed to process them and you shouldn’t load them into the product.

How we use it

  • Run the product. Forecast demand, recommend replenishment, write back to BC under your approval. The agent reads your BC data; that’s the job. A human on your side approves write-backs.
  • Talk to you about Isovel. Confirm your waitlist signup, send onboarding emails, answer support requests, share product updates. You can unsubscribe from non-transactional mail at any time.
  • Operate and improve the service. Diagnose bugs, monitor performance, prevent abuse, plan capacity.
  • Improve our models, within strict limits. We commit to all three of the following: (1) we do not train models that benefit one customer using another customer’s data; (2) each customer’s data, and any models specific to that customer, are kept isolated to that customer; and (3) we may use aggregated and de-identified data — statistics that cannot reasonably be traced back to you or any individual — to improve our forecasting and decision logic.
  • Meet legal obligations. Tax records, security incident response, lawful requests.

We do not sell personal information. We do not share BC data with third parties for their own marketing or analytics.

Sub-processors

Today’s working list of sub-processors that touch personal data or customer data:

  • Google Cloud Platform — hosting (Cloud Run, Cloud SQL, Cloud Storage); us-central1 region.
  • PostHog — product analytics on the marketing site and product app.
  • WorkOS — identity and SSO at GA (Microsoft Entra SSO for BC buyers).
  • Resend or Postmark — transactional email (waitlist confirmations, product notifications). We will confirm the chosen provider on this page before GA.
  • Microsoft Dynamics 365 Business Central — your ERP and system of record. Isovel is a connector to it under your authorization.

When the list changes, we update this page. Paid customers under a Subscription Agreement get advance notice for material sub-processor changes, as described in our Data Processing Addendum.

Data location

Production data lives in Google Cloud’s us-central1 region (Iowa, USA). Backups stay in US regions. We do not currently offer EU data residency, and the product is not offered in the EEA, UK, or Switzerland.

How long we keep it

  • Web-server and analytics logs: up to 12 months.
  • Waitlist records: until you ask us to delete them, or three years after your last interaction with us, whichever is sooner.
  • Trial customer data: during the trial and for 30 days after trial end, unless you ask us to delete it sooner.
  • Paid customer data: during the contract term and for 30 days after termination, after which we delete it from production systems. Residual copies in encrypted backups are purged on our normal backup cycle, within 90 days.
  • Records we must keep: invoices, tax records, and security logs we are legally required to retain.

Your choices and rights

You can:

  • Ask what personal information we hold about you.
  • Ask us to correct or delete it.
  • Ask us to stop sending you marketing email (one-click unsubscribe in every message).
  • Object to certain processing, or ask us to limit it.
  • Lodge a complaint with a regulator.

We respond to verifiable requests within the time the applicable law allows. For most requests this is within 30 to 45 days; where the law permits an extension (for example, under the CCPA, up to a further 45 days for complex requests), we may take that additional time and will tell you if we do.

California residents have additional rights under the CCPA (right to know, delete, correct, limit; right not to be discriminated against for exercising rights). We do not sell or share personal information for cross-context behavioral advertising. The CCPA applies to businesses that meet its thresholds; we extend these rights regardless.

Canadian residents — we handle personal information consistent with PIPEDA. You may request access to, or correction of, your personal information, and may direct questions to our privacy contact below.

EEA, UK, and Switzerland — Isovel is offered to customers in the United States and Canada and is not directed to the EEA, the UK, or Switzerland. We do not knowingly solicit waitlist signups from these regions. If you reach us from one of them, contact support@getisovel.com and we will handle your request individually, including deletion on request.

To exercise any right, email support@getisovel.com from the address we have on file, or from a verifiable contact for your company.

Cookies

We set a small number of first-party cookies for session continuity and product analytics (PostHog). We don’t run advertising trackers, we don’t sell behavioral data, and we don’t use session recording or replay. You can control or clear cookies at any time through your browser settings, and a cookie preferences control will ship before GA.

Security

We describe our security posture, sub-processors, and incident response on the security page. The short version: TLS in transit, encryption at rest, least-privilege OAuth scopes for BC, audit log, 30-day read-only shadow trial, 24-hour rollback on every write-back, SOC 2 Type 1 in progress for GA.

Children

Isovel is a B2B product for supply chain professionals. We don’t direct it to anyone under 16 and we don’t knowingly collect data from children. If you believe we have, email support@getisovel.com and we’ll delete it.

Changes to this policy

We’ll update this page when our practices change. Material changes get a notice on the site and, for customers under contract, an email. The “Last reviewed” date at the top is the current version. Old versions are available on request.

Contact

Privacy questions and requests: support@getisovel.com General contact: support@getisovel.com Postal address: set out in our Terms, and available on request to support@getisovel.com.

If we don’t respond within the applicable legal timeframe, escalate to support@getisovel.com.