Privacy Policy

Effective Date: November 26, 2025

1. Overview

ISONQ LLC ("ISONQ," "we," "our," or "us") provides a local-first semantic search application designed for professionals and healthcare organizations. This Privacy Policy describes how we handle information when you use our software and services.

2. Local-First Architecture

ISONQ is designed as a local-first application. Your files, emails, messages, and search queries are processed and stored entirely on your device. Our servers are not involved in storing, transmitting, or processing your content.

3. Data Processing

4. Microsoft 365 Integration

ISONQ connects to Microsoft 365 using OAuth 2.0 with delegated permissions. The access token is generated on your device and used exclusively by your local application. ISONQ servers never receive, store, or transmit this token.

Permissions Requested

• Mail.Read — Read your email messages
• Chat.Read — Read your Teams messages
• Files.Read — Read OneDrive files (optional)
• User.Read — Basic profile information

Revoke permissions anytime at myaccount.microsoft.com/permissions.

5. Data We Collect

For license validation and product improvement:

• License key and hardware identifier
• Application version
• Anonymous usage statistics (opt-out available)

We do not collect file contents, email contents, search queries, or Microsoft credentials.

6. HIPAA Compliance

• Local processing: PHI never transmitted to ISONQ servers
• PHI sanitization: Auto-redaction before AI transmission
• Audit logging: Local logs for compliance reporting
• Encryption: ChaCha20-Poly1305 (256-bit) at rest

BAAs available for Pro tier. Contact [email protected].

7. Security

• Encryption at rest: ChaCha20-Poly1305 (256-bit)
• Encryption in transit: TLS 1.3
• No cloud backup: Index never uploaded

8. Your Rights