Privacy Policy

Intrn ("we," "our," or "us") is an AI-powered cold outreach platform designed for finance students pursuing internships at investment banks, private equity firms, venture capital firms, and boutique consulting firms. This Privacy Policy describes how we collect, use, store, and protect your information when you use our platform at intrn.app (the "Service").

By using Intrn, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use the Service.

We collect the following categories of information:

Profile Information

When you create an account and complete onboarding, we collect your name, email address, school, graduation year, GPA (optional), major, relevant coursework, work experience, target roles, geographic preferences, and personal connection details such as hometown, fraternity or sorority affiliation, clubs, languages, sports, study abroad programs, and certifications. This information is used to personalize outreach emails on your behalf.

Resume Data

If you upload a resume, we parse and store the extracted text to improve the quality and relevance of your outreach emails. We do not share your resume with other users or third parties.

Email Account Credentials

When you connect your .edu email account (via Google OAuth or Microsoft OAuth) or personal Gmail account (via Google OAuth), we store encrypted OAuth tokens (access and refresh tokens) to maintain the email connection and send emails on your behalf. All credentials are encrypted with AES-256-GCM at rest in our database. We never store your email password directly.

Voice and Writing Samples

During onboarding, you may provide a writing sample so our AI can match your natural tone and voice in drafted emails.

Usage Data

We collect information about how you use the Service, including search runs created, emails drafted and approved, send timestamps, and recipient email addresses. This data is used to enforce rate limits, prevent contact pool exhaustion across the platform, and improve the Service.

We use your information to:

• Discover relevant contacts at finance firms matching your target preferences
• Research contacts and firms to generate hyper-personalized outreach emails
• Draft outreach emails using AI, which you review and approve before any email is sent
• Send approved emails from your own connected email account on your behalf
• Enforce daily send rate limits and contact health rules to protect deliverability and prevent contact fatigue
• Log sent emails (recipient, timestamp, sender type) for rate limiting and platform-wide contact health
• Manage your account, process payments, and provide customer support

We do not use your information for advertising purposes. We do not sell your personal data to any third party.

This section describes how Intrn accesses, uses, stores, and shares information obtained from Google APIs. This section applies to users who connect their Google account (Gmail or Google Workspace .edu account) to the Service.

What We Access

• gmail.send scope: We request the gmail.send permission solely to send emails from your account on your behalf. Every email is drafted by AI, reviewed and explicitly approved by you before it is sent.
• userinfo.email and userinfo.profile: We request basic profile information to identify your account and display your email address within the Service.

What We Do NOT Access

We do not read, scan, analyze, or access your inbox, email messages, contacts, calendar, attachments, or any other Gmail data beyond what is strictly required to send emails on your behalf. We have no capability to read your incoming mail.

How Google Data Is Stored

OAuth tokens (access token and refresh token) are encrypted using AES-256-GCM before being stored in our database hosted on Supabase (Postgres). Encryption keys are stored separately from the database and are never exposed to client-side code. All credential handling occurs server-side only — our AI agents and client-side code never have access to raw tokens.

Data Retention

Your Google OAuth tokens are stored for as long as your email account remains connected to Intrn. When you disconnect your Google account through the dashboard, we immediately delete the associated OAuth tokens from our database. If you delete your Intrn account entirely, all stored Google data is permanently deleted.

Data Sharing

We do not share, sell, lease, rent, or transfer your Google user data to any third party for any purpose. Your Google user data is used exclusively to send emails on your behalf through the Intrn platform.

Google API Services Compliance

Intrn's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This section describes how Intrn accesses, uses, stores, and shares information obtained from Microsoft APIs. This section applies to users who connect their Microsoft 365 account (including .edu accounts provisioned through Microsoft 365 Education) to the Service.

What We Access

• Mail.Send scope: We request the Mail.Send permission solely to send emails from your Microsoft 365 account on your behalf. Every email is drafted by AI, reviewed and explicitly approved by you before it is sent.
• User.Read scope: We request basic profile information to identify your account and display your email address within the Service.

What We Do NOT Access

We do not read, scan, analyze, or access your inbox, email messages, contacts, calendar, attachments, or any other Outlook or Microsoft 365 data beyond what is strictly required to send emails on your behalf. We have no capability to read your incoming mail.

How Microsoft Data Is Stored

OAuth tokens (access token and refresh token) are encrypted using AES-256-GCM before being stored in our database. The same security protections described in the Google User Data section above apply to Microsoft tokens. All credential handling occurs server-side only.

Data Retention

Your Microsoft OAuth tokens are stored for as long as your email account remains connected to Intrn. When you disconnect your Microsoft account through the dashboard, we immediately delete the associated OAuth tokens from our database. If you delete your Intrn account entirely, all stored Microsoft data is permanently deleted.

Data Sharing

We do not share, sell, lease, rent, or transfer your Microsoft user data to any third party for any purpose. Your Microsoft user data is used exclusively to send emails on your behalf through the Intrn platform.

We take the security of your data seriously and implement the following measures:

• Encryption at rest: All email credentials (OAuth tokens) are encrypted using AES-256-GCM before being stored in our database. Encryption keys are managed separately and are never exposed to client-side code.
• Server-side credential handling: AI agents and client-side code never receive raw credentials. All email sending is performed through a server-side proxy pattern.
• Authentication: User authentication is handled by Clerk, an enterprise-grade authentication provider. All dashboard routes require authentication.
• Input validation: All API inputs are validated using Zod schemas to prevent injection and malformed data.
• Rate limiting: Send rate limits are enforced server-side to protect email deliverability and prevent abuse.

Disconnecting Email Accounts

You can disconnect your Google or Microsoft email account at any time from your Intrn dashboard. When you disconnect, we immediately delete the stored OAuth tokens for that account. Previously sent email logs (recipient, timestamp, sender type) are retained for platform-wide contact health purposes but are not linked to your credentials.

Deleting Your Account

You may request complete deletion of your Intrn account and all associated data by contacting us at privacy@intrn.app. Upon receiving your request, we will permanently delete:

• Your profile information and resume data
• All stored OAuth tokens and email credentials
• Draft emails and search run history
• Writing samples and voice preferences

Deletion requests are processed within 30 days. Anonymized, aggregated data that cannot be used to identify you (such as platform-wide contact send counts) may be retained for service operation.

Revoking Google Access

In addition to disconnecting within Intrn, you can revoke Intrn's access to your Google account at any time by visiting your Google Account Permissions page and removing Intrn from the list of connected apps.

Revoking Microsoft Access

You can revoke Intrn's access to your Microsoft account at any time by visiting your Microsoft Account App Permissions page and removing Intrn from the list of connected apps.

We use the following third-party services to operate the platform. Each service has its own privacy policy governing its handling of data:

• Clerk — Authentication and user management. Privacy Policy
• Supabase — Database hosting (Postgres). Privacy Policy
• Upstash — Serverless Redis caching. Privacy Policy
• Stripe — Payment processing. We do not store your credit card information; it is handled entirely by Stripe. Privacy Policy
• Vercel — Application hosting. Privacy Policy
• AI Providers (Anthropic, OpenAI, DeepSeek) — Used for email drafting, contact research, and classification. We send profile information and contact research data to these providers to generate personalized email drafts. We do not send your email credentials, OAuth tokens, or inbox data to AI providers. Each provider has its own data handling policies.

Intrn is designed for college and university students. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us at privacy@intrn.app and we will promptly delete the information.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. If we make material changes to how we handle your data, we will notify you via the email address associated with your account. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, your data, or your rights, please contact us:

• Email: privacy@intrn.app
• General inquiries: hello@intrn.app