Insight O' Mate
Get the app

Privacy model

This page is the single most important one in the docs. Read it in full — it takes three minutes.

The one-sentence version

The NLP engine sees your prompt and your field names. It never sees your rows, your connection string, or your credentials.

What leaves your machine

Every time you run a prompt, the desktop client sends one HTTPS request to the NLP engine:

POST /analyze
{
  "prompt": "show me users who signed up last week",
  "schema": {
    "users": { "_id": "ObjectId", "email": "string", "createdAt": "Date" },
    "orders": { "_id": "ObjectId", "userId": "ObjectId", "total": "number" }
  },
  "dialect": "mongodb",
  "mongo_version": "7.0"
}

That's the whole payload. You can intercept it yourself:

  1. Run the app with IOM_LOG_ENGINE_REQUESTS=1 in the env.
  2. Every request is logged to ~/.insight-o-mate/engine.log.
  3. The file is plain JSON — diff it against your expectations.

What never leaves

  • Documents. Field values. The contents of any row.
  • Your MongoDB connection string. The app never transmits it.
  • Your API key is sent only in the Authorization header to the NLP engine — not to any other service.
  • Your database name — only collection names and field paths are sent. If the collection is named users_pii_do_not_upload, that name does go out; rename it if that's a concern.

Where the NLP engine runs

Two options:

Hosted (default)

We run it in Fly.io's Frankfurt region, behind Cloudflare. The service is stateless — every request is handled by a worker that reads the prompt, produces a query, and forgets both. There is no database of prompts, no logging of inputs, no training feedback loop.

Our infra team has kubectl exec access for incident response; that's it. If you want cryptographic guarantees, use the self-hosted option.

Self-hosted

Enterprise and Team plans get a signed container build of the engine. Run it in your own VPC; point the desktop app at your private URL. The wire protocol is identical.

docker run -d \
  --name iom-engine \
  -p 8080:8080 \
  -e IOM_LICENSE_KEY=$IOM_LICENSE_KEY \
  ghcr.io/insight-o-mate/engine:latest

See the API reference for the exact request / response shapes you'd wire up.

How to verify us

You don't have to trust this page.

  1. Inspect the binary. The desktop client is open source on GitHub under Apache-2.0.
  2. Proxy the traffic. Set HTTPS_PROXY to mitmproxy and confirm the payloads match the schema above.
  3. Block the engine. With the engine domain firewalled, every prompt fails — proving the query generation happens remotely and nothing is being smuggled elsewhere.

Compliance

  • GDPR. The NLP engine is a processor under Art. 28. A DPA is included automatically with Pro and Team plans; reply to the purchase confirmation email for the countersigned PDF.
  • HIPAA / SOC 2. Use the self-hosted engine. The hosted tier is not BAA-eligible.