Privacy & Security Notice

Last updated: April 2026

1. Important Role Distinctions

eSapiens operates in dual privacy roles:

Service Provider / Processor Role: When enterprise customers upload files or connect databases, eSapiens generally processes that customer's data on the customer's behalf and under the customer's instructions. Organizations control workspace settings, retention, and permissions. Privacy requests should go to the organization first.

Business / Controller Role: For website analytics, billing, support, and security operations, eSapiens acts as the data controller.

2. Categories of Information Collected

The company collects:

• Identity and account information (name, email, company, title)
• Commercial and transaction data (subscriptions, billing, invoices)
• Authentication and security data (login events, API keys, IP addresses)
• Customer Content (prompts, files, documents, chat messages)
• Knowledge-base artifacts (embeddings, vector indexes)
• Database connection metadata (schema info, connection settings)
• Usage telemetry (feature usage, performance logs)
• Third-party integration data
• Feedback and communications

We do not ask users to submit sensitive personal information unless reasonably necessary for the Services.

3. How We Collect Information

Information comes from:

• Direct user submission
• Organization administrators
• Device and browser activity
• Connected databases and third-party systems
• Service vendors
• Public sources for verification and fraud prevention

4. Product-Specific Data Handling

Derek (Knowledge Intelligence): Converts documents into searchable resources through parsing, text extraction, embeddings, and vector indexing while maintaining customer-specific content ownership.

Thor (Data Intelligence): Enables natural-language database interaction through read-only access. Thor does not use non-public customer database content to train a generalized model made available to unrelated customers unless expressly authorized.

ThunderScan: Analyzes database health using schema metadata and aggregate statistics rather than row-level records.

Airbridge / MCP / APIs: Process integration configuration, authentication data, and operational logs.

5. How We Use Information

Usage includes:

• Providing and administering Services
• Processing requests and database queries
• Security and fraud prevention
• Troubleshooting and improvement
• Analytics and diagnostics
• Customer communications
• Legal compliance

We do not use non-public Customer Content from enterprise workspaces to train a generalized model made available to unrelated customers without separate agreement.

6. How We Disclose Information

Disclosures occur to:

• Service providers and subprocessors
• Customer organizations and administrators
• Connected third-party systems (at user direction)
• Courts, regulators, law enforcement when required
• In merger / acquisition contexts
• With user consent

We do not sell Customer Content for monetary consideration, and we do not share Customer Content for third-party cross-context behavioral advertising.

7. Cookies, Logs, and Do Not Track

We use cookies, pixels, and log files for operation, security, preferences, and fraud detection. Some technologies are necessary for the Services to function. Others may be used for analytics, security, or user-experience improvement. Browser-level controls are available.

8. Data Retention and Deletion

Retention depends on data type, product, customer settings, and legal requirements. Customer Content persists until deleted or subscription ends, though backup copies may remain temporarily for disaster recovery and compliance purposes.

9. Security

eSapiens maintains administrative, technical, and physical safeguards including encryption, access controls, multi-factor authentication, network segmentation, and audit logging. No system is perfectly secure, uninterrupted, or error-free.

10. U.S. State Privacy Rights

Individuals may have rights to access, correct, delete, or port personal information under state privacy laws. Requests should be directed to sage@esapiens.ai with subject line "Privacy Request." These rights generally do not apply to Customer Content processed solely on behalf of an enterprise customer.

11. Children's Privacy

Services are not directed at children under 13. We do not knowingly collect personal information online from children under 13.

12. Third-Party Services

eSapiens is not responsible for the privacy, security, content, or practices of linked third-party services.

13. Changes to This Notice

Updates will be posted with revised dates. Continued use after updates constitutes acceptance.

14. Contact Us

Silicon Sapiens LLC
808 Travis Street, Suite 1606
Houston, Texas 77002, USA

Email: sage@esapiens.ai