Privacy Policy

Engramly, LLC, 131 Continental Dr, Suite 305, Newark, DE 19713, United States, is the data controller for personal information collected through engramly.net and Engramly Parse. For privacy questions write to privacy@engramly.net.

Account information

Email address and a salted hash of your password (if you set one). We do not store passwords in plaintext.

Payment information

Card data is collected and stored by Stripe, our payment processor. We never see or store full card numbers. We receive a token, the brand and last four digits, the country, and the billing email.

Usage logs

API request timestamps, page counts, response status codes, source IP address (truncated where the law requires), user-agent string, and the API key identifier used. Retained up to 24 months for fraud prevention and billing reconciliation.

Uploaded documents

PDFs and other files you upload to the API or the playground. Documents are processed in memory and on transient compute, and deleted from our systems within minutes of the response being returned. We do not back them up, archive them, or retain copies for training.

Communications

If you email us we keep the message and our reply so we can follow up.

Cookies

Essential session and CSRF-protection cookies only. We do not currently run third-party analytics, advertising pixels, or cross-site trackers. If that changes we will update this policy and display a consent banner before any non-essential cookie is set.

• To provide the Service: authenticate API requests, parse documents, return outputs.
• To bill correctly: count pages, send invoices, process refunds.
• To prevent abuse: detect credential stuffing, throttle traffic, investigate suspected misuse.
• To communicate with you about your account and material changes to the Service.
• To comply with legal obligations such as tax records and lawful requests from authorities.

Under EU/UK GDPR, our legal bases are (a) performance of a contract with you, (b) compliance with a legal obligation, and (c) our legitimate interest in operating a secure, fraud-resistant service.

Customer documents are never added to model training, fine-tuning, or evaluation datasets. Only aggregate, fully anonymised operational telemetry (latency, error rates, page-count distributions) is retained for service-quality work.

We share personal information with:

Modal Labs, Inc.

Serverless compute platform used to run the parsing engine. Documents are processed in their environment and deleted after the response.

Stripe, Inc.

Payment processor for paid tiers. Stripe is the controller for the card data they handle and operates under their own privacy notice.

Cloudflare, Inc. (or Vercel, Inc.)

Hosting and content-delivery for the engramly.net website. Their logs may transiently include your IP address and user-agent.

Email provider

Used to deliver transactional messages (account, billing, security). We will name the provider once we lock in our production stack and update this policy before first send.

Authorities

When required by valid legal process, court order, or to protect the safety of users or the public. We will notify you of any such request when permitted.

Successors

If we merge with or are acquired by another entity, personal information may transfer as part of that transaction. Continued use will be governed by a policy at least as protective as this one.

We do not sell or rent personal information. We do not share personal information for cross-context behavioural advertising.

Uploaded documents

Deleted within minutes of processing.

API usage logs

Up to 24 months.

Account records

Until you request deletion, plus the period required for tax, fraud, and dispute records.

Billing records

Seven years, to satisfy US tax-record requirements.

Support emails

Three years from the last reply.

We are based in the United States and our sub-processors operate in the US and the EU. When personal information moves out of the EEA, the UK, or Switzerland we rely on the European Commission’s Standard Contractual Clauses (and the UK addendum where applicable) as the transfer mechanism.

Depending on where you live you have some or all of the following rights:

• Access — a copy of the personal information we hold about you.
• Correction — fix anything that is inaccurate.
• Deletion — ask us to delete your account and associated data.
• Portability — receive your data in a structured, machine-readable format.
• Restriction or objection — ask us to pause or stop certain processing.
• Withdraw consent — where we relied on consent (we currently do not for any processing other than future analytics).
• Complain to a supervisory authority — in the EU/UK your data-protection regulator, in California the Attorney General, in other US states your respective authority.

To exercise any right, email privacy@engramly.net from the address on file. We respond within 30 days. We do not charge for reasonable requests and we will not retaliate against you for exercising a right.

California residents have the rights listed above plus the right to know the categories of personal information collected, sold, or shared. We do not sell or share personal information as those terms are defined in the CCPA. The categories we collect are: identifiers (email, IP), commercial information (page counts, billing records), internet activity (API request logs), and limited geolocation (IP-derived country only).

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@engramly.net and we will delete it.

We use TLS for data in transit, encrypted storage for data at rest, scoped API credentials, and least-privilege access to production systems. Documents are processed on ephemeral compute that is destroyed after each request. No system is perfectly secure; if you believe your account has been compromised, contact privacy@engramly.net immediately.

We may update this Policy. Material changes take effect 30 days after we post the updated Policy and notify the email on your account. The “Last updated” date at the top of this page reflects the most recent change.

Privacy questions, data-subject requests, and complaints: privacy@engramly.net.

Postal: Engramly, LLC, 131 Continental Dr, Suite 305, Newark, DE 19713, United States.