enscribe
Privacy Policy

Privacy-first by design.

This Privacy Policy explains how Enscribe (“we”, “us”, “our”) collects, uses, and protects information in connection with our website and services, including Enscribe Embed (embeddings, vector storage, and semantic retrieval).

Privacy request Terms

Last updated

December 13, 2025

Customer content is yours. We process customer content only to provide the services, and we do not use it to train general-purpose models without an explicit written agreement.

Scope

This policy applies to:

  • Website: enscribe.io and related pages
  • Services: Enscribe APIs, portal, and embedding/storage/retrieval workflows

If you are a business customer processing personal data on behalf of your users, you are typically the “controller” and Enscribe is a “processor.” A Data Processing Addendum (DPA) is available upon request where applicable.

Information we collect

Account and billing

  • Name, email address, organization name
  • Billing contact details and transaction records (processed by payment providers)

Service telemetry

  • Request metadata (timestamps, tenant identifiers, API key identifiers)
  • Operational metrics (latency, error rates) and token counts for usage-based billing
  • Security logs (IP addresses, auth events) for abuse prevention and incident response

Customer content

  • Content you submit for embedding or retrieval (e.g., paragraphs and metadata)
  • Embeddings/vectors and associated metadata needed to deliver retrieval

Website data and tracking

We do not run third-party advertising trackers on the marketing website. We may store limited information in your browser to improve usability, such as a theme preference in localStorage.

If we introduce analytics or additional cookies, we will update this policy and (where required) provide consent and opt-out controls.

How we use information

  • Provide, operate, maintain, and secure the services
  • Process usage-based billing and maintain auditability of charges
  • Support requests, service communications, and account administration
  • Improve reliability and performance (debugging, monitoring, capacity planning)
  • Comply with legal obligations and enforce our terms

Legal bases (EEA/UK/Switzerland)

When GDPR (or similar laws) apply, we process personal data based on:

  • Contract: to provide the services you request
  • Legitimate interests: to secure, operate, and improve the platform
  • Consent: where required for non-essential cookies or optional features
  • Legal obligation: to comply with applicable laws (e.g., tax, accounting)

Sharing and subprocessors

We do not sell personal information. We share information only with service providers (“subprocessors”) under contract who help us deliver the services, such as cloud infrastructure, payment processing, and email delivery.

  • Subprocessors are required to protect information and use it only for providing services to us.
  • We may disclose information if required by law or to protect rights, safety, and security.

A subprocessor list and change notifications are available upon request for applicable customers.

International transfers

Enscribe may process data in the United States and other regions. Where required, we use appropriate transfer mechanisms (such as Standard Contractual Clauses) and contractual safeguards with subprocessors.

Dedicated tier offerings may support region pinning and private networking, subject to contract and availability.

Retention

  • Account data: retained while your account is active and as needed for support and compliance
  • Operational logs: retained for security and debugging purposes
  • Observability metrics: retention varies by plan
  • Customer content/vectors: retained according to your configuration and agreement

Your rights (GDPR/CCPA and similar laws)

Depending on your location and relationship to the services, you may have rights to:

  • Access, correct, delete, or export your personal information
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Opt out of “sale”/“sharing” where applicable (we do not sell personal information)

To exercise these rights, email privacy@enscribe.io. If you are an end user of a customer using Enscribe, please contact that customer directly.

Security

We implement administrative, technical, and organizational safeguards including access controls, credential encryption, and secure database connections. We are building toward comprehensive encryption at rest and monitoring capabilities. No system is perfectly secure, but we design for defense-in-depth.

Children’s privacy

Our services are not directed to children under 13 (and under 16 in the EEA). We do not knowingly collect personal information from children.

Changes

We may update this policy from time to time. Material changes will be posted on this page and the “Last updated” date will change. Where required, we will provide additional notice.