Privacy
Policy.
encod.ai builds AI systems for serious companies, so we hold ourselves to a serious bar on data. This policy explains what we collect, why we collect it, and the rights you have over it. Email [email protected] with questions.
/01Who we are
Encod AI, Inc. ("encod.ai", "we", "us") is the data controller for personal information collected through this site and during business interactions. We're headquartered in New York and operate remote-first.
/02Information we collect
| CATEGORY | EXAMPLES |
|---|---|
| Contact details | Name, work email, title, company, phone (if provided) |
| Inquiry content | Project description, timeline, what you're trying to build |
| Engagement data | Contract terms, invoices, communications related to a project |
| Client data (under SOW) | Datasets, code, and materials you share for an engagement |
| Site analytics | IP address, device/browser type, pages viewed, referrer |
| Marketing | Email subscription preferences, event RSVPs |
We do not knowingly collect information from children under 16, and our services are not directed to consumers.
/03How we use it
- Respond to inquiries and prepare proposals.
- Deliver, manage, and improve our consulting services.
- Send administrative communications (invoices, security notices, contract updates).
- Send marketing or thought-leadership content where you've opted in (you can unsubscribe at any time).
- Operate, secure, and analyze the Site.
- Comply with legal, tax, and audit obligations.
We do not sell personal information, and we do not use Client data shared under an SOW to train general-purpose AI models.
/04Legal bases (EEA / UK)
Where GDPR or UK GDPR applies, we rely on:
- Contract: to perform the services you've asked for.
- Legitimate interest: to operate, secure, and improve our business — balanced against your rights.
- Consent: for marketing emails and certain cookies; you can withdraw consent at any time.
- Legal obligation: for tax, accounting, and compliance.
/05Sharing
We share personal information only with:
- Service providers who process data on our behalf under written agreements (e.g. cloud hosting, email, CRM, analytics, payment processing).
- Subcontractors on engagements, where named and approved per the SOW.
- Authorities if required by law, subpoena, or to protect rights, property, or safety.
- Successors in the event of a merger, acquisition, or asset sale, subject to equivalent protections.
/06Retention
We keep personal information only as long as needed for the purposes described, or as required by law. As a baseline:
- Inquiry data: up to 24 months from last contact, then deleted or anonymized.
- Engagement records and contracts: 7 years after the engagement ends, for tax and audit purposes.
- Client data under SOW: handled per the data-handling terms of the SOW; returned or destroyed on request after termination.
/07Security
We maintain a security program including encryption in transit and at rest, role-based access control, MFA, vendor reviews, and regular penetration testing. No system is perfectly secure; if we discover a breach affecting your data, we'll notify you in line with applicable law.
/08Your rights
Depending on where you live, you may have the right to access, correct, delete, port, or object to processing of your personal information, and to lodge a complaint with a supervisory authority. To exercise any of these, email [email protected]. We'll respond within 30 days.
/09Cookies
We use a small set of strictly-necessary and analytics cookies. Analytics cookies are only set with your consent (where required). You can manage preferences in your browser or via the cookie banner on the Site.
/10Updates & contact
We may update this policy as our practices evolve. Material changes will be flagged on the Site or sent to clients directly. The "Last updated" date at the top reflects the current version.
Questions, requests, or feedback: [email protected].