Privacy Policy

Epiphany ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered data engineering platform and related services (collectively, the "Service"). Please read this policy carefully to understand our practices regarding your information.

We collect information that you provide directly to us, including: • Account Information: Name, email address, company name, and password when you register • Profile Information: Job title, department, and other professional details • Payment Information: Billing address and payment method details (processed through secure third-party providers) • Communications: Messages, feedback, and support requests you send to us • Usage Data: Information about how you interact with our Service, including pipelines created, queries submitted, and features used • Technical Data: IP address, browser type, device information, operating system, and log data • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service

When you use Epiphany to process your data: • Data Ownership: You retain full ownership of all data you input, process, or generate through our Service • Data Processing: We process your data solely to provide the Service and as instructed by you • Data Storage: Your data is stored securely using industry-standard encryption methods • Data Access: Our AI agents and systems access your data only to execute the pipelines and operations you request • Data Isolation: Your data is logically separated from other users' data • No Training Use: We do not use your proprietary data to train our AI models without your explicit consent

We use the information we collect to: • Provide, maintain, and improve our Service • Process your transactions and manage your account • Send you technical notices, updates, and support messages • Respond to your comments, questions, and requests • Monitor and analyze trends, usage, and activities • Detect, prevent, and address technical issues and security threats • Personalize and improve your experience • Develop new features and services • Send you marketing communications (with your consent) • Comply with legal obligations

We may share your information in the following circumstances: • Service Providers: We share information with third-party vendors who perform services on our behalf (cloud hosting, payment processing, analytics) • Business Transfers: In connection with a merger, acquisition, or sale of assets • Legal Requirements: When required by law or to protect our rights and safety • With Your Consent: When you explicitly authorize us to share your information • Aggregated Data: We may share anonymized, aggregated data that cannot identify you We do NOT sell your personal information to third parties.

We implement robust security measures to protect your information: • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256) • Access Controls: Role-based access controls and multi-factor authentication • Infrastructure: Secure cloud infrastructure with regular security audits • Monitoring: 24/7 security monitoring and threat detection • Compliance: SOC 2 Type II, GDPR, and HIPAA compliance where applicable • Incident Response: Documented procedures for security incident response While we use industry-standard security measures, no method of transmission over the internet is 100% secure.

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically: • Account Information: Retained while your account is active • Usage Data: Retained for analytical purposes, typically 24 months • Pipeline Data: Retained according to your configured retention policies • Legal Compliance: Some data may be retained longer to comply with legal obligations You can request deletion of your data at any time by contacting us.

Depending on your location, you may have the following rights: • Access: Request access to your personal information • Correction: Request correction of inaccurate information • Deletion: Request deletion of your information • Portability: Request a copy of your data in a portable format • Restriction: Request restriction of processing your information • Objection: Object to processing of your information • Withdraw Consent: Withdraw consent for processing at any time To exercise these rights, contact us at privacy@epfny.io.

If you are located in the European Economic Area (EEA), we process your data based on the following legal grounds: • Contract Performance: Processing necessary to provide our Service • Legitimate Interests: Processing necessary for our legitimate business interests • Consent: Processing based on your explicit consent • Legal Obligations: Processing required by law You have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

California residents have specific rights under the California Consumer Privacy Act (CCPA): • Right to Know: Categories and specific pieces of personal information we collect • Right to Delete: Request deletion of your personal information • Right to Opt-Out: Opt-out of sale of personal information (we do not sell data) • Right to Non-Discrimination: We will not discriminate against you for exercising your rights To exercise these rights, contact us at privacy@epfny.io.

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including: • Standard Contractual Clauses (SCCs) • Privacy Shield frameworks where applicable • Adequacy decisions by relevant authorities We take steps to ensure your data receives adequate protection regardless of location.

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately, and we will take steps to delete such information.

We use cookies and similar tracking technologies to: • Essential Cookies: Required for the Service to function • Analytics Cookies: Help us understand how you use the Service • Preference Cookies: Remember your settings and preferences • Marketing Cookies: Deliver relevant advertisements (with consent) You can control cookies through your browser settings, but some features may not function properly if you disable cookies.

We may update this Privacy Policy from time to time. We will notify you of material changes by: • Posting the updated policy on this page • Updating the "Last Updated" date • Sending you an email notification (for material changes) Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: privacy@epfny.io Data Protection Officer: dpo@epfny.io Address: Epiphany, Inc. We will respond to your inquiry within 30 days.