Skip to main content

Privacy Policy

Last updated January 08, 2026

This privacy policy (“Privacy Policy”) sets out how Engramiq Ltd (“Engramiq”) uses and protects your personal data. It will apply whenever we collect or come into possession of your personal data, including when you:

  • Visit our website at https://www.engramiq.com or any website of ours that links to this Privacy Policy
  • Use the Engramiq Platform, which is designed to help organisations organise, aggregate, search for, and analyse site information.
  • Engage with us in other related ways, including product updates, events, and support

Reading this Privacy Policy will help you understand your privacy rights and choices. If you have any questions, please contact us at privacy@engramiq.com.

Summary of key points

This summary provides key points from our Privacy Policy.

  • We process business contact and account information (for example: name, work email, job title, username, and authentication credentials) and limited technical/usage information. We may also process personal information contained in documents or data uploaded to the Services by you or your organisation ("Customer Content"). In this Privacy Policy, “Services” means our website the Engramiq Platform, our website at https://www.engramiq.com, any website or application of ours that links to this Privacy Policy, and any support, communications, and services we provide to Customers and Authorised Users.
  • We do not intentionally collect or request sensitive personal information (also called "special category" data). Please do not upload it unless your organisation has ensured a lawful basis and appropriate safeguards.
  • We do not collect personal information about you from public sources, data brokers, or similar third parties. Your organisation's administrator may provide or manage your account details (for example, adding you to an organisation workspace). We may also receive limited information from service providers that help us operate and secure the Services (for example, fraud-prevention signals).
  • We process information to provide and secure the Services, manage user accounts, provide support, send service communications (including product updates), improve the Services, and comply with law.
  • We do not sell personal information.
  • Our service providers and sub-processors may process data in the United Kingdom, European Economic Area, United States, Canada, and other locations. Where required, we use appropriate safeguards for international transfers.
  • We use appropriate technical and organisational measures designed to protect your personal information. However, no online service can be completely secure, so we cannot guarantee absolute security.
  • Depending on where you are located, you may have rights to access, correct, delete, or restrict processing of your personal information.

1. Information we collect

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register for an account, use the Services, contact us, request support, or otherwise communicate with us.

Personal Information Provided by You

The personal information we collect depends on how you interact with the Services. It may include:

  • Name (typically business name/identity)
  • Work email address
  • Job title and organisation name (if provided)
  • Usernames and authentication information
  • Business address
  • Support communications (for example, the content of messages you send to support)
  • Signatures
  • Profile data including information you add to your profile and the preferences you select for your profile
  • Marketing and communications data, including your preferences in receiving marketing from us
  • Financial and transaction data, including details about payments from you and details of services you have purchased from us
  • Any other personal data embedded in user-uploaded content

Information Provided by Your Organisation

If your organisation sets up an account, an administrator may provide your name, work email, job title, and role/permissions to enable your access and manage your account.

Customer Content

The Services allow authorised users to upload and work with documents and other data. Customer Content may include personal information (for example, names and roles of colleagues appearing in internal documents). We process Customer Content to provide the Services to your organisation. Your organisation is responsible for determining what Customer Content is appropriate to upload and for ensuring it has the right to provide that content to us.

Sensitive Information

We do not intentionally collect or request sensitive personal information. Please do not upload sensitive personal information unless your organisation has ensured a lawful basis and appropriate safeguards.

All personal information you provide to us must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected

We automatically collect certain information when you access or use the Services. This information does not necessarily reveal your specific identity, but may include device and usage information such as IP address, browser/device characteristics, operating system, language preferences, referring URLs, and information about how and when you use the Services. This information is primarily needed to maintain the security and operation of our Services and for internal analytics and reporting.

Log and Usage Data

Our servers may automatically collect service-related diagnostic, usage, and performance information (for example: timestamps, pages/screens viewed, searches, feature usage, and error logs).

2. How we use your information

We process personal information for the following purposes:

  • To facilitate account creation, authentication, and account administration.
  • To deliver and facilitate delivery of the Services (including processing Customer Content at your organisation's direction).
  • To respond to user inquiries and provide support.
  • To send service and administrative communications (for example, security notices and product updates). You may opt out of non-essential product update and marketing emails.
  • To protect our Services (including monitoring, preventing abuse, and investigating suspected fraud or security incidents).
  • To understand usage trends and improve the Services (for example, aggregated analytics and service performance).
  • To comply with applicable laws and to exercise or defend legal claims.

Automated processing / AI features

Some features may use automated processing, including AI-assisted search, extraction, summarisation, or classification. These features are provided to support user workflows. We do not use AI to make solely automated decisions that produce legal or similarly significant effects about individuals.

If you are located in the EU or UK, we rely on the following legal bases, as applicable:

  • Performance of a contract: to provide the Services and manage your account.
  • Legitimate interests: to secure the Services, prevent abuse, improve the Services, and communicate operational updates to business users (these interests do not override your rights).
  • Consent: where required (for example, certain cookies/analytics and optional communications). You can withdraw consent at any time where processing is based on consent.
  • Legal obligations: where necessary to comply with law.
  • Vital interests: in rare situations to protect someone's vital interests.

If you are located outside the UK or EU, we process personal information in accordance with this Privacy Policy and the privacy laws applicable in your jurisdiction. Depending on where you live, we may rely on legal bases or permissions recognised under those laws (for example, performing a contract with you, our legitimate interests, your consent, or compliance with legal obligations). Where local law requires additional notices or rights, we will provide them as required.

4. When we share information

We may share personal information with:

  • Service providers and sub-processors that help us operate the Services (for example, hosting, authentication, analytics, customer support tooling, and security monitoring). They may only process personal information on our instructions and are not permitted to use your personal information for their own purposes.
  • Your organisation and its administrators (for example, to manage user access and permissions).
  • Professional advisers (for example, lawyers, auditors, insurers) where necessary.
  • Authorities or third parties where required by law, or to protect rights, safety, and security.
  • Parties to a business transaction (for example, a merger, acquisition, financing, or sale of assets), subject to appropriate protections. If our business is sold, the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and treat it in accordance with the law.

We do not sell personal information.

5. Cookies and tracking technologies

We may use cookies or similar technologies to:

  • Keep you signed in and enable core functionality (essential cookies)
  • Remember preferences and settings
  • Measure service performance and usage (analytics), if enabled

We do not use cookies for targeted advertising or to sell/share personal information for cross-context behavioural advertising.

For more information, please see our Cookie Notice.

6. International transfers

Our service providers and sub-processors may process personal information in the United Kingdom, European Economic Area, United States, Canada, and other locations. Where required, we use appropriate safeguards for international transfers (for example, UK International Data Transfer Addendum/IDTA and other lawful mechanisms). Details can be provided on request.

7. Data retention

We retain personal information for as long as your organisation maintains an account with us, and as needed to provide the Services. We may retain certain information for a limited period after account termination to comply with law, resolve disputes, enforce agreements, or for security and backup purposes. Where feasible, we will delete or anonymise personal information when it is no longer needed.

8. Information security

We use appropriate technical and organisational measures designed to protect your personal information. However, no online service can be completely secure, so we cannot guarantee absolute security.

9. Children's privacy

We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, please contact us and we will take appropriate steps.

10. Your privacy rights

Depending on your location (including the EEA, UK, Switzerland, and Canada), you may have rights to access, correct, delete, or restrict processing of your personal information, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority (for example, the UK Information Commissioner's Office (ICO)).

If you use the Services through an organisation, your rights regarding Customer Content may be managed through your organisation. You can contact your organisation's administrator and/or contact us at privacy@engramiq.com.

You can opt out of non-essential product update or marketing emails by using the unsubscribe link in the email or by contacting us. We may still send essential service communications (for example, security notices and account-related messages).

11. Do-not-track signals

Most web browsers offer a Do-Not-Track ("DNT") setting. There is no uniform standard for recognising DNT signals, so we do not currently respond to them. If a standard is adopted that we must follow, we will update this notice.

12. Updates to this notice

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we may notify you by posting a notice or by other reasonable means.

13. Contact us

If you have questions or comments, you may contact us at:

Email: privacy@engramiq.com

Post: Engramiq Ltd, 86–90 Paul Street, London EC2A 4NE, United Kingdom

14. Requests to access, update, or delete data

To request access, correction, deletion, or other rights requests, please contact us at privacy@engramiq.com. We may need to verify your identity and/or your authority to make a request.