Privacy Policy

Last updated January 08, 2026

This Privacy Notice applies when you:

Visit our website at https://www.engramiq.com or any website of ours that links to this Privacy Notice
Use the Engramiq Platform, which is designed to help organisations organise, aggregate, search for, and analyse site information.
Engage with us in other related ways, including product updates, events, and support

Reading this Privacy Notice will help you understand your privacy rights and choices. If you have any questions, please contact us at privacy@engramiq.com.

Summary of key points

This summary provides key points from our Privacy Notice.

We process business contact and account information (for example: name, work email, job title, username, and authentication credentials) and limited technical/usage information. We may also process personal information contained in documents or data uploaded to the Services by you or your organisation ("Customer Content").
We do not intentionally collect or request sensitive personal information (also called "special category" data). Please do not upload it unless your organisation has ensured a lawful basis and appropriate safeguards.
We do not collect personal information about you from public sources, data brokers, or similar third parties. Your organisation's administrator may provide or manage your account details (for example, adding you to an organisation workspace). We may also receive limited information from service providers that help us operate and secure the Services (for example, fraud-prevention signals).
We process information to provide and secure the Services, manage user accounts, provide support, send service communications (including product updates), improve the Services, and comply with law.
We do not sell personal information.
Our service providers and sub-processors may process data in the United Kingdom, European Economic Area, United States, Canada, and other locations. Where required, we use appropriate safeguards for international transfers.
We use appropriate technical and organisational measures designed to protect your personal information. However, no online service can be completely secure, so we cannot guarantee absolute security.
Depending on where you are located, you may have rights to access, correct, delete, or restrict processing of your personal information.

1. Information we collect

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register for an account, use the Services, contact us, request support, or otherwise communicate with us.

Personal Information Provided by You

The personal information we collect depends on how you interact with the Services. It may include:

Name (typically business name/identity)
Work email address
Job title and organisation name (if provided)
Usernames and authentication information
Support communications (for example, the content of messages you send to support)

Information Provided by Your Organisation

If your organisation sets up an account, an administrator may provide your name, work email, job title, and role/permissions to enable your access and manage your account.

Customer Content

The Services allow authorised users to upload and work with documents and other data. Customer Content may include personal information (for example, names and roles of colleagues appearing in internal documents). We process Customer Content to provide the Services to your organisation. Your organisation is responsible for determining what Customer Content is appropriate to upload and for ensuring it has the right to provide that content to us.

Sensitive Information

We do not intentionally collect or request sensitive personal information. Please do not upload sensitive personal information unless your organisation has ensured a lawful basis and appropriate safeguards.

All personal information you provide to us must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected

We automatically collect certain information when you access or use the Services. This information does not necessarily reveal your specific identity, but may include device and usage information such as IP address, browser/device characteristics, operating system, language preferences, referring URLs, and information about how and when you use the Services. This information is primarily needed to maintain the security and operation of our Services and for internal analytics and reporting.

Log and Usage Data

Our servers may automatically collect service-related diagnostic, usage, and performance information (for example: timestamps, pages/screens viewed, searches, feature usage, and error logs).

2. How we use your information

We process personal information for the following purposes:

To facilitate account creation, authentication, and account administration.
To deliver and facilitate delivery of the Services (including processing Customer Content at your organisation's direction).
To respond to user inquiries and provide support.
To send service and administrative communications (for example, security notices and product updates). You may opt out of non-essential product update emails.
To protect our Services (including monitoring, preventing abuse, and investigating suspected fraud or security incidents).
To understand usage trends and improve the Services (for example, aggregated analytics and service performance).
To comply with applicable laws and to exercise or defend legal claims.

Automated processing / AI features

Some features may use automated processing, including AI-assisted search, extraction, summarisation, or classification. These features are provided to support user workflows. We do not use AI to make solely automated decisions that produce legal or similarly significant effects about individuals.

3. Legal bases for processing

If you are located in the EU or UK, we rely on the following legal bases, as applicable:

Performance of a contract: to provide the Services and manage your account.
Legitimate interests: to secure the Services, prevent abuse, improve the Services, and communicate operational updates to business users (these interests do not override your rights).
Consent: where required (for example, certain cookies/analytics and optional communications). You can withdraw consent at any time where processing is based on consent.
Legal obligations: where necessary to comply with law.
Vital interests: in rare situations to protect someone's vital interests.

If you are located in Canada, we may rely on express or implied consent (as permitted by law) and, in some cases, other legal bases permitted under applicable Canadian privacy laws.

We may share personal information with:

Service providers and sub-processors that help us operate the Services (for example, hosting, authentication, analytics, customer support tooling, and security monitoring). They may only process personal information on our instructions.
Your organisation and its administrators (for example, to manage user access and permissions).
Professional advisers (for example, lawyers, auditors, insurers) where necessary.
Authorities or third parties where required by law, or to protect rights, safety, and security.
Parties to a business transaction (for example, a merger, acquisition, financing, or sale of assets), subject to appropriate protections.

We do not sell personal information.

5. Cookies and tracking technologies

We may use cookies or similar technologies to:

Keep you signed in and enable core functionality (essential cookies)
Remember preferences and settings
Measure service performance and usage (analytics), if enabled

We do not use cookies for targeted advertising or to sell/share personal information for cross-context behavioural advertising.

For more information, please see our Cookie Notice.

6. International transfers

Our service providers and sub-processors may process personal information in the United Kingdom, European Economic Area, United States, Canada, and other locations. Where required, we use appropriate safeguards for international transfers (for example, UK International Data Transfer Addendum/IDTA, EU Standard Contractual Clauses, and other lawful mechanisms). Details can be provided on request.

7. Data retention

We retain personal information for as long as your organisation maintains an account with us, and as needed to provide the Services. We may retain certain information for a limited period after account termination to comply with law, resolve disputes, enforce agreements, or for security and backup purposes. Where feasible, we will delete or anonymise personal information when it is no longer needed.

8. Information security

We use appropriate technical and organisational measures designed to protect your personal information. However, no online service can be completely secure, so we cannot guarantee absolute security.

9. Children's privacy

We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, please contact us and we will take appropriate steps.

10. Your privacy rights

Depending on your location (including the EEA, UK, Switzerland, and Canada), you may have rights to access, correct, delete, or restrict processing of your personal information, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority (for example, the UK Information Commissioner's Office (ICO)).

If you use the Services through an organisation, your rights regarding Customer Content may be managed through your organisation. You can contact your organisation's administrator and/or contact us at privacy@engramiq.com.

You can opt out of non-essential product update emails by using the unsubscribe link in the email or by contacting us. We may still send essential service communications (for example, security notices and account-related messages).

11. Do-not-track signals

Most web browsers offer a Do-Not-Track ("DNT") setting. There is no uniform standard for recognising DNT signals, so we do not currently respond to them. If a standard is adopted that we must follow, we will update this notice.

12. U.S. state privacy disclosures

If you are a U.S. resident, certain state laws may provide rights regarding your personal information (for example, rights to access, delete, or correct). We do not sell personal information and we do not share personal information for targeted advertising as defined by applicable U.S. state laws. To exercise rights, contact us at privacy@engramiq.com.

13. Updates to this notice

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we may notify you by posting a notice or by other reasonable means.

14. Contact us

If you have questions or comments, you may contact us at:

Email: privacy@engramiq.com

Post: Engramiq Ltd, 86–90 Paul Street, London EC2A 4NE, United Kingdom

15. Requests to access, update, or delete data

To request access, correction, deletion, or other rights requests, please contact us at privacy@engramiq.com. We may need to verify your identity and/or your authority to make a request.

Summary of key points​

1. Information we collect​

Personal information you disclose to us​

Personal Information Provided by You​

Information Provided by Your Organisation​

Customer Content​

Sensitive Information​

Information automatically collected​

Log and Usage Data​

2. How we use your information​

Automated processing / AI features​

3. Legal bases for processing​

4. When we share information​

5. Cookies and tracking technologies​

6. International transfers​

7. Data retention​

8. Information security​

9. Children's privacy​

10. Your privacy rights​

11. Do-not-track signals​

12. U.S. state privacy disclosures​

13. Updates to this notice​

14. Contact us​

15. Requests to access, update, or delete data​