← Back to Eldari

Privacy Policy

Last updated: April 20, 2026

Disclaimer: This privacy policy is provided for informational purposes and does not constitute legal advice. You should consult with qualified legal counsel regarding your specific privacy obligations and requirements.

Eldari Inc. ("Company," "we," "us") operates the Eldari platform ("Service"). This Privacy Policy explains how we collect, use, share, and protect your information when you use the Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and an encrypted password. If you sign in via SSO (Microsoft Entra ID), we receive your name and email from your identity provider.

Usage Data

We collect information about how you use the Service, including workflow executions, feature usage, login events, and error logs. This data is used to operate and improve the Service.

Uploaded Documents

You may upload documents (PDFs, Word files, spreadsheets, presentations, images, and other formats) for processing. These documents are stored in your tenant-isolated storage and are not accessible to other users or organizations.

AI Processing Data

When you use content workflows, your data is processed through AI models to generate output. The inputs and outputs of these workflows are stored within your tenant boundary.

2. How We Use Your Information

We use your information to:

  • Provide the Service — process your documents, execute workflows, and deliver AI-generated content
  • Maintain security — authenticate users, prevent unauthorized access, and detect abuse
  • Improve the Service — analyze usage patterns to improve features and fix issues
  • Communicate with you — send service-related notifications, security alerts, and support responses
  • Comply with legal obligations — respond to legal requests and enforce our Terms of Service

We do not use your data for advertising, sell your data to third parties, or use your uploaded content to train AI models.

3. Third-Party Processors

We use the following third-party services to provide and operate the Service. Each processes data only as necessary for their stated purpose:

ProviderPurposeData Processed
Microsoft AzureInfrastructure, storage, computeAll platform data
OpenAI (API-only)Embeddings, content generationDocument text for processing (not used for training)
Anthropic (API-only)Content generationDocument text for processing (not used for training)
PineconeVector storage and searchDocument embeddings (tenant-isolated namespaces)
StripeSubscription billing and payment processingAccount email, billing address, payment method (handled directly by Stripe)
Meta Platforms (Facebook / Instagram)Optional: connect a Facebook or Instagram account as a datasource or publishing destinationOnly data you explicitly authorize via Facebook Login — see Section 9

4. Data Retention

Active accounts: Your data is retained for as long as your account is active and the Service is in use.

After termination: Upon account termination or cancellation, you have 30 days to export your data. After this export period, we will delete your uploaded documents, processed content, vector embeddings, and workflow outputs within 30 days.

Audit logs: Security audit logs may be retained for up to 12 months after account termination for compliance and security purposes.

Anonymized data: We may retain anonymized, aggregated usage statistics that cannot be used to identify you or your organization.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal data we hold about you
  • Export — download your uploaded documents and processed content at any time through the Service
  • Deletion — request deletion of your personal data and account
  • Correction — update or correct inaccurate personal information through your account settings
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing of your personal data in certain circumstances

To exercise any of these rights, contact us at jessica@eldaribio.com. We will respond within 30 days.

6. Cookies

The Eldari platform uses functional cookies only. These cookies are essential for the Service to operate and include authentication session tokens and user preferences. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

7. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

8. International Data Transfers

The Service is hosted on Microsoft Azure in Canada Central. If you access the Service from outside Canada, your data may be transferred to and processed in Canada. We ensure that appropriate safeguards are in place for any international data transfers in accordance with applicable data protection laws.

9. Meta / Facebook Platform Data

Eldari offers an optional integration with Meta Platforms that lets you connect a Facebook Page or Instagram Business account as a datasource (to ground workflows in your published content) or as a publishing destination (to schedule or post content directly from the Service). This integration uses Facebook Login and the Facebook Graph API.

What Meta data we collect

When you connect a Facebook or Instagram account, we collect only the information authorized by the permissions you approve during Facebook Login. Depending on the scopes you grant, this may include:

  • Your Facebook user ID, name, email address, and profile picture
  • A short-lived or long-lived Facebook access token used to call the Graph API on your behalf
  • Pages you administer and Instagram Business accounts linked to those Pages
  • Posts, captions, comments, and media published by those Pages or accounts
  • Aggregated insights (reach, impressions, engagement) for Pages or posts you own, where you authorize the relevant scope

We do not request or collect data about any Facebook user other than the account holder and the public audience of Pages you administer.

Why we collect it

We use Meta platform data solely to:

  • Authenticate you when you sign in or link a Facebook account
  • Ingest your published content as a corpus datasource so Eldari workflows can generate content grounded in your own research communications
  • Publish, schedule, or draft content to Pages or Instagram accounts you explicitly select
  • Display performance metrics for content that Eldari helped you create

We never use Meta platform data for advertising, sell it to third parties, or use it to train AI models.

How it is stored

Facebook access tokens and ingested content are stored in your tenant-isolated storage on Microsoft Azure in Canada Central, encrypted at rest. Access is restricted to authenticated members of your Eldari organization.

LLM processing of Meta data

When you run a workflow that operates on content ingested from Facebook or Instagram, the relevant text is sent to our AI sub-processors (OpenAI and, where applicable, Anthropic) to generate output. These providers process the data under API-only agreements that prohibit use of your data for model training. Outputs are returned to your tenant and are not shared with other customers.

Retention of Meta data

Facebook access tokens are retained only for as long as your Facebook account is connected to Eldari. Ingested Meta content is retained for as long as your Eldari account is active. You may disconnect a Facebook account at any time from your account settings; doing so revokes the token and removes ingested content associated with that connection within 30 days. For full account deletion, see Section 10.

Permissions you grant

Eldari requests only the minimum Facebook permissions needed for the features you enable. You may review and revoke these permissions at any time at facebook.com/settings?tab=business_tools.

10. Meta Data Deletion Instructions

A standalone version of these instructions is published at /privacy/meta-deletion.

You may request deletion of data Eldari has collected from Facebook or Instagram at any time using any of the methods below. We will complete the request within 30 days and send confirmation to your account email.

Option A: Disconnect in-app

Sign in to Eldari, go to Data Sources, locate the Facebook connection in the list, and click Delete. This revokes the access token and schedules deletion of ingested Meta content associated with the connection within 30 days.

Option B: Revoke from Facebook

Visit facebook.com/settings?tab=business_tools, locate Eldari, and remove the app. Facebook will notify Eldari of the revocation; we will delete the corresponding access token and ingested Meta content within 30 days.

Option C: Email request

Email jessica@eldaribio.com from the address on your Eldari account with the subject line Meta Data Deletion Request. Include the Facebook user ID or Page name whose data should be deleted. We will confirm completion within 30 days.

To request deletion of your entire Eldari account (including all Meta-derived data), see Section 5: Your Rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email or a prominent notice within the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For questions or concerns about this Privacy Policy or our data practices, please contact us at:

Eldari Inc.
Privacy, security, and legal inquiries: jessica@eldaribio.com