Legal Document

Privacy Policy

Effective date: 7 June 2026 · Last updated: 7 June 2026

    Eudora is an AI behavioral compliance platform. We take data privacy seriously — particularly because our customers operate in regulated industries. This policy explains exactly what we collect, why, and how it is protected.
  

1. Who We Are

Eudora ("we", "us", "our") is an AI behavioral compliance platform operated under the domain geteudora.com. We provide tools for enterprises to govern, audit, and secure their AI agent activity.

For questions about this policy, contact us at privacy@geteudora.com.

2. What Data We Collect

Account data: When you register, we collect your name, email address, and hashed password. We never store plaintext passwords.

Usage data: We collect audit logs of AI agent activity within your tenant. This data belongs to you and is isolated per tenant. We do not access or analyse your audit data except for platform operations (backups, integrity checks).

Billing data: Payment information is processed by Stripe. We store only a Stripe customer ID — we never see or store full card numbers.

API keys: If you provide API keys for AI providers (OpenAI, Anthropic, etc.), they are encrypted at rest using AES-256-GCM before storage. We do not use your API keys for any purpose other than forwarding your requests.

Technical data: We log server-side errors and performance metrics. These logs do not contain personal data from your AI agent interactions.

3. How We Use Your Data

To provide and operate the Eudora platform
To send transactional emails (password resets, team invites, billing receipts)
To enforce subscription limits and billing via Stripe
To detect and prevent abuse of the platform
To respond to support requests

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 5.

4. Data Storage and Security

Your data is stored on Railway infrastructure within the European Union. All data in transit is encrypted via TLS 1.2+. Sensitive fields (API keys, secrets) are encrypted at rest using AES-256-GCM.

Audit logs are append-only and SHA-256 hashed — they cannot be modified after creation, which is a requirement for DORA Article 11 compliance.

Self-hosted deployments store all data on your own infrastructure. In that case, we have no access to your data whatsoever.

5. Third-Party Services

We use the following third-party services:

Stripe — payment processing. Subject to Stripe's Privacy Policy.
Resend — transactional email delivery. Only your email address is shared.
Railway — cloud infrastructure hosting. Subject to Railway's Privacy Policy.
Cloudflare — DNS, CDN, and DDoS protection. Subject to Cloudflare's Privacy Policy.

We do not share your data with AI providers (OpenAI, Anthropic, etc.) — your API keys are only used to forward your own requests. We are not a subprocessor of those providers.

6. Data Retention

Audit log retention depends on your plan:

Trial: 30 days
Starter: 90 days
Professional: 1 year
Enterprise: 3 years
Self-Hosted: indefinite (your infrastructure)

Account data is retained as long as your account is active. You may request deletion at any time (see Section 8).

7. Cookies

We use minimal cookies — only those strictly necessary for authentication (session tokens stored in localStorage, not cookies). We do not use tracking cookies or third-party analytics cookies.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your account and data
Portability: Export your data in machine-readable format (available via the audit export feature)
Objection: Object to processing of your data
Restriction: Request restriction of processing

To exercise any of these rights, email privacy@geteudora.com. We will respond within 30 days.

9. Children's Privacy

Eudora is an enterprise compliance platform. We do not knowingly collect data from anyone under 18 years of age. If you believe we have inadvertently collected such data, contact us immediately.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The effective date at the top of this page indicates when the policy was last updated.

Contact

For privacy-related enquiries: privacy@geteudora.com
For general enquiries: hello@geteudora.com
Website: geteudora.com