Privacy Policy
1. Who We Are
CDAOX LLC, an Illinois limited liability company doing business as Eichen ("Eichen," "we," "us," or "our"), operates the Eichen platform at app.eichen.ai and the marketing site at eichen.ai. This Privacy Policy describes how we collect, use, store, and protect information when you use our Service.
Legal Contact: legal@eichen.ai
Privacy Contact: privacy@eichen.ai
2. Our Role
2.1 Customer Data
With respect to Customer Data uploaded to the Service, Eichen acts as a data processor. The Customer is the data controller and is responsible for ensuring that Customer Data is collected and provided to Eichen in compliance with applicable data protection laws.
2.2 Account and Usage Data
With respect to account information and usage data, Eichen acts as the data controller and processes this data for the purposes described in Section 4 of this Privacy Policy.
3. Information We Collect
3.1 Account Information
When you create an account, we collect your name, email address, and organization name through our authentication provider (Microsoft Entra ID B2C). We do not collect or store passwords directly.
3.2 Usage Data
We automatically collect information about how you interact with the Service, including: pages viewed, features used, timestamps of activity, browser type and version, device type, and IP address.
3.3 Customer Data
You may upload marketing campaign data, platform reports, MMM outputs, incrementality test results, and other business data to the Service for calibration. The handling of Customer Data is governed by our Terms of Service.
3.4 Communications
When you contact us via email or through the Service, we collect the content of those communications.
4. How We Use Information
We use the information we collect for the following purposes:
- Provide the Service: Process your Customer Data, generate Eichen Outputs, and manage your account.
- Improve the Service: Analyze usage patterns to improve features, performance, and reliability. We do not use Customer Data to train AI models.
- Communicate: Send service-related notices, respond to inquiries, and provide support.
- Security: Detect and prevent fraud, abuse, and security incidents.
- Legal Compliance: Comply with applicable laws, regulations, and legal processes.
5. How We Share Information
We do not sell your personal information. We may share information in the following limited circumstances:
5.1 Subprocessors
We use third-party infrastructure and service providers to operate the Service. These subprocessors process data on our behalf under contractual obligations to protect your information. A current list of subprocessors is available upon request by contacting privacy@eichen.ai.
Current primary subprocessors include:
| Subprocessor | Purpose | Location |
|---|---|---|
| Microsoft Azure | Cloud infrastructure, compute, data storage | US East |
| Azure OpenAI Service | Narrative generation (narration layer only, not metric computation) | US East |
| Azure Cosmos DB | Multi-tenant data storage | US East |
| Microsoft Entra ID B2C | Authentication and identity management | US |
| Cloudflare | DNS, CDN, DDoS protection for the marketing site | Global edge |
Microsoft's Azure OpenAI service does not use customer data to train or improve their models. Customer Data is not shared with OpenAI directly.
5.2 Legal Requirements
We may disclose information if required by law, subpoena, court order, or governmental request.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
6. Data Storage and Security
6.1 Infrastructure
Customer Data and account information are stored on Microsoft Azure infrastructure in the United States (East US region).
6.2 Security Measures
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.2+)
- Encryption at rest
- Role-based access controls
- Managed identity authentication (no stored secrets or API keys in code)
- Structured JSON logging and monitoring
- Regular security reviews
6.3 Data Retention
We retain data according to the following schedule:
- Account information: Duration of active account plus thirty (30) days.
- Customer Data: As specified in Terms of Service Section 4.5 (30 days post-termination, then permanent deletion within 60 days).
- Usage and access logs: Retained in structured JSON format for up to twelve (12) months for operational and analytical purposes.
- Backups: Encrypted and subject to the same retention and deletion schedules as primary data.
Deletion is permanent and non-recoverable after the applicable retention period expires.
7. Cross-Border Data Transfers
All Customer Data is stored and processed in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. EU-based customers should request a separate Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs) before uploading personal data subject to GDPR.
8. Your Rights
8.1 Access and Portability
You may request a copy of the personal information we hold about you by contacting privacy@eichen.ai. We will respond within thirty (30) days.
8.2 Correction
You may request correction of inaccurate personal information by contacting us.
8.3 Deletion
You may request deletion of your personal information. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).
8.4 California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.
Categories of personal information collected: Identifiers (name, email, IP address), commercial information (account and subscription data), internet activity (usage data), and professional information (organization name).
Business purpose: To provide, maintain, and improve the Service, communicate with users, detect security incidents, and comply with legal obligations.
Your rights:
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of personal information we have collected from you.
- Right to correct: You may request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising.
- Right to non-discrimination: We will not discriminate against you for exercising these rights.
To exercise these rights, contact privacy@eichen.ai. We will verify your identity before responding.
8.5 European Residents
If you are a resident of the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including access, rectification, erasure, restriction, portability, and objection. Our lawful basis for processing is typically Performance of a Contract (for account and service data) and Legitimate Interest (for security and service improvement). EU-based customers should request a Data Processing Agreement before uploading personal data. You have the right to lodge a complaint with a supervisory authority in your jurisdiction.
9. Cookies and Tracking
The eichen.ai marketing site and app.eichen.ai platform use essential cookies required for authentication, session management, and security. We do not use advertising cookies, behavioral tracking pixels, or third-party marketing analytics on the platform.
The marketing site is served through Cloudflare, which may set essential cookies for security and bot protection. If we add analytics in the future, this section will be updated and users will be notified.
10. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will promptly delete that information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least thirty (30) days before taking effect. The "Last Updated" date at the top of this policy indicates the most recent revision.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
CDAOX LLC d/b/a Eichen
Chicago, Illinois
legal@eichen.ai · privacy@eichen.ai · eichen.ai