Privacy Policy

Emiko is a sales intelligence tool. This policy covers both the Emiko web application and the Emiko Chrome extension. We collect the minimum data required to operate the service and do not sell or share your data with third parties for marketing purposes.

The Emiko Chrome extension stores only one piece of data locally on your device:

• Emiko URL (optional): If you configure a custom Emiko instance URL, it is stored in chrome.storage.local on your device only. It is never transmitted to any server.

The extension reads text you have selected on a webpage only when you explicitly trigger an action (right-clicking and choosing “Research with Emiko” or “Reply with Emiko”). That selected text is passed directly to the Emiko web app tab — it is not logged, stored, or sent to any other destination.

The extension does not collect or transmit: browsing history, page content outside of your explicit selection, personally identifiable information, authentication credentials, or any passive usage data.

When you use the Emiko web application, we collect:

• Account information: Your email address, used solely for authentication via Supabase Auth.
• Content you create: Company research briefs, reply drafts, and transcripts you generate or save within the app. This data is stored in your account and is not accessible to other users.
• Settings: Your configured preferences (e.g. role, territory, product context) which are used to personalise AI-generated outputs.
• Usage data: We track the number of API operations you perform (briefs generated, replies drafted, transcripts processed) for billing and rate limiting purposes. This data is tied to your user account.
• Payment information: Billing is processed by Stripe. We do not store credit card numbers or bank details. We retain only your Stripe customer ID and subscription status.

Emiko uses artificial intelligence to generate company research briefs, email reply suggestions, and transcript analysis. When you use these features, your inputs (company names, message text, transcript content) are sent to third-party AI providers for processing.

Specifically, queries are processed by the Anthropic API (Claude) for content generation and the Exa API for web research. These providers process your data solely to generate the requested output. Please review their respective privacy policies for details on how they handle query data.

AI-generated outputs may contain inaccuracies. Emiko does not guarantee the accuracy, completeness, or reliability of any AI-generated content. You are responsible for reviewing and verifying all outputs before relying on them for business decisions.

• To authenticate and maintain your account
• To generate and store AI research briefs and reply drafts personalised to you
• To enforce subscription limits and usage quotas
• To process payments via Stripe
• To improve the quality and reliability of the service

We do not use your data for advertising, profiling, or any purpose unrelated to operating Emiko.

Emiko uses essential cookies for authentication session management (provided by Supabase Auth). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

The app may use browser localStorage for client-side preferences such as theme selection and onboarding state. This data remains on your device and is not transmitted to our servers.

We do not sell, rent, or share your personal data with third parties for marketing or commercial purposes. Data is shared only with the following service providers as necessary to operate the product:

• Supabase (Singapore region) — database, authentication, and row-level security
• Anthropic (US) — AI content generation via Claude API
• Exa (US) — web research and company intelligence queries
• Vercel (global CDN) — application hosting and serverless functions
• Stripe (US) — payment processing and subscription management

Each of these providers has their own privacy policies and data processing agreements. We select providers that maintain appropriate security certifications and data protection practices.

Your account data and generated content are retained for as long as your account is active. Usage logs are retained for 90 days for billing reconciliation. Cached research briefs are retained for 30 days to avoid redundant API calls.

Upon account deletion, your personal data, generated content, and settings are permanently removed within 30 days. Anonymised, aggregated usage statistics may be retained for service improvement purposes.

All data is stored in Supabase with row-level security (RLS) policies — your data is accessible only to your authenticated account. All connections are encrypted in transit via HTTPS/TLS. API routes enforce authentication and per-user rate limiting.

We conduct regular security reviews of our database policies and access controls. If you discover a security vulnerability, please report it to the contact address below.

In the event of a data breach that poses a risk of significant harm, we will notify affected users and the relevant authorities in accordance with Singapore's Personal Data Protection Act (PDPA).

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data and account
• Portability — request an export of your data in a machine-readable format
• Restriction — request that we limit processing of your data
• Withdraw consent — withdraw consent for data processing at any time

To exercise any of these rights, contact us at the address below. We will respond to requests within 30 days.

Emiko is operated from Singapore. Your data may be processed in other jurisdictions where our sub-processors operate (primarily the United States). Supabase infrastructure is hosted in Singapore. By using Emiko, you consent to the transfer of your data to these jurisdictions. We ensure that all sub-processors maintain appropriate data protection standards.

Emiko is designed for business professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated via email or an in-app notice. Continued use of Emiko after changes constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or to exercise your rights, contact: reynold@emikoai.com