EgretAI
Log inGet Started Free

Privacy Policy

Last updated: March 1, 2026

Egret ("we," "us," or "our") operates the getegret.com website and the Egret platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you subscribe to a paid plan, we collect billing information through our payment processor, Stripe. We do not store full credit card numbers on our servers.

Usage Data

We collect information about how you interact with the Service, including queries submitted, sessions created, features used, timestamps, and credit consumption. This data helps us improve the platform and provide accurate billing.

Query Content

When you submit queries to our RAG advisory engine, we process the query text to generate responses. We store query history within your sessions to enable conversation continuity.

Custom Documents

If you upload documents to a private knowledge base (available on Professional and Enterprise plans), those documents are stored securely and used only for your organization's queries. We do not use your private documents to train models or improve our public corpus.

Automatically Collected Data

Like most web services, we automatically collect certain technical information including IP address, browser type, device information, operating system, referring URLs, and page interaction data. We use cookies and similar technologies for authentication, preferences, and analytics.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process your queries and deliver AI-powered regulatory advisory responses
  • To manage your account, subscriptions, and billing
  • To send service-related communications (account verification, security alerts, billing notices)
  • To monitor usage patterns and enforce plan limits
  • To detect, prevent, and address technical issues and abuse
  • To comply with legal obligations

3. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers — Third parties that help us operate the Service (e.g., Stripe for payments, AWS for hosting, analytics providers). These providers are contractually bound to protect your data.
  • AI Model Providers — We use Amazon Bedrock to process queries. Query content is sent to the model provider to generate responses. We do not permit model providers to use your data for training.
  • Legal Requirements — When required by law, subpoena, or government request, or to protect our rights, property, or safety.
  • Business Transfers — In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

4. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all communications
  • JWT-based authentication with httpOnly cookies
  • Role-based access control for organization features
  • Regular security audits and vulnerability assessments

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your account data and query history for as long as your account is active. Session data is retained to provide conversation history. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to certain processing activities

To exercise these rights, contact us at privacy@getegret.com.

7. Cookies

We use essential cookies for authentication and session management. We may also use analytics cookies to understand how the Service is used. You can control cookie preferences through your browser settings, but disabling essential cookies may affect Service functionality.

8. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

9. International Transfers

The Service is hosted in the United States (AWS us-east-1). If you access the Service from outside the US, your data will be transferred to and processed in the US. We implement appropriate safeguards for international data transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: