Magnum
by eSapiens
Privacy and Security Notice
This Privacy and Security Notice (“Notice”) explains how Silicon Sapiens LLC (“eSapiens,” “we,” “our,” or “us”) collects, uses, discloses, stores, secures, and otherwise processes information in connection with the eSapiens website, hosted platform, APIs, workspaces, and related products and services (collectively, the “Services”).
The Services include the eSapiens platform and related products and capabilities across Knowledge Intelligence, Data Intelligence, and Process Intelligence, including Derek, Thor, ThunderScan, Immersive Max, Airbridge, MCP, APIs, document ingestion, retrieval systems, database analysis, reporting, dashboards, integrations, and workflow tools.
This Notice is informational. It does not amend any separate written agreement and does not create a service-level commitment, security warranty, or compliance attestation unless a separate written agreement expressly states otherwise.
1. Important Role Distinctions
eSapiens may act in more than one privacy role, depending on the data and the service context.
A. Service Provider / Processor Role
When an enterprise customer uses the Services to upload files, connect databases, activate Thor, ThunderScan, Derek, Immersive Max, Airbridge, MCP, or other tools, eSapiens generally processes that customer’s data and related personal information on the customer’s behalf and under the customer’s instructions, subject to our contracts with that customer. In that setting, the customer generally acts as the business, controller, or customer of record, and eSapiens acts as its service provider, processor, contractor, or similar vendor.
If you use the Services through your employer or another organization, that organization may control your workspace, retention settings, connected sources, permissions, and certain account information. Privacy requests relating to Customer Content should usually be directed to your organization first.
B. Business / Controller Role
For information that we collect directly for our own business operations—such as website analytics, account administration, billing, support, fraud prevention, security administration, and legal compliance—eSapiens acts as the business or controller.
2. Categories of Information We Collect
Depending on how you interact with the Services, we may collect the following categories of information:
- Identity, account, and contact information, such as name, business email address, phone number, company name, title, account identifiers, and administrator-provided profile information.
- Commercial and transaction information, such as subscription details, billing contacts, invoices, payment-related metadata, plan type, order history, and support entitlement information.
- Authentication, security, and access information, such as login events, password-reset events, role assignments, API keys, token metadata, session identifiers, audit logs, IP address, device information, browser information, and security telemetry.
- Customer Content and workspace content, including prompts, instructions, chat messages, uploaded files, documents, images, metadata, reports, dashboards, alerts, saved configurations, task definitions, and support materials submitted to us.
- Knowledge-base and retrieval artifacts, including customer-specific embeddings, vector indexes, source links, search references, and other retrieval-related materials generated within a customer workspace.
- Database and source-system connection information, such as database type, host information, ports, certificates, connection settings, schema metadata, aggregate statistics, query text, query plans, limited previews, report JSON, and workspace configuration data.
- Usage, diagnostics, and product telemetry, such as feature usage, clicks, interactions, model or token usage, latency, crash reports, troubleshooting information, and performance logs.
- Information from integrations and third parties that you or your organization connect to the Services, including files, records, permissions, metadata, and activity details.
- Feedback and communications, including support tickets, survey responses, ratings, annotations, emails, and other communications you send to us.
We do not ask users to submit sensitive personal information unless reasonably necessary for the Services or expressly authorized by the applicable customer agreement. If you choose to submit regulated or sensitive data, you are responsible for ensuring that you have the rights and approvals required to do so.
3. How We Collect Information
We collect information:
- directly from you;
- from your organization, workspace administrator, or account owner;
- from your device, browser, and use of the Services;
- from databases, repositories, documents, and third-party systems that you or your organization connect to the Services;
- from vendors and service providers that help us operate the Services; and
- from publicly available sources where relevant to account verification, fraud prevention, or business relationship management.
4. Product- and Capability-Specific Data Handling
Because the eSapiens platform includes multiple products and capabilities across several functional areas, different features may process different categories of information.
A. Derek / Knowledge Intelligence
Derek and related knowledge tools convert customer-provided documents and unstructured content into searchable knowledge resources. This may involve parsing files, extracting text and metadata, generating embeddings or vector indexes, storing retrieval references, and retaining chat history or source links according to workspace settings. As between eSapiens and the customer, customer-specific files, prompts, embeddings, and knowledge-base content remain Customer Content.
B. Thor / Data Intelligence
Thor enables natural-language interaction with customer databases. Thor is designed to operate through constrained, read-only access patterns and product-specific safety controls. Thor may process schema information, question text, system-generated SQL, limited query results, and related logs necessary to respond to the user’s request. Unless otherwise stated in a separate written agreement, workspace setting, or express opt-in, Thor does not use non-public customer database content to train a generalized model made available to unrelated customers.
C. ThunderScan / Data Intelligence
ThunderScan is designed for database evaluation and health analysis. In its standard scan flow, ThunderScan is designed to analyze schema metadata and aggregate statistics, rather than extract or store raw customer row-level records. ThunderScan may retain findings, reports, and configuration data in accordance with customer settings, backup practices, and legal retention requirements.
D. Thor, ThunderScan, and related Data Intelligence features (including Immersive Max)
These features may process database connection metadata, schema information, aggregate statistics, live query results, reports, visualizations, dashboard configurations, and related analytics outputs as needed to provide Data Intelligence functionality.
E. Airbridge, MCP, APIs, and workflow-enablement capabilities
These capabilities may process integration configuration, connector identifiers, authentication data, sync metadata, operational logs, and task-related metadata as needed to enable authorized integrations, context retrieval, and workflow actions.
5. How We Use Information
We use information, as permitted by law and contract, to:
- provide, host, authenticate, operate, and administer the Services;
- create and manage workspaces, accounts, roles, subscriptions, and customer environments;
- process prompts, documents, database requests, dashboards, reports, and workflow tasks;
- maintain security, detect fraud, prevent abuse, monitor misuse, and enforce our Terms;
- troubleshoot, support, repair, test, and improve the reliability, quality, and safety of the Services;
- develop analytics, diagnostics, de-identified insights, and Service Improvement Data;
- communicate with customers and users about accounts, support matters, billing, changes, and security issues;
- comply with legal process, contracts, and regulatory obligations; and
- protect the rights, safety, property, and security of eSapiens, our customers, our users, our service providers, and the public.
Unless a separate written agreement, workspace setting, or express opt-in provides otherwise, we do not use non-public Customer Content from enterprise workspaces to train a generalized model made available to unrelated customers.
Notwithstanding the foregoing, we may use Customer Content and related records to provide the Services, support customers, secure and monitor the Services, detect and prevent abuse, debug and test systems, conduct trust-and-safety review, and create de-identified or aggregated analytics and other Service Improvement Data. If you voluntarily provide feedback, we may use that feedback without restriction.
6. How We Disclose Information
We may disclose information in the following circumstances:
- To service providers and subprocessors that help us host infrastructure, process payments, provide support, deliver analytics, monitor security, store data, or provide model or communications services, subject to appropriate contractual restrictions.
- To the customer, workspace administrator, or account owner that sponsors the relevant environment, including where account data, audit logs, usage metrics, workspace content, reports, or settings are visible within the customer environment.
- To connected third-party systems, repositories, or tools at your direction or the direction of your organization.
- To courts, regulators, law enforcement, government authorities, professional advisors, insurers, or counterparties where reasonably necessary to comply with law, protect rights or safety, investigate fraud or misuse, or respond to legal process.
- In connection with an actual or proposed merger, financing, acquisition, restructuring, sale of assets, bankruptcy, or similar transaction, subject to customary confidentiality protections.
- In other circumstances with your consent or at your direction.
We do not sell Customer Content for monetary consideration, and we do not share Customer Content for third-party cross-context behavioral advertising. If our public website uses cookies or similar technologies in a way that applicable law treats as a sale, sharing, or targeted advertising, we will provide any notice and opt-out mechanism required by law.
7. Cookies, Logs, and Do Not Track
We and our service providers may use cookies, local storage, pixels, log files, and similar technologies to operate and secure the Services, remember preferences and sessions, measure performance, detect fraud or abuse, and improve functionality.
Some technologies are necessary for the Services to function. Others may be used for analytics, security, or user-experience improvement. You can manage browser-level cookie controls, but disabling certain technologies may affect functionality.
Our public website does not currently respond to browser-based “Do Not Track” signals unless and until we specifically state otherwise in a cookie notice or similar disclosure.
8. Data Retention and Deletion
We retain information for as long as reasonably necessary for the purposes described in this Notice, including to provide the Services, comply with contracts and legal obligations, resolve disputes, enforce agreements, maintain security, and support business continuity.
Retention periods vary based on the type of data, the product used, customer settings, the sensitivity of the data, and applicable legal requirements. Customer Content may be retained until deleted by the customer, until the end of the applicable subscription or retention period, or for a longer period if required for backup, disaster recovery, legal hold, or compliance purposes.
Deleting a connection, workspace, report, or environment may trigger deletion of associated active data, but residual copies may remain in backups, logs, or compliance archives for a limited period.
9. Security
We maintain administrative, technical, and physical safeguards designed to protect information appropriate to the nature of the data and the Services. Depending on context, these measures may include encryption in transit, encryption of certain data at rest, role-based access controls, least-privilege administration, multi-factor authentication for sensitive access, network segmentation, monitoring, audit logging, incident-response procedures, secure development practices, patching, vulnerability management, and tenant or workspace separation controls.
No system is perfectly secure, uninterrupted, or error-free. You remain responsible for protecting your credentials, configuring lawful access to your systems, and using the Services in a manner consistent with your own legal, regulatory, contractual, and internal requirements.
10. U.S. State Privacy Rights
To the extent required by applicable U.S. state privacy law, individuals may have certain rights regarding personal information that eSapiens controls as a “business” or “controller,” such as the right to know, access, correct, delete, obtain a portable copy of, or opt out of certain processing of such personal information, subject to applicable legal limitations, exemptions, and verification requirements.
This Section 10 generally does not apply, or applies only in a limited manner, to Customer Content or other personal information that we process solely on behalf of an enterprise customer as a “service provider,” “processor,” or “contractor.” Where that is the case, requests should be directed to the relevant customer.
To submit a request, please email sage@esapiens.ai with the subject line “Privacy Request.” We may take reasonable steps to verify identity, residency, authority, and the scope of the request before responding. Authorized agents may be required to provide proof of authorization and identity.
If we deny a request and applicable law provides a right to appeal, you may submit an appeal using the instructions in our response or by emailing sage@esapiens.ai with the subject line “Privacy Appeal” within the period required by applicable law.
Nothing in this Section 10 is intended to create rights beyond those required by applicable law or to expand eSapiens’ obligations beyond what applicable law requires.
11. Children’s Privacy
The Services are not directed to children under 13, and we do not knowingly collect personal information online from children under 13. If we learn that we have collected such information without appropriate authorization, we will take reasonable steps to delete it.
If you believe that a child may have provided personal information to us in violation of this Notice, please contact us at sage@esapiens.ai.
12. Third-Party Services and External Sites
The Services may link to or interoperate with third-party websites, applications, repositories, cloud services, data providers, and other tools. We are not responsible for the privacy, security, content, or practices of those third parties. Their terms and notices govern their own processing activities.
If you connect a third-party service to the Services, you are responsible for reviewing that third party’s terms, privacy notice, permissions, and security posture.
13. Changes to This Notice
We may update this Notice from time to time. When we do, we will post the updated version and revise the “Last Updated” date. If we make material changes, we may provide additional notice where required by law.
Your continued use of the Services after an updated Notice becomes effective is subject to the updated Notice, to the extent permitted by law.
14. Contact Us
If you have questions about this Notice or our privacy or security practices, please contact Silicon Sapiens LLC, 808 Travis Street, Suite 1606, Houston, Texas 77002, USA, or email sage@esapiens.ai.