Legal
Privacy Policy
Last updated: June 15, 2026
1. Introduction
This Privacy Policy explains how Ngenaire Inc. (“Ngenaire”, “we”, “us”) collects, uses, shares, and protects personal information when you use the Ngenaire website and application at ngenaire.com (the “Service”). Ngenaire is the controller of the personal information processed through the Service. By using the Service you agree to this Policy, which supplements our Terms of Service.
2. Information We Collect
We collect the following categories of information:
- Account information — your username, email address, and full name; and optional profile details you choose to provide, such as department, title, phone number, time zone, and language.
- Authentication data — a securely hashed password if you register with a password, or, if you sign in with Google, the identifier Google provides for you (such as your Google account subject ID and email). We never receive your Google password.
- Content you create — the projects, requirements, diagrams, concepts of operations, statements of work, risks, test artifacts, notes, files, and other materials you submit to or generate with the Service.
- Usage and log data — information generated as you use the Service, such as actions taken, AI interactions and chat turns, timestamps, and basic technical data needed to operate and secure the Service.
- Billing information — your subscription status, credit usage history, and a customer identifier from our payment provider. Payment card details are collected and processed directly by Stripe; we do not store your full card number. If you purchase, we collect a billing address to calculate applicable taxes.
3. How We Use Information
We use personal information to:
- provide, operate, maintain, and improve the Service;
- power AI features by processing the content you submit (see Section 4);
- process payments, manage subscriptions and credits, and calculate taxes;
- authenticate you, secure the Service, and prevent fraud and abuse;
- respond to your requests and provide support;
- send transactional and service-related communications, such as account and billing notices and organization invitations; and
- comply with legal obligations and enforce our Terms.
4. AI Processing
To provide AI features, the content you submit for those features — such as your prompts and the project content you ask the AI to work with — is transmitted to and processed by our AI provider (by default, Anthropic, the maker of Claude) to generate a response. Only the data needed to fulfill your request is sent.
We do not sell your personal information, and we do not use Your Content to train our own models. Our AI provider processes data on our behalf under its own terms and data-handling commitments. AI features are optional in the sense that they are invoked only when you use them.
5. Subprocessors & Sharing
We share personal information with service providers (“subprocessors”) who process it on our behalf to operate the Service. We do not sell personal information. Our current subprocessors include:
| Provider | Purpose |
|---|---|
| Anthropic | AI processing for chat, drafting, critique, and report features |
| Stripe | Payment processing, subscriptions, and tax calculation |
| Optional “Sign in with Google” authentication | |
| Email delivery provider (e.g. SendGrid) | Transactional email such as invitations and account notices |
| Cloud object storage (S3-compatible) | Storage of uploaded files and generated artifacts |
| Cloud hosting, database, and cache providers | Running the application, database, and session state |
| Plausible & Google Analytics | Aggregate analytics on our public marketing pages only (see Section 6) |
| Web-search provider (e.g. Tavily), where enabled | Optional web search used by some AI features |
We may also disclose information if required by law, to enforce our Terms, to protect the rights, safety, and security of Ngenaire and its users, or in connection with a merger, acquisition, or sale of assets (subject to this Policy).
7. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Service. When you close your account or request deletion, we delete or de-identify your personal information within a reasonable period, except where we must retain it to comply with legal, tax, or accounting obligations, resolve disputes, or enforce our agreements. For example, billing and credit-transaction records are retained as required for accounting and audit purposes.
8. Security
We use technical and organizational measures designed to protect personal information, including hashing of passwords, short-lived access tokens, encryption of traffic in transit, and role-based access controls. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential.
9. Your Rights
Depending on where you live, you may have rights to access, correct, update, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of the European Economic Area and the United Kingdom have rights under the GDPR/UK GDPR; California residents have rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them. We do not sell personal information.
To exercise any of these rights, contact us at privacy@ngenaire.com. We will respond as required by applicable law and may need to verify your identity first. You also have the right to lodge a complaint with your local data-protection authority.
10. International Transfers
Ngenaire Inc. is incorporated in and operates from Canada, and our subprocessors are located in Canada and the United States. Your personal information may therefore be processed in countries other than your own, including Canada and the United States, which may have different data-protection laws. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for these transfers.
11. Children's Privacy
The Service is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice, such as by posting the updated Policy with a new “Last updated” date or notifying you in the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13. Contact
Questions or requests about your privacy? Contact us:
- Email: privacy@ngenaire.com
- Ngenaire Inc., 50 Shemer Dr, Thornhill, ON L4J 9C1