Privacy Policy

Effective Date: 2 Jan 2024

EFIMERA LLC (“EFIMERA”, “we”, “our” or “us”) provides AI automations built on propietary and public platforms. This Privacy Policy explains how we access, use, store and share information when you authorize our automations (the “Services”).
 

1. What we collect

We access only the data you explicitly authorize—via OAuth, API keys or other credentials—for the sole purpose of running the workflow you configured. We do not collect analytics, device fingerprints or location data beyond the minimal service logs required for reliability.

​

Restricted & sensitive Google scopes
If you grant access to Gmail, Drive, Calendar or other sensitive/restricted scopes, we handle that data under Google’s API Services User Data Policy, including the Limited-Use requirements.

​

2. How we use your data

• Workflow execution – read/write only the resources necessary to complete each automation step.
• No secondary use – we do not use your data for advertising, profiling or machine-learning model training.
• No sale – we never sell or rent user data to third parties.

​​

3. Sharing & transfers

We do not share Google user data outside of the Services except:

1. With your explicit direction (e.g., you pipe an email into Slack).

2. To comply with a law or valid legal process.

3. To sub-processors under NDA who provide infrastructure (currently AWS US-East-1) and meet or exceed the security controls in this Policy.

 

4. Retention & deletion

• Ephemeral processing – automation payloads are held in memory only, unless you enable n8n persistence.
• Logs – minimal metadata (timestamp, node status) kept 30 days for debugging, then deleted.
• User-initiated deletion – email privacy@efimera.ai or revoke the OAuth token; all associated cached data and refresh tokens are purged within 48 hours.

 

5. Security

• Encryption in transit and at rest (TLS 1.3 / AES-256).
• Secrets management – OAuth tokens stored in the n8n credential vault, server-side encrypted, accessible only to the workflow runtime.
• Annual internal penetration testing; SOC 2 report available under NDA.

 

6. Your rights

Where applicable (GDPR, CCPA) you may access, correct, port or delete your personal data. Submit requests to privacy@efimera.ai. Identity verification is required.

​

7. Children

The Services are not directed to children under 13. We do not knowingly process data from anyone under 13. If informed otherwise, we will delete such data promptly.

​

8. Changes to this policy

We may update this Policy. Material changes are announced 30 days in advance via email to workflow owners and a banner on https://efimera.ai.

​

By connecting your account, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.