TLDR
We encrypt all your stored files with AES-256, the same standard banks and government agencies use. When files move between your device and our servers, TLS/SSL creates a protected tunnel so no one can intercept anything along the way. At the moment, since we do not use passwords, nobody can access your account unless they also have access to your email. We also include an option in settings to turn on that allows support to gain access to your account to help resolve issues when you need it. Meaning, even we can't access the content of your workspace.
We don't use your content to train AI models. When our AI features (transcription, smart search) process your files, they're doing that work for you alone, not feeding anything into training datasets that others would benefit from. However, depending on the models you select when chatting with AI in Eden, the data does flow through their systems in order to generate a response. At that point, your data is subject to their privacy policy. Within Eden, your files live on Railway S3's cloud infrastructure with standard industry protections, and we don't sell, rent, or share your information with third parties for their own purposes. The only people who can access your files are you and anyone you specifically choose to share with.
How We Handle Your Data
At Eden, our team is dedicated to developing and implementing data privacy processes and safeguards that meet industry standards and best practices. We conduct ongoing training for our teams to ensure they are up to speed with developments in legislation and essential privacy and security practices.
Every Eden employee and contractor signs non-disclosure agreements to maintain the confidentiality and security of your data.
What is User Content?
Eden defines User Content as any data that you store in our services. This includes:
Files you upload (PDFs, ePub files, images, videos, audio files)
Notes and documents you create using rich text or markdown
Folders and workspace organization structures
Comments and annotations on documents
File metadata (name, size, type, creation date, modification date)
User Content does not include analytics data or Account Information, which we describe below. The terms of our Terms of Service and Data Processing Addendum apply to your User Content.
What is Account Information?
Account Information is the information that you provide to us so that we can create and administer your account. This includes:
Email address (required for registration)
Name (optional)
Password or Google account information (if using social login)
Payment and billing information
Team member invitations and sharing permissions
Usage information and support communications
The terms of the Eden Privacy Policy apply to any personal information included in Account Information.
Who Owns and Controls User Content?
You own your User Content, including any files you upload or documents you create in Eden.
You control your User Content. You determine what content and data will be uploaded to Eden. Once uploaded, you manage access to your workspace by setting sharing permissions, creating public links, and inviting team members.
You also control the administration of your content by managing your folders, permissions, and collaboration settings.
How Does Eden Use My Account Information?
The Eden Privacy Policy describes in detail how we collect and use your Account Information. In summary, we use it to:
Create and manage your account
Process payments and manage subscriptions
Deliver customer support and respond to inquiries
Send transactional emails (account notifications, receipts, service updates)
Analyze usage patterns to improve our services
AI and Machine Learning Features
Eden includes integrated AI capabilities that process your content to provide enhanced functionality:
Automatic Transcription: Audio and video files are automatically transcribed upon upload
Smart Search: Your content is indexed using AI-generated embeddings for semantic search
AI Chat: Interactive question-answering with your documents
Auto-tagging: Intelligent categorization and organization of content
Important: We do NOT use your personal content to train or improve AI models. AI processing is integral to our service's core functionality and is performed by trusted third-party providers including OpenAI, Anthropic, Google AI, xAI, and Deepseek. Once your data is processed through these third-party providers, it is also subject to their privacy policies.
Who Should I Contact About Data Protection?
If you have any questions about our privacy practices, please contact us at:
Eden Suite, Inc.
1111B S Governors Ave STE 37203
Dover, DE 19904, United States
GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the collection and use of personal data of EU residents, and that allows data subjects to exercise control over their data.
As the GDPR is widely considered to be the most stringent global privacy standard, we have mapped our privacy program to the GDPR and other global privacy regulations including CCPA, PIPEDA, and LGPD.
Eden as Processor and Controller
The GDPR and other data protection legislation have two primary classifications related to the collection and processing of personal data: data controller and data processor.
A data controller determines the means and purposes for processing personal data, while a data processor is a party that processes data on behalf of the data controller.
Where you are a data controller or data processor, Eden is the data processor of personal data that you and your users upload to the Eden service. We process any such personal data at your direction and on your behalf, in accordance with our Data Processing Addendum.
Cross Border Transfers
We understand and adhere to the rules for international transfers of personal data outside of the European Economic Area and UK.
We ensure appropriate protection for international transfers through:
Standard Contractual Clauses (SCCs): EU-approved contracts for data transfers
Data Processing Agreements: Contracts with all service providers
Technical Measures: Encryption and access controls regardless of location
Adequacy Decisions: Relying on official adequacy findings where available
Subprocessor List
We work with certain companies and tool systems to provide our services to you. All of these companies have been carefully vetted for best-in-class security and data privacy practices.
Category | Providers | Purpose |
|---|---|---|
AI Processing | OpenAI, Anthropic, Google AI, xAI, Deepseek, Perplexity | Transcription, semantic search, document chat |
Cloud Infrastructure | Railway (US-East), Railway S3 | Application hosting, file storage |
Databases | InstantDB (Aurora/AWS), Elasticsearch | User data storage, search indexing |
Payment Processing | Stripe, Orb | Payment processing, subscriptions |
Monitoring & Analytics | OpenObserve, Google Analytics | Performance monitoring, analytics |
Authentication | InstantDB Auth | User authentication, session management |
Data Governance
Data governance relates to the policies and procedures that dictate how data is procured and used throughout its life cycle—from creation and collection to processing, distribution, storage, and deletion.
Eden's commitment to data governance is key to keeping our users' data secure, private, accurate, and accessible.
Privacy by Design
At Eden, we believe in privacy by design, which means that privacy considerations are built into every aspect of our products and services from the outset. This includes the development of new products, features, and the selection of vendors. We conduct regular training with our personnel to reinforce that we need to think of user privacy at all stages of the development lifecycle.
Data Export
Companies and individuals generally have a duty to back up their information in multiple places. Eden allows you to download your files in their original format at any time. This way our users can further protect themselves by backing up their information whenever they choose.
Data Deletion
You control your User Content, including all files and documents you create. When you delete files, they enter a 30-day soft delete period for recovery purposes before permanent deletion.
When you delete your account, Eden will:
Delete the account associated with your email address
Delete all your files and content after a 30-day grace period
Remove you from any team workspaces
Retain payment records for 7 years as required for tax and accounting purposes
To delete your account, please contact us at support@eden.so. Self-service account deletion is coming soon.
Data Security
We implement comprehensive security measures to protect your information:
Technical Security Measures
Encryption at Rest: AES-256 encryption for all stored files (via Railway S3)
Encryption in Transit: TLS/SSL encryption for all data transfers
Two-Factor Authentication: Email-based verification for enhanced account security
Access Controls: Role-based access controls for team accounts
Infrastructure Security: Secure cloud infrastructure with regular updates
Organizational Security Measures
Role-based access controls for our employees
Incident response procedures with breach notification protocols
Regular security training for our team
Limited access to production systems
SOC 2 Type II certification (in progress)
Data Retention
We retain your information for as long as necessary to provide our Service and comply with legal obligations:
Data Type | Retention Period | Notes |
|---|---|---|
Active Account Data | Account duration + 30 days | While account is active |
Deleted Files | 30 days after deletion | Recovery period |
Payment Records | 7 years | Tax and accounting requirements |
Security Logs | 90 days | Security analysis |
Analytics Data | 14 months | Google Analytics default |
Your Privacy Rights
Regardless of your location, you can:
Access Your Data: Request information about what data we hold about you
Correct Your Data: Update inaccurate or incomplete information
Delete Your Data: Request deletion of your account and associated data
Export Your Data: Download your files in their original format
Manage Communications: Opt-out of marketing emails
Additional rights apply based on your region, including GDPR rights for EU/UK residents, CCPA/CPRA rights for California residents, PIPEDA rights for Canadian residents, and LGPD rights for Brazilian residents.
To exercise any of these rights, please contact us at support@eden.so. We will respond within 30 days (GDPR) or 45 days (CCPA).
Policies
At Eden we want to be as transparent as possible with our users about how we collect, process, store, and use their personal data. We maintain comprehensive and detailed policies regarding how we handle your personal information:
Privacy Policy
Terms of Service
California Privacy Notice
To ensure that our terms track with the GDPR, CCPA, and other global privacy standards, we continually have our terms assessed and updated.
