Privacy Policy

Last updated: May 3, 2026

E-Labs AI ("E-Labs", "we", "us", or "our") operates the website www.elabsai.com and the E-Labs platform products (Copilot, THE MACHINE, AI Content Studio, Enterprise, and GPU Rental). This Privacy Policy describes how we collect, use, and share information about you when you use our services.

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, subscribe to a paid plan, or contact us for support:

• Account data: email address, name, and authentication tokens (OAuth via GitHub or Google).
• Billing data: handled entirely by Stripe. We do not store raw card numbers. We retain your Stripe customer ID and subscription status.
• Usage data: message counts, workflow run counts, and tier usage metrics — used for quota enforcement and analytics.
• Audit logs: timestamped records of API calls and authentication events for security and compliance purposes.

2. How We Use Your Information

• To provide and improve our services.
• To process payments and manage subscriptions via Stripe.
• To enforce usage limits and service tiers.
• To send transactional emails (account creation, payment receipts, subscription changes).
• To detect and prevent fraud or abuse.

3. Data Storage and On-Premise Deployments

E-Labs is designed with privacy as a core principle. Where you deploy E-Labs on your own hardware (on-premise), your data — including conversation history, files, and workflow outputs — remains entirely on your infrastructure. E-Labs does not transmit or access data stored on your local deployment.

4. Cookies

We use a minimal set of cookies for authentication (elabs_token, elabs_refresh). These are HttpOnly, Secure, and SameSite=Strict. We do not use advertising or tracking cookies.

5. Third-Party Services

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Cloudflare — CDN and tunnel infrastructure. Subject to Cloudflare's Privacy Policy.
• GitHub / Google OAuth — sign-in only. We receive your email address and public profile data; we do not receive your repository contents or contacts.

6. Data Retention

We retain account and billing records for as long as your account is active or as required by law (minimum 7 years for billing records for accounting compliance). You may request deletion of your personal data by contacting us at [email protected].

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, email [email protected] with the subject line "Privacy Request".

8. Security

We implement industry-standard security practices including JWT-based authentication, encrypted connections (TLS), parameterized database queries, and rate limiting. We conduct periodic security reviews and address vulnerabilities promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, please contact us at [email protected].