Privacy Policy

1. INTRODUCTION AND SCOPE

Empwr.ai, Inc. ("Empwr.ai," "we," "us," or "our") respects the privacy of the individuals who visit our websites, use our products, or otherwise interact with us. This Privacy Policy describes how we collect, use, share, and protect Personal Information across all of our products and services, including:

• Our marketing website at www.empwr.ai and any other websites that link to this Policy (the "Websites").
• The Empwr.ai application, including the web application at app.empwr.ai, any mobile applications we offer, and any successor or renamed application (the "Application").
• The Empwr.ai application for Slack and any other third-party platforms on which we offer an Empwr.ai application (the "Slack App" and, together with other third-party platform applications, the "Platform Apps").
• The Empwr.ai Model Context Protocol server, which allows customers and their authorized MCP clients to read customer data programmatically over the Model Context Protocol (the "MCP Server").
• The Empwr.ai application programming interfaces (collectively, the "API").

We refer to the Application, the Platform Apps, the MCP Server, and the API together as the "Service." The Websites and the Service are referred to together as the "Offerings."

2. CONTROLLER AND PROCESSOR ROLES

Empwr.ai plays different roles with respect to Personal Information depending on the context, and the commitments in this Policy track those roles.

Where Empwr.ai is the controller. Empwr.ai is the controller of Personal Information we collect directly from Website Visitors, prospective customers, investors, candidates, partners, event attendees, and others who interact with our Websites, marketing, and sales functions, and of individual account holders who sign up for the Service on their own behalf (for example, through self-serve trial). In those contexts, this Policy describes our practices and your rights.

Where Empwr.ai is a processor. When an enterprise customer subscribes to the Service, the customer is the controller of Personal Information processed through the Application, the Platform Apps, the MCP Server, and the API. Empwr.ai acts as the customer’s processor and processes that Personal Information under the customer’s instructions, pursuant to the Master Subscription Agreement and Data Processing Addendum between Empwr.ai and the customer. If you are an employee, contractor, or other end user of an enterprise customer, you should direct privacy questions and rights requests to your organization; we will assist the customer in responding.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly. We collect Personal Information that you voluntarily provide when you request a demo, create an account, subscribe to communications, reply to a sales inquiry, attend an event, or otherwise contact us. This may include your name, professional title, employer, business email address, business telephone number, business address, authentication credentials, and the content of messages you send us. If you make a purchase, our payment processor collects payment-card information on our behalf.

3.2 Information We Collect Automatically. When you access the Websites or the Application, we and our service providers collect information automatically, including internet protocol (IP) address, device identifiers, browser type and version, operating system, referring and exit URLs, pages viewed, features used, date and time stamps, language preferences, crash and performance diagnostics, and similar telemetry. We use cookies, local storage, web beacons, pixel tags, and similar technologies to operate, analyze, and improve the Offerings and to measure our marketing.

3.3 Information from Your Account and Use of the Application. When the Service is used under an enterprise subscription, we process Personal Information on the customer’s instruction, including:

• Account profile data (name, email address, job title, organizational role, manager relationships, team membership, profile image, time zone, and communication preferences).
• Calendar and scheduling metadata (attendees, subject lines, times, recurring event identifiers, calendar provider identifiers) for meetings that the customer or its end users have authorized us to process.
• Meeting content (audio and video during processing; generated transcripts, summaries, action items, decisions, risk indicators, and derived metadata).
• Project and collaboration data generated inside the Application, including documents, comments, @mentions, presence information, and real-time collaboration state.
• Authentication and access information (sign-in events, session identifiers, device and network attributes, security logs).
• Product-usage telemetry and support interactions.

3.4 Information from Connected Integrations. With the customer’s or user’s authorization, the Application and the Platform Apps connect to third-party systems and receive Personal Information from them. These include, for example, Google Workspace, Microsoft 365 (including Outlook, Teams, and SharePoint), Slack, Jira, Linear, Notion, Monday.com, Asana, Confluence, Google Docs, GitHub, and similar tools. The data types we receive from each integration are limited to what the customer or user has authorized. The list of active integrations and the data each integration processes is maintained in our Trust Center and in our customer-facing documentation.

3.5 Information Collected through the Slack App. When a customer’s Slack workspace administrator installs the Slack App, we receive the OAuth scopes that the administrator approves. Depending on the scopes granted, we may receive channel metadata, public and private channel messages, direct messages the user has authorized us to receive, user directory profile data, threading and reaction metadata, attached files and links, and activity events necessary to operate the Slack App. Empwr.ai uses information received from Slack only to provide the functionality the customer has purchased, in accordance with this Policy, the applicable customer agreement, Slack’s API Terms of Service, and the Slack Data Processing Addendum. We do not use Slack data to train artificial intelligence or machine-learning models, and we do not sell or share Slack data for advertising purposes.

3.6 Information Exchanged through the MCP Server. The MCP Server is a read-only programmatic surface that allows a customer, or an MCP client that the customer has authorized, to read that customer’s own Empwr data over the Model Context Protocol. The MCP Server does not accept writes; it exposes queries and tool calls that return data. When you or your organization connect an MCP client (for example, Claude, Cursor, ChatGPT, or a custom client) to Empwr.ai, we process authentication credentials (OAuth tokens or API keys), tool-invocation metadata, the content of responses returned to the MCP client, and audit-log data sufficient to record who accessed what data and when.

The customer is responsible for provisioning and revoking MCP credentials, for authorizing or disabling specific MCP clients, and for the actions that authorized MCP clients take. Empwr.ai is not responsible for the data-handling practices of the MCP clients that customers choose to connect; those clients are governed by their own providers’ terms and privacy policies. Content exchanged with an MCP client is treated as Subscriber Data for all purposes, including the AI training and continuous-improvement commitments in Section 6.

3.7 Information from Other Sources. We receive Personal Information from third parties, including our business partners, event co-hosts, enrichment and marketing-intelligence providers, authentication providers, analytics providers, publicly available sources, and parties that refer prospects to us. We combine information received from these sources with information we collect directly and use it in accordance with this Policy.

4. HOW WE USE PERSONAL INFORMATION

We use Personal Information to:

• Provide, operate, maintain, secure, and improve the Offerings and respond to your inquiries.
• Create and manage accounts, authenticate users, and process transactions.
• Process meeting content, integration data, and collaboration activity to produce transcripts, summaries, action items, decisions, risk indicators, and other Service outputs that the customer has instructed us to generate.
• Route and deliver read requests from authorized MCP clients to the MCP Server and return the corresponding data to the client at the customer’s instruction.
• Send transactional communications, including account notices, security alerts, and support messages.
• Send marketing communications, where permitted, about our products, services, events, and content.
• Measure and analyze use of the Offerings and the effectiveness of our marketing.
• Detect, prevent, and respond to fraud, abuse, security incidents, and other unlawful activity, and to enforce our policies and agreements.
• Comply with legal obligations and protect our rights and the rights of others.

5. AUDIO, VIDEO, AND MEETING CONTENT

Audio and video captured during meeting processing is destroyed after transcript generation is complete. Only text-based outputs, such as transcripts, summaries, action items, and derived metadata, are retained, and only in accordance with the customer’s instructions and applicable agreement.

6. AI MODEL TRAINING AND CONTINUOUS IMPROVEMENT

Empwr.ai does not train its own or any third party’s artificial intelligence or machine-learning models on identifiable customer content (including meeting audio, meeting transcripts, Slack messages, integration content, MCP requests and responses, action items, or any Personal Information contained in them) without the customer’s prior written consent. We contractually require our third-party AI service providers to refrain from using customer content to train, improve, or develop their general-purpose models.

We may use de-identified and aggregated usage metrics, which do not include customer content or Personal Information, to measure platform performance and improve the Offerings.

7. HOW WE SHARE PERSONAL INFORMATION

Service providers. We share Personal Information with vendors and service providers that support the Offerings and our business, including hosting, storage, compute, email delivery, customer-relationship management, analytics, monitoring, payment processing, and third-party AI model providers. Service providers are bound by contractual confidentiality and data-protection obligations and are permitted to use Personal Information only to provide services to us. A current list of subprocessors used to deliver the Service is available in the Data Processing Addendum and in our Trust Center.

Authorized integrations and MCP clients. We share Personal Information with third-party systems and MCP clients at the customer’s or user’s direction, as described in Sections 3.4, 3.5, and 3.6.

Legal and safety. We may disclose Personal Information to comply with law, respond to legal process, or honor governmental requests; to enforce our agreements; to investigate fraud or security incidents; or to protect the rights, property, or safety of Empwr.ai, our customers, or others.

Business transfers. If Empwr.ai is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, Personal Information may be transferred as part of that transaction, subject to customary confidentiality protections.

With your direction. We share Personal Information with parties you designate or with your consent.

We do not sell Personal Information, and we do not share Personal Information for cross-context behavioral advertising, as those terms are defined under applicable state privacy laws.

8. LEGAL GROUNDS FOR PROCESSING (EEA AND UK)

Where the EU General Data Protection Regulation or the UK General Data Protection Regulation applies, we rely on the following legal bases:

• Performance of a contract with you, or to take steps at your request before entering into a contract.
• Our legitimate interests, including operating and marketing our business, preventing fraud, and securing the Offerings, where those interests are not overridden by your rights.
• Compliance with a legal obligation.
• Your consent, where required by law, which you may withdraw at any time.

If you are located in the EEA or the United Kingdom, you may contact us at privacy@empwr.ai or at the address listed in Section 14 to exercise your rights.

9. INTERNATIONAL TRANSFERS

Empwr.ai is headquartered in the United States. Personal Information we collect may be transferred to, stored, and processed in the United States and other jurisdictions where we or our service providers operate. Where required, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism.

10. RETENTION

We retain Personal Information for the period reasonably necessary to fulfill the purposes described in this Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Account and enterprise Service data is retained in accordance with the customer agreement and Data Processing Addendum. Website analytics data is retained per our analytics provider configurations. MCP Server audit logs are retained for the period specified in the applicable customer agreement.

11. YOUR PRIVACY RIGHTS

Depending on where you reside, you may have the following rights with respect to your Personal Information:

• Access and portability, correction, deletion, and, where applicable, the right to opt out of targeted advertising, the sale of Personal Information, and certain automated decision-making.
• Restriction or objection to certain processing, and the right to appeal a decision declining a rights request.
• In the EEA, UK, or Switzerland, the right to lodge a complaint with your supervisory authority.

To exercise these rights, email privacy@empwr.ai or write to us at the address in Section 14. We will respond within the time frame required by applicable law, typically within forty-five (45) days, and will not discriminate against you for exercising your rights. If you are an end user of an enterprise customer, please direct rights requests to your organization, which controls the data; we will assist the customer in responding.

12. SECURITY

We maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and loss. These measures include encryption in transit and at rest, access controls, logging and monitoring, secure development practices, and regular security testing. No system is perfectly secure, and we cannot guarantee absolute security.

13. CHILDREN

The Offerings are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13. The Service is intended for use by adult business users only. If you believe a child has provided us with Personal Information, please contact us at privacy@empwr.ai.

14. CHANGES TO THIS POLICY AND CONTACT

We may update this Policy from time to time. When we make material changes, we will post a prominent notice on the Websites and update the “Updated” date above. Your continued use of the Offerings after the effective date of an update constitutes your acceptance of the revised Policy.

You can reach us at:

Empwr.ai, Inc.
Attn: Privacy Officer
240 2nd Ave S, Suite 300
Seattle, WA 98104
Email: privacy@empwr.ai