// Privacy and data use

Privacy Policy

This policy explains what information EdgePoint Strategy handles through its public website, advisory services, and secure client platform.

Public trust documentLast updated July 10, 2026

Questions can be sent to [email protected].

Scope

This Privacy Policy applies to edgepointstrategy.com, the EdgePoint Strategy client platform, contact communications, and related services that link to this policy. A separate customer agreement or data processing agreement may impose additional or different requirements. If those terms conflict with this policy, the signed agreement controls for that customer relationship.

Information we collect

Information you provide

  • Contact information, such as name, business email, company, telephone number, and message content.
  • Account information, such as name, email, job title, organization, authentication records, and account preferences.
  • Customer content, including contracts, documents, prompts, risk inputs, analysis instructions, and other material submitted to the client platform.
  • Communications and support requests sent to EdgePoint Strategy.

Information collected through use

  • Session information, IP address, browser and device information, timestamps, and security-related request data.
  • Service metadata, such as selected tools, file names and sizes, model usage, token counts, latency, and error information.
Please submit only information you are authorized to provide. Customer content can contain confidential, personal, or regulated information. Your organization remains responsible for deciding what information is appropriate to submit.

How we use information

  • Provide, secure, maintain, and improve the website, client platform, and professional services.
  • Authenticate users, manage organization access, and respond to support requests.
  • Process documents and prompts, generate requested analyses, and store results selected by users.
  • Communicate about inquiries, engagements, service changes, and security matters.
  • Detect misuse, troubleshoot errors, comply with law, and protect EdgePoint Strategy, customers, and other people.

Service providers and disclosures

We disclose information only as needed to operate the service, fulfill customer instructions, protect the service, complete a business transaction, or comply with law. Current service categories include:

  • Hosting and storage: Railway hosts the application, PostgreSQL database, and file volume.
  • AI processing: OpenRouter routes requests to approved GPT-5 model endpoints. EdgePoint enforces zero-data-retention and no-data-collection routing for application requests. See the AI Data Processing Statement.
  • Email delivery: Resend processes contact and service emails.
  • Authentication: Better Auth manages application sessions. Google or Microsoft processes information when a user chooses the corresponding sign-in method and that provider is enabled.
  • Network delivery: Cloudflare provides DNS, proxying, and transport security for the public domain.

We may also disclose information to professional advisers, authorities, or other parties when reasonably necessary to meet legal obligations, enforce agreements, investigate security issues, or protect rights and safety.

Cookies and sessions

The public marketing site does not use advertising cookies. The client platform uses essential cookies and similar session mechanisms for authentication, security, and account continuity. Blocking essential cookies can prevent sign-in and protected tools from working.

Retention, deletion, and security

Customer files and saved analyses remain available until an authorized user deletes them, an administrator removes them, or the account relationship ends and deletion is requested. We do not currently apply a fixed automatic purge period to active customer content. Details are in the Data Retention and Deletion Policy.

We use technical and organizational measures intended to protect information. No method of storage or transmission is completely secure. See the Security Overview for the controls currently implemented.

Your choices and requests

Depending on your location and relationship with EdgePoint Strategy, you may have rights to request access, correction, deletion, restriction, or a copy of personal information. Send requests to [email protected]. We may need to verify your identity and authority before acting on a request.

Children and changes

The services are intended for business users and are not directed to children under 13. We may update this policy as the services or legal requirements change. The date at the top identifies the current version.