Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

We collect only what is necessary to operate the e2a platform:

  • Email address — for account creation, OTP authentication, and transactional notifications.
  • API usage metadata — runtime creation timestamps, duration, resource consumption, and billing events.
  • Payment information — processed by Stripe. We do not store card numbers or bank details.

2. Runtime Data & Isolation

Each runtime runs behind an isolated microVM boundary. Runtimes cannot access the host filesystem, network, or other tenants. Runtime-local data is ephemeral by default and is destroyed when the runtime terminates. No runtime data is logged, inspected, or retained by e2a unless you explicitly configure persistent workspace storage.

3. Workspace Storage (S3)

If you opt in to workspace persistence, files are stored in Amazon S3 buckets scoped to your account. Workspace data is encrypted at rest (AES-256) and in transit (TLS 1.2+). You control what is stored and can delete workspace data at any time via the API or dashboard. Workspace storage is billed at the published credit rate.

4. Model Provider Keys

When you use model provider keys, your API keys (OpenAI, Anthropic, etc.) are injected as environment variables at runtime startup and passed through to your workload. Keys are never written to disk, logged, or stored by e2a infrastructure.

5. Cookie Policy

e2a does not use cookies. Authentication tokens (JWT) are stored in browser localStorage and are scoped to the active site origin. We do not use tracking cookies, analytics beacons, or third-party advertising pixels.

6. Data Retention

  • Account data is retained while your account is active.
  • Billing records are retained for 7 years (tax compliance).
  • Runtime-local data is destroyed immediately on termination.
  • Workspace (S3) data is deleted within 30 days of account closure or on-demand via the API.

7. Third-Party Services

  • AWS — infrastructure (EC2, S3). Data processed in ap-southeast-1 (Singapore).
  • Stripe — payment processing. Subject to Stripe's Privacy Policy.

8. Your Rights

You may request export or deletion of your account data at any time by contacting privacy@deictic.ai. We respond to requests within 30 days.

9. Contact

For privacy-related questions, contact privacy@deictic.ai.