Legal

Privacy Policy

Last updated: April 2026

Epita ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR).

1. Who we are

Epita is operated by Epita Ltd, registered in Cyprus. You can contact us at privacy@epita.ai.

2. What we collect

When you join our waitlist, we collect:

• Your name
• Your email address
• The date and time you gave consent
• Your IP address and browser user agent (as proof of consent under GDPR)

We do not use third-party tracking cookies on this website. We do not sell or share your data with advertisers.

3. Why we collect it (legal basis)

• To manage your waitlist signup — legal basis: steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR).
• To send you occasional updates about Epita's progress and launch — legal basis: your explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.
• To keep an audit trail of your consent — legal basis: compliance with our GDPR obligations (Art. 6(1)(c) GDPR).

4. How long we keep it

We will keep your waitlist data until the earliest of:

• You unsubscribe or request deletion;
• Two (2) years of inactivity after Epita's public launch;
• The Epita project is discontinued, in which case all waitlist data will be deleted.

5. Who has access

Your data is stored on servers located in the European Union and is accessible only to authorized personnel of Epita. We use the following processors to operate the service:

• Hetzner — infrastructure hosting
• Resend — transactional and update email delivery
• Cloudflare — DNS, CDN, and DDoS protection

All processors are bound by Data Processing Agreements (DPAs) and GDPR-compliant safeguards.

6. Your rights under GDPR

You have the right to:

• Access — request a copy of the personal data we hold about you;
• Rectification — correct inaccurate or incomplete data;
• Erasure — ask us to delete your data ("right to be forgotten");
• Restriction — ask us to limit how we use your data;
• Portability — receive your data in a machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@epita.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

7. Unsubscribing

Every email we send contains a one-click unsubscribe link. You can also withdraw consent by emailing privacy@epita.ai.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is perfectly secure, but we take every reasonable step to protect what you share with us.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. If the changes are material, we will notify you by email.

10. Contact

Questions, requests, or concerns? Email privacy@epita.ai.