Privacy

This policy describes how Noah (operated by End Point) collects, uses, and protects information when you use our website and product. It applies to public marketing surfaces, the product application, and our customer-facing APIs.

When you request access, we collect your name, work email, company name, role, and the question you’d ask Noah first. We use this only to evaluate fit for our design-partner cohort and to follow up by email. We do not sell or share this information.

When your workspace becomes active, we collect: the data your workspace administrator connects (via read-only credentials), the questions users ask, the answers Noah returns, and product telemetry (latency, errors, usage counts) needed to operate and improve the service.

Noah reads from your connected systems only. We do not write back. Each connection is established by the workspace administrator and scoped to specific tables, schemas, or API endpoints. Connection credentials are stored in a managed secrets vault, never in application code or logs.

Your data is used to answer your questions. We do not train our own models on customer data. We use frontier model providers under zero-retention contracts; their providers do not retain customer content beyond the response window.

Question and answer history is retained for as long as your workspace is active or until you delete it. Audit logs are retained for at least 12 months on the default plan. Personal data submitted via marketing forms is retained until you request deletion.

You can request access, correction, or deletion of personal data we hold about you by emailing hello@noah.enpointe.io. We respond within the timelines required by applicable law.

See our Security page for the specifics — encryption at rest and in transit, role-based access controls, audit logging, and SOC 2 readiness.

We’ll post material updates to this policy here and notify active workspace administrators by email.

Privacy questions: hello@noah.enpointe.io.