top of page

Data Processing & International Privacy Policy

Last Updated: [November 14, 2025]

This Data Processing and International Privacy Compliance Policy (“Policy”) describes how End of an Era AI, LLC (“End of an Era,” “we,” “us,” or “our”) collects, processes, stores, transfers, and protects personal data in connection with our website, platform, applications, and related services (collectively, the “Service”).

This Policy forms part of our Terms of Service and applies to all users, regardless of geographic location. It supplements our Privacy Policy and Cookie Policy and is designed to ensure compliance with applicable privacy and data protection laws worldwide.

By using the Service, you acknowledge and agree to this Policy.


1 – Definitions

  • “Personal Data” means any information relating to an identified or identifiable individual.

  • “Processing” means any operation performed on personal data, such as collection, storage, use, transfer, or deletion.

  • “Controller” means the entity that determines the purposes and means of processing personal data (End of an Era acts as a Controller for most user data).

  • “Processor” means the entity that processes personal data on behalf of the Controller (End of an Era may act as a Processor when handling uploaded documents or records at the user’s direction).

  • “Data Subject” means the individual whose personal data is processed.


2 – Roles and Responsibilities

  • End of an Era as Controller: For account registration, subscription management, analytics, and communications, End of an Era acts as the Controller of personal data.

  • End of an Era as Processor: For documents, records, or personal information uploaded by users, End of an Era processes data only in accordance with the user’s instructions.

  • Third-Party Processors: We engage carefully vetted service providers (e.g., Microsoft Azure for hosting, Stripe for payments). These providers process data strictly under contractual obligations to protect confidentiality and security.

  • End of an Era retains the discretion to determine the extent and means of processing necessary for the secure, efficient, and lawful delivery of its Service, consistent with applicable data protection principles. Where permitted by law, End of an Era may aggregate or anonymize user data for research, analytics, and service improvement purposes without further notice or consent.


3 – Data Processing Purposes

We process personal data for the following purposes:

  • To provide and maintain the Service

  • To manage user accounts and subscriptions

  • To process transactions and billing

  • To provide customer support and security alerts

  • To improve and personalize user experience

  • To comply with legal obligations (e.g., tax, accounting, probate laws)

  • To detect and prevent fraud or misuse

We do not sell personal data, and we do not use personal data for targeted advertising without your consent.

We may also process data for internal governance, audit, risk management, and compliance monitoring purposes.


We reserve the right to de-identify and use aggregated data for statistical analysis, machine learning model training, performance optimization, and product innovation, provided such data cannot reasonably identify any individual.


4 – Lawful Bases for Processing

We process personal data under the following legal bases (as required by GDPR/UK GDPR):

  • Consent – when you give us explicit permission (e.g., marketing preferences, cookies).

  • Contractual Necessity – to provide the Service you have requested.

  • Legal Obligation – to comply with laws and regulations.

  • Legitimate Interests – for security, product improvement, and fraud prevention (balanced against your rights).

  • In certain cases, we may rely on legitimate interests to ensure business continuity, prevent security threats, and maintain the integrity of our platform and intellectual property. These interests are balanced against the rights and freedoms of the individual.


5 – International Data Transfers

Your personal data may be transferred to and stored on servers in the United States and other countries where End of an Era or its service providers operate.

When transferring data internationally, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.

  • UK Addendum to SCCs for transfers from the United Kingdom.

  • Adequacy Decisions where applicable.

  • Other lawful mechanisms under PIPEDA, Australia’s Privacy Act, and similar frameworks.

  • By using our Service, you acknowledge and consent to the international transfer of your personal data, including to jurisdictions that may not provide the same level of protection as your home country. We implement contractual and organizational safeguards to ensure such transfers meet the highest applicable standards.

  • Where legally permissible, End of an Era reserves the right to choose the most efficient lawful transfer mechanism suitable for its operations.

6 – Data Subject Rights

GDPR / UK GDPR (EEA/UK residents):

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restrict processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent

California (CCPA/CPRA):

  • Right to know categories of personal data collected

  • Right to access specific personal data

  • Right to delete personal data (with exceptions)

  • Right to opt out of sale or sharing of data (we do not sell data)

  • Right to limit use of sensitive personal data

  • Right to non-discrimination

Canada (PIPEDA):

  • Right to access personal data

  • Right to request corrections

  • Right to withdraw consent (subject to legal obligations)

Australia (Privacy Act 1988):

  • Right to access and correct personal data

  • Right to complain to the Office of the Australian Information Commissioner if unresolved

How to Exercise Your Rights: Submit requests to privacy@endofanera.ai. We will verify your identity and respond within the timeframes required by applicable law.

These rights apply only to the extent required by the applicable jurisdictional law. End of an Era reserves the right to verify, limit, or deny requests that are manifestly unfounded, excessive, or infringe upon the rights of others or our legitimate interests.


7 – Security of Processing

End of an Era applies a multi-layered security framework:

  • Encryption – AES-256-GCM for data at rest, SSL/TLS for data in transit, unique session keys.

  • Authentication & Access Controls – MFA for accounts, role-based internal access, no employee access to private content.

  • Hosting & Infrastructure – Microsoft Azure enterprise cloud, PostgreSQL with automated backups, HTTPS protection.

  • Privacy-First Design – no unencrypted data leaves your device, automatic secure deletion when browser data is cleared.

  • Audits & Standards – regular penetration testing, NIST framework alignment, WCAG 2.1 AA accessibility compliance.

  • While End of an Era implements industry-leading security protocols, no method of transmission or storage can guarantee absolute security. Accordingly, End of an Era disclaims liability for unauthorized access, alteration, or destruction of data to the fullest extent permitted by law.


8 – Data Retention

We retain personal data only as long as necessary for the purposes stated or as required by law. Once no longer needed, data is securely deleted or anonymized.

Retention periods vary by data type (e.g., billing records may be kept for up to 7 years to comply with tax laws).

Where lawful and technically feasible, End of an Era may retain minimal backup or archival copies of data for business continuity, dispute resolution, or legal defense purposes.


9 – Subprocessors

We use subprocessors to deliver parts of our Service. These include:

  • Microsoft Azure (hosting)

  • Stripe (payment processing)

  • Customer support and analytics tools

A full and current list of subprocessors is available upon request at privacy@endofanera.ai.


10 – Liability and Limitation

End of an Era is responsible for ensuring subprocessors provide at least the same level of data protection as described in this Policy.

To the fullest extent permitted by law, our total liability under this Policy shall not exceed one hundred U.S. dollars ($100) or the total fees paid in the twelve (12) months preceding the claim, whichever is greater.

To the fullest extent, permitted by applicable laws, End of an Era shall not be liable for indirect, consequential, punitive, or incidental damages arising from data processing activities. Users are responsible for maintaining the security of their own account credentials and ensuring that uploads or submissions do not contain sensitive personal information beyond what is necessary for the use of our Service.


11 – Compliance with Local Laws

This Policy is intended to comply with:

  • U.S. federal and state laws (including CCPA/CPRA)

  • GDPR and UK GDPR

  • Canada’s PIPEDA

  • Australia’s Privacy Act 1988

Where conflicts exist between this Policy and local law, the stricter standard will apply.


12 – Updates to this Policy

We may update this Policy from time to time to reflect legal, technical, or operational changes. Updates will be posted on this page with a new “Last Updated” date. Material changes will be communicated via email or in-app notifications. We reserve the right to notify users of material updates via email, in-app notifications, or other reasonable means to ensure transparency and ongoing compliance. By continuing to use the Service following any update, you agree to the revised terms.


13 – Contact Us

If you have questions or concerns about this Policy or our data practices, contact us at: privacy@endofanera.ai

You may also have the right to file a complaint with your local data protection authority.

bottom of page