Privacy Policy

Last updated: March 20, 2026 | Effective Date: April 1, 2026

This Privacy Policy describes the privacy practices of Engineering AI Corporation (a Delaware corporation doing business as "Gottlieb," with its principal office at 131 Continental Dr, Suite 305, Newark, DE 19713, USA) ("Company," "we," "us," "our"). This Privacy Policy applies to personal information that we collect through our website at https://www.gottlieb.ai ("Site"), our platform at https://us.platform.gottlieb.ai/ for US and global use and https://eu.platform.gottlieb.ai/ for EU use ("Platform"), and any other services or interactions described in this Privacy Policy (collectively, the "Service").

If you are a California resident, please see Section 9 for information about your rights under the California Consumer Privacy Act (CCPA/CPRA). If you are located in the European Economic Area, United Kingdom, or Switzerland, please see Section 8 for information about your rights under the GDPR.

1. Personal Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, professional title, organization name, phone number, and billing information when you create an account or subscribe to our Service.
• Customer Data: Documents, engineering specifications, standards, and other materials you upload to or create within the Platform.
• Content (Input/Output): Information you submit as input to the AI-powered features of the Service, and the resulting output generated by the Service.
• Communication Information: Information you provide when you contact us for support, submit inquiries, provide feedback, or communicate with us via email or other channels.
• Payment Information: Billing address, payment method details, and transaction history. We do not directly store full credit card numbers; payment processing is handled by Stripe, Inc. (our third-party payment processor), which processes card data on PCI DSS Level 1 certified infrastructure.

1.2 Information We Collect Automatically

• Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date/time of visit, and clickstream data. For users accessing the Service from the European Economic Area, United Kingdom, or Switzerland, IP address data is anonymized or immediately discarded after being used for limited geo-location derivation, and is not logged, accessible, or used for any other purposes.
• Device Information: Device type, unique device identifiers, screen resolution, and language settings.
• Usage Data: Features used, frequency of use, session duration, search queries within the Platform, and interaction patterns with the Service.
• Cookie Data: Information collected through cookies and similar technologies as described in our Cookie Policy at www.gottlieb.ai/legal/cookies.

1.3 Information From Third Parties

• Single Sign-On Providers: If you authenticate using a third-party service (e.g., Google Workspace, Microsoft), we receive your name, email address, and profile information as authorized by you.
• Business Partners: We may receive business contact information from partners, resellers, or event organizers.

2. How We Use Personal Information

We use personal information for the following purposes:

• Provide and operate the Service: Process your inputs, generate outputs, authenticate users, manage accounts, and deliver the functionality of the Platform.
• Improve and develop the Service: Analyze usage patterns, identify areas for improvement, conduct research and development, and test new features. Note: We do NOT use Customer Data or Content to train AI models (see Section 5).
• Customer support: Respond to inquiries, troubleshoot issues, and provide technical assistance.
• Billing and administration: Process payments, manage subscriptions, and maintain accounting records.
• Security and fraud prevention: Detect, investigate, and prevent security incidents, fraud, and abuse of the Service.
• Marketing and communications: Send service updates, product announcements, and marketing communications (with your consent where required by law).
• Legal compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. How We Share Personal Information

We do not sell your personal information. We share personal information in the following circumstances:

3.1 AI Model Providers

To deliver the AI-powered features of the Service, we share Content (Input/Output) with the following third-party AI model providers:

All AI model providers are contractually bound by data processing agreements that prohibit them from: (i) training their models on your data, (ii) retaining your data beyond the processing duration, and (iii) using your data for any purpose other than providing the response.

3.2 Cloud Infrastructure Providers

We use Google Cloud Platform, Microsoft Azure, and Amazon Web Services for hosting, storage, and computation. These providers process data on our behalf under data processing agreements.

3.3 Corporate Tools

We use Google Workspace for corporate email and internal collaboration. Account Information and Communication Information may be processed through Google Workspace.

3.4 Other Sharing

• Service Providers: We may share personal information with vendors who assist us with analytics, payment processing, customer support, and marketing, subject to confidentiality obligations.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as a business asset.
• Legal Obligations: We may disclose personal information when required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
• With Consent: We may share personal information with your consent or at your direction.

For a complete list of subprocessors, see www.gottlieb.ai/legal/subprocessors.

4. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Information: Retained for the duration of your account plus 30 days after deletion, except where longer retention is required by law.
• Content (Input/Output): Retained in accordance with your subscription terms. You may delete Content at any time through the Platform. Upon account termination, Content is deleted within 90 days.
• Log Data and Usage Data: Retained for up to 24 months for analytics and security purposes.
• Payment Records: Retained for 7 years as required by tax and accounting regulations.
• Marketing Consent Records: Retained for the duration of the consent plus 3 years.

5. No Model Training on Customer Data

Engineering AI Corporation does not use Customer Data or Content to train, fine-tune, or otherwise improve AI models. This commitment extends to all of our AI model subprocessors (Google, Anthropic, OpenAI), each of which is contractually prohibited from training on data processed through the Gottlieb Platform. This no-training guarantee is documented in our Platform Agreement (Section 11.7).

6. International Data Transfers

Engineering AI Corporation is incorporated in the State of Delaware, USA, with its principal office at 131 Continental Dr, Suite 305, Newark, DE 19713, USA. Your personal information may be transferred to and processed in countries other than the country in which you are resident, including the United States.

We rely on the following transfer mechanisms for transfers of personal data from the EEA, UK, or Switzerland to the United States:

• Standard Contractual Clauses (SCCs): We enter into Standard Contractual Clauses as approved by the European Commission (Decision 2021/914) and the UK Information Commissioner's Office International Data Transfer Agreement/Addendum, to provide appropriate safeguards for cross-border data transfers.

For more information about our data transfer practices, see our Data Transfer Addendum at www.gottlieb.ai/legal/datatransfer.

By end of 2026 we will also comply with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, United Kingdom, and Switzerland, respectively. We will certify our adherence to the DPF Principles by end of 2026. Until certification is achieved, SCCs remain our primary transfer mechanism. Our Data Transfer Addendum (Section 2.1(d)) documents this forward-looking mechanism. To learn more about the DPF, please visit the Data Privacy Framework website.

7. Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures are described in our Security Addendum at www.gottlieb.ai/legal/security and include encryption at rest (AES-256) and in transit (TLS 1.2+), access controls, regular security assessments, and incident response procedures.

8. Your Rights — EEA, UK, and Switzerland (GDPR)

8.1 Legal Bases for Processing

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data based on the following legal bases:

Where processing is based on consent for website/app tracking (e.g., Cookie Data), our consent mechanism (e.g., the consent banner) is designed to meet the requirements of the EU User Consent Policy, providing users with granular, informed choices, and transmitting consent signals (via Consent Mode) to our measurement partners.

8.2 Your Rights

Under the GDPR, you have the following rights:

• Access (Art. 15): Request a copy of the personal data we hold about you.
• Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
• Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
• Objection (Art. 21): Object to processing based on legitimate interests, including profiling. Object to direct marketing at any time.
• Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Automated Decision-Making (Art. 22): Not to be subject to solely automated decision-making with legal or similarly significant effects. Note: The Gottlieb Service does not make automated decisions with legal effects — all output requires human review.

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@gottlieb.ai or write to:

Engineering AI Corporation Attn: Data Protection 131 Continental Dr, Suite 305 Newark, DE 19713, USA

We will respond to your request within 30 days (one month). In complex cases, this period may be extended by an additional two months, in which case we will inform you of the extension and the reasons for the delay.

8.4 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.

As Engineering AI Corporation is established in the United States, you may lodge a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence or place of work. A list of EU data protection authorities and their contact details is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

You also have the right to an effective judicial remedy under GDPR Article 79.

9. Your Rights - California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides you with specific rights regarding your personal information.

9.1 Categories of Personal Information Collected

9.2 Your California Rights

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising purposes without your consent.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

9.3 How to Exercise Your Rights

Submit a verifiable request to privacy@gottlieb.ai or write to us at the address in Section 12.

10. Children's Privacy

The Service is not directed to children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected personal information from a child, please contact us at privacy@gottlieb.ai.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on our Site and updating the "Last updated" date. For material changes, we will provide notice through the Service or via email. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

Engineering AI Corporation 131 Continental Dr, Suite 305 Newark, DE 19713, USA

Email: privacy@gottlieb.ai

Data Protection Contact: privacy@gottlieb.ai

For the quickest response, please use our email address. We are committed to resolving any privacy concerns promptly and transparently.