Website Privacy Policy
Document Context: Marketing Environment / External Ingress Ports Only
Effective Date: June 1st, 2026
1. Scope and Exclusion Clause
1.1. What This Policy Covers (The Scope) This Website Privacy Policy is issued by epikerdis LLC ("epikerdis," "we," "us," or "our"). This policy applies solely to the personal information collected from non-logged-in visitors interacting with our public-facing marketing and informational domains: epikerdis.ai, helmos.ai, and talentwix.ai (collectively, the "Marketing Sites").
This policy governs routine website interactions and the data provided when you engage with public forms on the Marketing Sites, which are strictly limited to actions such as submitting a "Build with our Engineers" form, a "Request Investor/Exec Briefing" form, or a “Join Waitlist” or a standard newsletter signup.
1.2. What This Policy DOES NOT Cover (The Exclusion Clause) To guarantee absolute clarity and data security for our enterprise buyers, procurement teams, and partners, this Website Privacy Policy categorically excludes our actual software products, including the Helm OS agentic operating system, TalentWix digital partners, and any related proprietary AI environments (collectively, the "Product Environment").
The protected Product Environment begins strictly at our application, administration, and authentication perimeters. Therefore, any subdomains functioning under app., adm., or auth.* across any of our high-level domains are expressly exempt from this Website Privacy Policy.
1.3. Enterprise Data Governance Guarantee Logged-in product usage, proprietary enterprise data, and AI-driven interactions within the Product Environment are structurally bifurcated from our public marketing operations. Enterprise data is never conflated with routine website tracking and is never exposed to standard marketing pixels.
Instead, the Product Environment is governed by an entirely separate, highly secure data governance framework. Prior to accessing the Product Environment, epikerdis LLC is committed to explicitly, directly, and honestly submitting these specific agreements—which will include a tailored Product Privacy Policy, a Master Service Agreement (MSA), and a Data Processing Addendum (DPA)—to any interested user or potential customer for comprehensive review, approval, and consent.
This privacy policy only applies when you are browsing our public marketing websites (epikerdis.ai, helmos.ai, and talentwix.ai) to read about what we do, sign up for a newsletter, or request beta/investor access.
If you are logging into our actual software products (like Helm OS or TalentWix), your enterprise data is governed by completely separate, highly secure product agreements. We actively separate our website marketing from our core software products so that your proprietary business data and AI interactions are never tracked by standard website marketing tools.
2. Notice at Collection & Executive Summary
epikerdis LLC values transparency and enterprise-grade data security. Before you interact with our marketing domains (epikerdis.ai, helmos.ai, talentwix.ai), we want you to know exactly what we collect, why we collect it, and how we protect it.
2.1. Information You Provide Directly When you submit forms on our website, we securely collect only the information necessary to evaluate your request.
- For "Build with our Engineers" or "Investor/Exec Briefings": We collect your Full Name, Corporate email, Organization/Fund, and Primary Area of Interest.
- For "Build with our Engineers": We collect your Full Name, Corporate email, GitHub/LinkedIn Profile, and Proposed Primary Digital Partner Use Case.
- For “Join Waitlist”: We collect your Corporate email only.
2.2. Automated Telemetry & "Zero Pre-Consent" Tracking Our website uses a strict "Zero Pre-Consent" architecture, meaning the data we capture depends entirely on your browser configuration and explicit consent:
- Default State (or Global Privacy Control Enabled): If you deny consent or have a Global Privacy Control (GPC) signal enabled, zero third-party telemetry is captured. We only collect standard, transient HTTP access logs (Anonymized IP, Browser User-Agent, Timestamp) via our edge hosting providers strictly for DDoS protection, network security, and fraud prevention.
- Explicit Consent State: Only if you explicitly click "Authorize All" do we load Google Analytics 4 and HubSpot scripts. At that point, we collect analytics data including Anonymized IP address, browser/OS version, geographic location (derived from IP), referrer URLs, and unique tracking cookies to understand visitor traffic.
2.3. Explicit Business Purpose
- Form Submissions: The data you provide is used strictly to evaluate your beta, investor, or engineering qualifications. We do not automatically enroll these submissions into broader marketing sequences or newsletters.
- Telemetry: Automated data is used strictly for website security, fraud prevention, and aggregated traffic analytics.
2.4. Data Retention Architecture
- Stateless Web Infrastructure: When you submit a form, our edge servers act as a secure, transient proxy. The data is securely transmitted directly to our CRM over HTTPS. The memory allocated for your request is instantly purged; we retain zero lead data on our edge or web servers.
- CRM Retention: Willingly submitted B2B contact information is stored securely in our CRM (HubSpot). We retain this data only as long as necessary to provide the requested services, or until you explicitly request deletion or unsubscribe from our communications.
2.5. No Selling, No Behavioral Advertising We use trusted infrastructure providers, including Google Cloud Platform (hosting), HubSpot (CRM), and Google Analytics 4 (traffic analytics). We do not sell your personal information. Furthermore, we deploy zero third-party marketing or retargeting pixels (such as LinkedIn Insight Tags, Google Ads, or Meta Pixels) on our marketing sites. We do not engage in cross-context behavioral advertising.
Before you explore our public marketing websites, here is what you need to know in plain English:
- You control your data: We use a strict "Zero Pre-Consent" model. If you do not click "Authorize All" or if you have a privacy signal (GPC) turned on in your browser, standard marketing trackers are completely blocked from loading. We will only capture basic, anonymized server logs to keep our website secure from attacks.
- We do not save form data on our servers: When you request engineering or investor access, our website infrastructure operates as a stateless proxy. It passes your form data directly into our secure CRM over an encrypted connection and instantly wipes its own local memory.
No spam, no selling, no advertising tracking: The business info you willingly submit is used strictly to evaluate your request for beta access or a briefing. We will never sell your information, we do not deploy third-party advertising tracking pixels (like LinkedIn or Meta), and we will never automatically drop you into marketing email sequences.
3. Core Marketing Policy Practices
3.1. What Information We Collect and Why (The Value Exchange)
A. Data You Actively Provide When you interact with our marketing domains, you may choose to provide business contact information via secure web forms. This includes:
- Engineering/Investor Forms: Full Name, Corporate Email, Organization/Fund, and Primary Area of Interest.
- Engineering Forms: Full Name, Corporate Email, GitHub/LinkedIn Profile, and Proposed Use Cases.
- Business Purpose: This data is used strictly to evaluate your qualifications for access to the epikerdis product ecosystem, to schedule briefings, and to communicate directly regarding your requests. We do not automatically enroll these submissions into marketing spam sequences.
B. Data We Collect Automatically (Telemetry) The automated data we collect is entirely dependent on your explicit consent and browser configurations (such as Global Privacy Control signals).
- Security & Fraud Prevention (Default): Regardless of consent, our edge hosting infrastructure captures transient HTTP access logs (anonymized IP addresses, User-Agent strings, and timestamps) strictly to protect against DDoS attacks, wiretapping, and fraud.
- Website Analytics (With Explicit Consent): If you explicitly "Authorize All," we deploy Google Analytics 4. This captures anonymized IPs, browser/OS configurations, rough geographic locations, and session durations.
- The Value Exchange: We use this authorized analytics data to understand macro traffic patterns—such as which technical documentation or product pages receive the most engagement. This allows us to optimize our website's performance, refine our technical messaging, and deliver a more seamless digital experience for our community.
3.2. How We Store and Protect Your Data
- Stateless Edge Infrastructure (US Storage): Our website infrastructure is hosted on Google Cloud Platform (GCP). The edge servers act as a stateless proxy; they securely transmit your form submissions directly to our CRM and instantly purge the memory. Routine edge hosting logs are stored strictly within the United States.
- CRM Storage (Global Distribution): Your submitted business contact data securely rests within our Customer Relationship Management (CRM) provider, HubSpot. HubSpot operates globally distributed databases, meaning your business contact data may be processed outside of your home jurisdiction.
- Organizational Safeguards: Epikerdis LLC enforces strict internal data governance. Access to the HubSpot CRM containing your lead data is restricted to authorized personnel only, and Multi-Factor Authentication (MFA) is strictly enforced company-wide. Furthermore, we mandate that our core infrastructure vendors (Google Cloud and HubSpot) maintain active SOC 2 compliance.
3.3. Your Data Rights and Closed-Loop Verification
A. Exercising Your Rights Depending on your jurisdiction (such as under the CCPA/CPRA or GDPR), you have the right to request access to, correction of, or deletion of the personal information we hold about you. To exercise these rights, you must email your request to privacy@epikerdis.ai.
B. The Closed-Loop Verification Process Because we process B2B data, we must verify the identity of the person requesting data deletion before executing the request in our CRM to prevent fraudulent data tampering. We utilize a "Closed-Loop Email Verification" system:
- Upon receiving your request, we will send a verification email directly to the corporate email address associated with your profile in our CRM.
- You must reply to that email to legally verify your identity.
- Once verified, we will execute your request within statutory deadlines (typically 30 to 45 days) and log the completion for compliance purposes.
- Lost Access Exemption: If you have changed employers and lost access to the corporate email on file, we will not delete data based on an unverified request from a new email domain (e.g., a personal Gmail account). In such cases, we require identity verification via direct message from the GitHub or LinkedIn URL you originally provided us.
3.4. Children's Privacy (Age Restrictions)
The epikerdis LLC marketing domains are strictly intended for adults and enterprise professionals. We do not knowingly collect personal information from any individual under the age of 18. If we become aware that we have inadvertently collected personal data from a minor under 18, we will take immediate steps to delete that information from our CRM. If you are a parent or guardian and believe we have collected data from a minor, please contact us immediately.
3.5. Official Contact Information
epikerdis LLC is the sole legal entity responsible for data collection across these marketing domains. If you have questions regarding this Website Privacy Policy or our security practices, please contact us at:
epikerdis LLC 925 North Point Pkwy, Suite 130 Alpharetta, GA 30005 United States
Privacy Contact Email:privacy@epikerdis.ai
We only collect information when you actively give it to us (like requesting engineering access) or when our website automatically checks your browser to keep our servers secure. If you explicitly choose to allow analytics tracking, it helps us understand what content developers and investors care about most, which allows us to build a better, faster website.
We take enterprise security seriously. Our own team must use Multi-Factor Authentication (MFA) to access any of your contact info, and we rely on industry-leading, SOC 2 compliant vendors to host our systems.
You own your data. If you want us to update or delete your profile from our systems, just email us. To prevent corporate sabotage or fraud, we will reply to the exact corporate email address we have on file for you. You just need to reply to confirm it's really you.
Our operating systems and digital partners are built for enterprise professionals. You must be at least 18 years old to use our marketing websites or submit our forms.
If you have any questions, legal inquiries, or just want to talk about our privacy practices please send an email to privacy@epikerdis.ai.