Privacy Policy

1. Introduction


earli AI (“earli”, “we”, “us”, or “our”) provides an AI-native people risk engagement and prevention platform for group life, disability, and health use cases.


Protecting personal data and privacy is fundamental to our platform design. This Privacy Policy explains how we collect, use, protect, and share personal data when operating our services.

2. Scope


This Privacy Policy applies to:

  • Individuals whose data is processed through the earli platform (“Individuals”)

  • Customers, partners, and users accessing the platform on behalf of organizations (“Clients”)


earli acts as a data processor when processing personal data on behalf of Clients, and as a data controller for limited operational data (e.g. website inquiries, sales communications).


3. Data we process


3.1 Categories of personal data


Depending on use case and client configuration, earli may process:

  • Basic identifiers (e.g. pseudonymous person ID, role, age range)

  • Employment-related metadata (e.g. job role, seniority band)

  • Engagement and interaction data

  • Risk indicators and predictive scores (health, financial, engagement, sick leave)

  • Usage and system logs


earli does not require manual data entry by individuals.


3.2 Special category data


Where applicable, earli may process health-related or wellbeing indicators as defined under GDPR Article 9, strictly:

  • On documented client instructions

  • For prevention, advisory, and benefits activation purposes

  • With appropriate legal basis and safeguards

4. AI profiling and personas


earli uses AI models to:

  • Analyze signals and patterns

  • Detect risks early

  • Profile individuals into persona types that describe engagement preferences, risk-fit, and service relevance


Key principles:

  • Personas are functional and contextual, not labels

  • No automated decisions with legal or similarly significant effects are made without human oversight

  • Profiling is used to improve prevention, relevance, and engagement, not to exclude or penalize individuals

5. Purpose of processing


Personal data is processed to:

  • Detect emerging risks before they materialize

  • Enable personalized, timely prevention and support

  • Match individuals with relevant benefits and services

  • Improve engagement and utilization outcomes

  • Provide aggregated insights to clients and partners


Data is never processed for advertising or resale.

6. Legal basis


Processing is conducted under one or more of the following legal bases:

  • Performance of a contract

  • Legitimate interests (risk prevention, benefits optimization)

  • Compliance with legal obligations

  • Explicit consent, where required by law


Clients are responsible for establishing the appropriate legal basis for employee or member data.


7. Data minimization & privacy by design


earli is built on strict privacy-by-design principles:

  • No unnecessary data collection

  • Pseudonymization by default

  • Role-based access controls

  • Purpose limitation enforced at system level

8. Data sharing


Personal data may be shared only with:

  • Authorized client users

  • Approved partners (e.g. healthcare or benefits providers), only when access is explicitly granted

  • Sub-processors under written agreements and confidentiality obligations


We do not sell personal data.

9. Security measures


earli applies enterprise-grade security controls, including:

  • End-to-end encryption (in transit and at rest)

  • Microsoft Single Sign-On (SSO)

  • No external system integrations required

  • Role-based access control

  • Continuous monitoring and auditing


The platform is designed to support GDPR, ISO 27001, and SOC 2 Type II requirements.

10. Data retention


Personal data is retained:

  • Only for as long as required to deliver the service

  • According to client instructions and contractual terms

  • In line with applicable legal and regulatory requirements


Data is securely deleted or anonymized when no longer required.

11. Individual rights


Where applicable under GDPR, individuals have the right to:

  • Access their personal data

  • Rectify inaccurate data

  • Request erasure

  • Restrict or object to processing

  • Data portability

  • Lodge a complaint with a supervisory authority


Requests should be submitted via the relevant Client or directly to earli where appropriate.

12. International data transfers


Where data is processed outside the EU/EEA, earli ensures appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)

  • Equivalent legal protections

13. Changes to this policy


We may update this Privacy Policy from time to time. Material changes will be communicated through appropriate channels.

14. Contact


For privacy-related inquiries, contact:


Email: contact@earli.ai