Data Processing
Effective Date: April 1, 2026
This page describes how Enso Technology, Inc., a Delaware corporation, processes your data. Data processing is governed by our Terms of Service and Privacy Policy.
How We Process Your Data
What We Process
- Account information (name, email, profile photo from Google or Microsoft OAuth)
- Organization data (company name, team membership)
- Gmail or Microsoft Outlook email (headers, content, metadata), read-only
- Google Calendar events, attendees, and descriptions, read-only
- Microsoft Outlook Calendar events, attendees, and descriptions, read-only
- Meeting audio and transcripts from the desktop app (microphone and system audio streamed for real-time transcription)
- Contact data (automatically created from email headers and calendar attendees)
- Connected service data: Slack workspace info, Asana tasks, and Granola meeting notes (when connected)
- AI-generated content (insights, summaries, meeting briefs) and AI execution logs (prompts and outputs)
- Usage and diagnostic data (analytics, error reports, session replays with text masked)
Where Your Data Goes
| Provider | Purpose | Location |
|---|---|---|
| Supabase (AWS) | Database, authentication, storage | United States (us-east-1) |
| Vercel | Application hosting | United States |
| Anthropic | AI processing (Claude API) | United States |
| OAuth, AI processing (Gemini API) | United States | |
| OpenAI | Text embeddings for semantic search | United States |
| AssemblyAI | Real-time speech-to-text transcription (desktop app) | United States |
| Microsoft | Outlook email and calendar sync (if connected) | United States |
| Sentry | Error tracking, performance monitoring, session replay (masked) | United States |
| PostHog | Product analytics | United States |
| Slack | Workspace notifications (if connected) | United States |
| Asana | Task management sync (if connected) | United States |
Security Measures
We implement the following security measures:
- Encryption in transit (TLS) and at rest (AES-256 via Supabase/AWS)
- Database-level row isolation between organizations
- Row-level security (RLS) policies on all tables
- Role-based access controls
- Secure credential and token storage
Your Controls
- Export: Download all your data from Settings
- Delete: Delete your account and all data from Settings
- Disconnect: Revoke Google access at any time via Google account permissions, or revoke Microsoft access via Microsoft account permissions
AI Provider Data Handling
All of our AI providers (Anthropic, Google, OpenAI, and AssemblyAI) contractually commit to not training their models on data submitted through their APIs. Your email, calendar, and audio data is sent to these providers solely to generate AI-powered insights and transcriptions. AI prompts and outputs are logged in our database for quality monitoring and debugging.
Breach Notification
If we become aware of a security breach affecting data we process on your behalf, we will notify your organization via the email address associated with the account within 72 hours of becoming aware of the breach. Our notification will describe the nature of the breach, the types of data affected, the likely consequences, and the remedial measures taken.
Enterprise Customers
If your organization requires a formal Data Processing Agreement (DPA) with Standard Contractual Clauses for compliance purposes, please contact us at privacy@useenso.co. We offer standard DPAs for enterprise customers.
Contact
Enso Technology, Inc.\ 1750 Franklin Street, Apt 7\ San Francisco, California 94109\ Privacy: privacy@useenso.co\ General: support@useenso.co