Privacy Policy
Effective Date: April 1, 2026
1. Who We Are
This Privacy Policy describes how Enso Technology, Inc., a Delaware corporation (“we,” “us,” or “our”) collects, uses, and shares your personal information when you use our service at https://useenso.co, our desktop application, and any related tools or features (collectively, the “Service”).
Enso is a relationship intelligence tool for sales teams. We connect to your accounts via OAuth:
- Email (Gmail or Microsoft Outlook) — read-only
- Calendar (Google Calendar or Microsoft Outlook) — read-only
- Meeting audio (desktop app) — microphone and system audio, streamed to AssemblyAI for real-time transcription
We use this data to extract relationship signals, prepare meeting briefs, and deliver AI-generated insights. Email, calendar, and audio content is processed by third-party AI providers (Anthropic Claude, Google Gemini, OpenAI, and AssemblyAI).
For privacy-related questions, contact us at privacy@useenso.co. For general questions, contact support@useenso.co. Our mailing address is 1750 Franklin Street, Apt 7, San Francisco, California 94109.
2. What We Collect
| Category | Examples | Why |
|---|---|---|
| Account information | Name, email, profile photo (from Google or Microsoft OAuth) | Create and maintain your account |
| Organization data | Company name, team membership, role | Enable multi-user collaboration |
| Email data (Google Gmail or Microsoft Outlook) | Email headers, body content, timestamps, thread metadata | Generate AI-powered relationship insights and meeting preparation |
| Calendar data (Google Calendar or Microsoft Outlook) | Event titles, attendees, times, descriptions | Prepare meeting briefs and identify relationship patterns |
| Meeting audio and transcripts (desktop app) | Microphone audio, system audio, real-time transcripts with speaker identification | Generate meeting transcripts and AI-powered meeting notes |
| Connected service data | Slack workspace info and bot tokens; Asana task data; Granola meeting notes (imported from local cache) | Enable integrations you connect for task management and meeting note import |
| AI-generated content | Summaries, relationship insights, meeting briefs, suggested actions. AI prompts and outputs are logged for quality and debugging purposes. | Deliver core product features |
| Contacts | Names and email addresses automatically extracted from email headers and calendar attendees | Build your contact database for relationship tracking |
| Usage and diagnostic data | Pages visited, features used, IP address, browser type, error reports, and session replays (with all text and inputs masked) | Improve the Service and diagnose issues |
Third-party data: Because Enso processes email and calendar data, we handle data about your email correspondents and calendar attendees in addition to your own data. Contacts are automatically created from email headers and calendar attendees. This means data about people who are not Enso users may be stored in the Service. If you connect a work account, your employer may be the data controller for this information.
Desktop app audio recording: If you use the Enso desktop application, it can capture microphone and system audio during meetings and stream it in real-time to AssemblyAI for transcription. Transcripts include speaker identification. You are responsible for informing all meeting participants that audio is being recorded and transcribed, as required by applicable law (including two-party consent laws in jurisdictions such as California, Illinois, Washington, and the EU). See Section 6 of our Terms of Service for your recording consent obligations.
Sensitive data: Email content may contain sensitive personal information. We process it solely to deliver the Service. You can stop this processing by disconnecting your email provider in Settings.
3. Google and Microsoft API Data
Enso accesses your Google account through these OAuth scopes:
- Gmail (read-only): We read your emails to generate relationship insights. We do not send, delete, or modify your emails.
- Google Calendar (read-only): We read your calendar events to identify upcoming meetings and prepare meeting briefs. We do not create, modify, or delete your calendar events.
- User profile: For account creation and authentication.
Enso’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We access Google user data only for the purposes described in this policy: reading emails to generate relationship insights, reading calendar events for meeting briefs, and authentication.
- We do not transfer Google user data to third parties except as necessary to provide the Service (including AI providers listed in Section 4), as required by law, or as part of a merger or acquisition.
- We do not use Google user data for serving advertisements, retargeting, personalized ads, or interest-based advertising.
- Human review of Google user data occurs only with your affirmative consent, for security purposes, to comply with law, or when data is aggregated and anonymized for internal operations.
Microsoft
If you connect a Microsoft account, Enso accesses your Outlook email (read-only) and Outlook calendar (read-only) through Microsoft Graph API OAuth scopes. The same data use principles described above for Google data apply to Microsoft data: we access it only to provide the Service, do not use it for advertising, and do not sell it.
Note: Connecting a Microsoft account will disconnect any previously connected Google account, and vice versa. Only one email and calendar provider can be connected at a time.
4. AI Processing
We use third-party AI services to power core features:
| Provider | Data Sent | Purpose |
|---|---|---|
| Anthropic (Claude) | Email content, contact names, meeting context, calendar data, conversation history | Generate insights, meeting briefs, suggested actions |
| Google (Gemini) | Email content, contact names, meeting context, calendar data | Generate insights and meeting briefs |
| OpenAI | Text content from emails, contacts, and notes for generating vector embeddings | Semantic search and content similarity matching |
| AssemblyAI | Live microphone and system audio streamed from the desktop app | Real-time speech-to-text transcription with speaker identification |
No training on your data. All of our AI providers contractually commit to not training their models on data submitted through their APIs. See Anthropic’s Privacy Policy, Google’s API Terms, OpenAI’s Business Terms, and AssemblyAI’s Privacy Policy.
No automated decisions. AI-generated outputs are informational only and do not produce legal effects or similarly significant effects on you. No automated decisions are made about your access to the Service or eligibility for anything.
Opting out: Disconnect your email provider in Settings to stop all AI processing. This will disable core features.
5. Who We Share Data With
| Service Provider | Purpose | Location |
|---|---|---|
| Supabase (hosted on AWS) | Database, authentication, file storage | United States |
| Vercel | Application hosting | United States |
| Anthropic | AI processing (Claude) | United States |
| OAuth authentication, email and calendar sync, AI processing (Gemini) | United States | |
| Microsoft | OAuth authentication, email and calendar sync | United States |
| OpenAI | Text embeddings for semantic search | United States |
| AssemblyAI | Real-time speech-to-text transcription (desktop app) | United States |
| Sentry | Error tracking, performance monitoring, session replay (masked) | United States |
| PostHog | Product analytics and feature usage tracking | United States |
| Slack | Workspace notifications (if connected by your team) | United States |
| Asana | Task management sync (if connected by your team) | United States |
We may also disclose personal information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of all or a portion of our assets.
We do not sell your personal information. We do not share personal information for advertising purposes or cross-context behavioral advertising.
6. Cookies
We use cookies and similar technologies in the following categories:
- Essential cookies: Supabase authentication and session management tokens. Strictly necessary for the Service to function.
- Analytics cookies: PostHog sets cookies for product analytics and user identification. Sentry may set cookies for error tracking and session replay (with all text and inputs masked).
We do not use advertising cookies, tracking pixels, or third-party marketing cookies. We do not use cookies for retargeting or cross-context behavioral advertising.
Managing cookies: You can disable analytics cookies through your browser settings or by using the cookie consent banner that appears on your first visit. Disabling essential cookies may prevent the Service from functioning. For EU visitors, non-essential cookies are not set until you provide consent through the banner. You may also opt out of analytics tracking at any time by contacting privacy@useenso.co.
7. Data Storage and Security
Your data is stored in the United States on Supabase (AWS) infrastructure. We implement reasonable security measures including encryption in transit (TLS) and at rest (AES-256), database-level access controls, row-level security policies, and secure credential storage.
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data.
If we become aware of a security breach that affects your personal data, we will notify affected users via the email address associated with their account within 72 hours of becoming aware of the breach, or as otherwise required by applicable law. Our notification will describe the nature of the breach, the types of data affected, the likely consequences, and the measures we have taken or propose to take in response.
8. Data Retention
We retain your data while your account is active and for a reasonable period afterward as described below:
- Account and organization data: Retained while your account is active. Deleted from active systems within 30 days of account deletion.
- Email and calendar data: Retained while your account is active and your email/calendar provider is connected. Deleted within 30 days of account deletion or provider disconnection.
- Meeting recordings and transcripts: Audio is streamed in real-time and not persistently stored. Transcripts are retained while your account is active and deleted within 30 days of account deletion.
- AI execution logs: Prompts and outputs from AI processing are retained for up to 90 days for quality monitoring and debugging, then permanently deleted.
- Error tracking and analytics: Sentry retains error data for 90 days. PostHog retains analytics data while your account is active.
- Backups: Deleted data may persist in encrypted backups for up to 30 additional days before being permanently removed.
You can delete your account at any time through Settings or by emailing privacy@useenso.co.
9. Your Rights
Regardless of where you are located, you can:
- Access your data: Export your data through Settings.
- Delete your data: Delete your account and all associated data through Settings.
- Disconnect your email provider: Revoke our access to your Google data at any time through your Google account permissions, or revoke Microsoft access through your Microsoft account permissions.
- Contact us: Email privacy@useenso.co for any privacy-related request.
For EEA, UK, and Swiss Residents
Under the GDPR, you also have the right to rectification, restriction of processing, data portability, objection to processing, and to lodge a complaint with your local data protection authority. Our legal bases for processing include: performance of a contract (to provide the Service under our Terms), your consent (when you connect your email or calendar provider), and legitimate interest (for account management, security, and product improvement). You may withdraw consent at any time by disconnecting your provider in Settings, by contacting us at privacy@useenso.co, or by exercising any of the rights described above, without affecting the lawfulness of processing based on consent before its withdrawal.
If you are located in the EEA and have data protection inquiries, contact us at privacy@useenso.co.
For California Residents
Under the CCPA/CPRA, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Correct inaccurate personal information
- Limit the use and disclosure of sensitive personal information
- Not be discriminated against for exercising your rights
We do not sell or share your personal information for cross-context behavioral advertising. To exercise any of these rights, email privacy@useenso.co. We will respond within 45 days as required by law.
Because we do not sell or share your personal information, there is no need to opt out. However, you may still submit an opt-out request at privacy@useenso.co and we will confirm our practices. All third-party providers listed in Section 5 are service providers under the CCPA, processing data solely on our behalf and under written contract.
We honor Global Privacy Control (GPC) browser signals as a valid opt-out request under the CCPA/CPRA.
10. Third-Party Links
The Service may contain links to third-party websites or services that are not owned or controlled by Enso Technology, Inc. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You acknowledge and agree that we are not responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with your use of or reliance on any such content, goods, or services available on or through any such websites or services.
11. International Transfers
All of our service providers are based in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.
For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a legal mechanism for international data transfers. We are also evaluating certification under the EU-US Data Privacy Framework.
12. Children’s Privacy
The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn we have, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect. Non-material changes (such as formatting or clarifications) may be made without advance notice. The “Effective date” at the top of this page indicates when the current version took effect. Continued use of the Service after the effective date of a revised policy constitutes acceptance.
14. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict-of-laws principles, consistent with our Terms of Service.
15. Contact Us
Enso Technology, Inc.\ 1750 Franklin Street, Apt 7\ San Francisco, California 94109\ Privacy: privacy@useenso.co\ General: support@useenso.co
© 2026 Enso Technology, Inc.