PRIVACY POLICY
Effective date: March 5, 2026
BETA SERVICE
Enso is a pre-release beta product operated by Enso Technology, Inc., a Delaware corporation. This privacy policy describes our current data practices for the beta testing program. Practices may change as the product develops. We will notify beta testers of material changes via email at least 30 days before they take effect.
1. Who We Are
This Privacy Policy describes how Enso Technology, Inc. (“we,” “us,” or “our”) collects, uses, and shares your personal information when you use our beta service at https://useenso.co, our desktop application, and any related tools or features (collectively, the “Service”).
Enso is an AI-powered go-to-market tool for sales teams. We connect to your email (Gmail or Microsoft Outlook, read-only) and calendar (Google Calendar or Microsoft Outlook Calendar, read-only) via OAuth to extract relationship signals, prepare meeting briefs, and deliver AI-generated insights. Our desktop application can also record meeting audio for real-time transcription. Email, calendar, and audio content is processed by third-party AI providers (Anthropic Claude, Google Gemini, OpenAI, and AssemblyAI).
For privacy-related questions, contact us at privacy@useenso.co. For general questions, contact ben@useenso.co. Our mailing address is 410 State St, Apt 28, Brooklyn, NY 11217.
2. What We Collect
| Category | Examples | Why |
|---|---|---|
| Account information | Name, email, profile photo (from Google OAuth) | Create and maintain your account |
| Organization data | Company name, team membership, role | Enable multi-user collaboration |
| Email data (Google Gmail or Microsoft Outlook) | Email headers, body content, timestamps, thread metadata | Generate AI-powered relationship insights and meeting preparation |
| Calendar data (Google Calendar or Microsoft Outlook) | Event titles, attendees, times, descriptions | Prepare meeting briefs and identify relationship patterns |
| Meeting audio and transcripts (desktop app) | Microphone audio, system audio, real-time transcripts with speaker identification | Generate meeting transcripts and AI-powered meeting notes |
| Connected service data | Slack workspace info and bot tokens; Asana task data; Granola meeting notes (imported from local cache) | Enable integrations you connect for task management and meeting note import |
| AI-generated content | Summaries, relationship insights, meeting briefs, suggested actions. AI prompts and outputs are logged for quality and debugging purposes. | Deliver core product features |
| Contacts | Names and email addresses automatically extracted from email headers and calendar attendees | Build your contact database for relationship tracking |
| Usage and diagnostic data | Pages visited, features used, IP address, browser type, error reports, and session replays (with all text and inputs masked) | Improve the Service and diagnose issues |
Third-party data: Because Enso processes email and calendar data, we handle data about your email correspondents and calendar attendees in addition to your own data. Contacts are automatically created from email headers and calendar attendees. This means data about people who are not Enso users may be stored in the Service. If you connect a work account, your employer may be the data controller for this information.
Desktop app audio recording: If you use the Enso desktop application, it can capture microphone and system audio during meetings and stream it in real-time to AssemblyAI for transcription. Transcripts include speaker identification. You are responsible for informing all meeting participants that audio is being recorded and transcribed, as required by applicable law (including two-party consent laws in jurisdictions such as California, Illinois, Washington, and the EU).
Sensitive data: Email content may contain sensitive personal information. We process it solely to deliver the Service. You can stop this processing by disconnecting your Google account in Settings.
3. Google and Microsoft API Data
Enso accesses your Google account through these OAuth scopes:
- Gmail (read-only):
gmail.readonly- We read your emails to generate relationship insights. We do not send, delete, or modify your emails. - Google Calendar (read-only):
calendar.events.readonly- We read your calendar events to identify upcoming meetings and prepare meeting briefs. We do not create, modify, or delete your calendar events. - User profile:
openid email profile- For account creation and authentication.
Enso’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We access Google user data only for the purposes described in this policy: reading emails to generate relationship insights, reading calendar events for meeting briefs, and authentication.
- We do not transfer Google user data to third parties except as necessary to provide the Service (including AI providers listed in Section 4), as required by law, or as part of a merger or acquisition.
- We do not use Google user data for serving advertisements, retargeting, personalized ads, or interest-based advertising.
- Human review of Google user data occurs only with your affirmative consent, for security purposes, to comply with law, or when data is aggregated and anonymized for internal operations.
Microsoft
If you connect a Microsoft account, Enso accesses your Outlook email (read-only) and Outlook calendar (read-write) through Microsoft Graph API OAuth scopes. The same data use principles described above for Google data apply to Microsoft data: we access it only to provide the Service, do not use it for advertising, and do not sell it.
Note: Connecting a Microsoft account will disconnect any previously connected Google account, and vice versa. Only one email and calendar provider can be connected at a time.
4. AI Processing
We use third-party AI services to power core features:
| Provider | Data Sent | Purpose |
|---|---|---|
| Anthropic (Claude) | Email content, contact names, meeting context, calendar data, conversation history | Generate insights, meeting briefs, suggested actions |
| Google (Gemini) | Email content, contact names, meeting context, calendar data | Generate insights and meeting briefs |
| OpenAI | Text content from emails, contacts, and notes for generating vector embeddings | Semantic search and content similarity matching |
| AssemblyAI | Live microphone and system audio streamed from the desktop app | Real-time speech-to-text transcription with speaker identification |
No training on your data. All of our AI providers contractually commit to not training their models on data submitted through their APIs. See Anthropic’s Privacy Policy, Google’s API Terms, OpenAI’s Business Terms, and AssemblyAI’s Privacy Policy.
No automated decisions. AI-generated outputs are informational only and do not produce legal effects or similarly significant effects on you. No automated decisions are made about your access to the Service or eligibility for anything.
Opting out: Disconnect your Google account in Settings to stop all AI processing. This will disable core features.
5. Who We Share Data With
| Service Provider | Purpose | Location |
|---|---|---|
| Supabase (hosted on AWS) | Database, authentication, file storage | United States |
| Vercel | Application hosting | United States |
| Anthropic | AI processing (Claude) | United States |
| OAuth authentication, email and calendar sync, AI processing (Gemini) | United States | |
| Microsoft | OAuth authentication, email and calendar sync | United States |
| OpenAI | Text embeddings for semantic search | United States |
| AssemblyAI | Real-time speech-to-text transcription (desktop app) | United States |
| Sentry | Error tracking, performance monitoring, session replay (masked) | United States |
| PostHog | Product analytics and feature usage tracking | United States |
| Slack | Workspace notifications (if connected by your team) | United States |
| Asana | Task management sync (if connected by your team) | United States |
We may also disclose personal information when required by law or to protect our rights.
We do not sell your personal information. We do not share personal information for advertising purposes.
6. Cookies
We use cookies and similar technologies in the following categories:
- Essential cookies: Supabase authentication and session management tokens. Strictly necessary for the Service to function.
- Analytics cookies: PostHog sets cookies for product analytics and user identification. Sentry may set cookies for error tracking and session replay (with all text and inputs masked).
We do not use advertising cookies, tracking pixels, or third-party marketing cookies. We do not use cookies for retargeting or cross-context behavioral advertising.
7. Data Storage and Security
Your data is stored in the United States on Supabase (AWS) infrastructure. We implement reasonable security measures including encryption in transit and at rest, database-level access controls, and secure credential storage.
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data. As a beta service, you use the Service at your own risk.
If we become aware of a security breach that affects your data, we will notify affected users as required by applicable law.
8. Data Retention
We retain your data while your account is active and for a reasonable period afterward as described below:
- Account and organization data: Retained while your account is active. Deleted from active systems within 30 days of account deletion.
- Email and calendar data: Retained while your account is active and your email/calendar provider is connected. Deleted within 30 days of account deletion or provider disconnection.
- AI execution logs: Prompts and outputs from AI processing are retained for up to 90 days for quality monitoring and debugging, then permanently deleted.
- Error tracking and analytics: Sentry retains error data for 90 days. PostHog retains analytics data while your account is active.
- Backups: Deleted data may persist in encrypted backups for up to 30 additional days before being permanently removed.
You can delete your account at any time through Settings or by emailing privacy@useenso.co.
9. Your Rights
Regardless of where you are located, you can:
- Access your data: Export your data through Settings.
- Delete your data: Delete your account and all associated data through Settings.
- Disconnect Google: Revoke our access to your Google data at any time through your Google account permissions.
- Contact us: Email ben@useenso.co for any privacy-related request.
For EEA, UK, and Swiss Residents
Under the GDPR, you also have the right to rectification, restriction of processing, data portability, objection to processing, and to lodge a complaint with your local data protection authority. Our legal basis for processing is your consent (when you connect your Google account) and legitimate interest (for account management and security). You may withdraw consent at any time by disconnecting your Google account in Settings or by contacting us at ben@useenso.co.
For California Residents
Under the CCPA/CPRA, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Correct inaccurate personal information
- Limit the use and disclosure of sensitive personal information
- Not be discriminated against for exercising your rights
We do not sell or share your personal information for cross-context behavioral advertising. To exercise any of these rights, email privacy@useenso.co. We will respond within 45 days as required by law.
10. International Transfers
All of our service providers are based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States.
For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a legal mechanism for international data transfers. We are also evaluating certification under the EU-US Data Privacy Framework.
11. Children’s Privacy
The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn we have, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy as the Service develops. We will notify you of material changes via email at least 30 days before they take effect. Non-material changes (such as formatting or clarifications) may be made without advance notice. The “Effective date” at the top of this page indicates when the current version took effect. Continued use of the Service after the effective date of a revised policy constitutes acceptance.
13. Contact Us
Enso Technology, Inc.
410 State St, Apt 28
Brooklyn, NY 11217
Privacy inquiries: privacy@useenso.co
General inquiries: ben@useenso.co