Ena Intelligence

Privacy Policy

Last updated: June 10, 2026

Ena OS is a product of Ena Intelligence ("Ena Intelligence," "we," "us," or "our"). Ena OS is a white-labeled AI operating system for entrepreneurship support organizations, accelerators, incubators, economic development organizations, and similar organizations that support entrepreneurs and small-business owners.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights available to users of Ena OS. The product is hosted at ena.chat and organization subdomains such as <organization>.ena.chat. Our company site is enaintelligence.com.

Questions about this policy can be sent to privacy@enaintelligence.com.

1. Our Role

Most information processed through Ena OS belongs to, or is controlled by, the organization that licensed Ena OS. For that information, the organization is generally the data controller or business, and Ena Intelligence acts as a processor or service provider that handles the information on the organization's instructions.

We also process some information directly as a controller, such as account information for organization administrators and staff, billing and support communications, and information we collect to operate and secure Ena OS.

If you are an entrepreneur, founder, client, or participant using Ena OS through an organization, that organization may have its own privacy notices and policies that also apply to your information.

2. Information We Collect

Account and Profile Information

We may collect:

  • Name, email address, role, organization membership, and authentication information.
  • Staff or coach profile information, such as bio, photo, scheduling preferences, areas of expertise, and availability.
  • Organization profile information, including organization name, subdomain, branding, contact details, service area, programs, partners, events, staff directory, and knowledge base content.

Passwords are handled through Supabase Auth and are stored in hashed form. We do not have access to users' plain-text passwords.

Client, Coaching, and Conversation Content

Depending on how an organization configures Ena OS, we may process:

  • Voice and text conversations between users and the AI assistant.
  • Intake form responses and onboarding information.
  • Program application responses.
  • Resource referrals, bookings, warm-introduction records, and related activity logs.
  • Coach notes, meeting notes, action items, summaries, memories, and AI-generated synthesis about a client or participant.
  • Documents, files, or freeform knowledge content uploaded by an organization or user.
  • Meeting recordings and transcripts when meeting capture is enabled.

Google Calendar Data

When a coach, staff member, or administrator connects Google Calendar, Ena OS requests limited Google Calendar access so it can read availability and create booked meetings.

Ena OS may request:

  • https://www.googleapis.com/auth/calendar.readonly, used to read busy times and avoid scheduling conflicts.
  • https://www.googleapis.com/auth/calendar.events, used to create calendar events and conferencing links when a meeting is booked.

We do not request Gmail, Google Drive, Contacts, or unrelated Google scopes for the calendar booking feature. Google Calendar data is used only to provide scheduling, booking, and meeting-dispatch functionality. It is not sold, used for advertising, or used to train AI models.

Users can disconnect Google Calendar from the relevant integrations settings. Disconnecting deletes the stored OAuth credentials and prevents future calendar access through Ena OS.

Ena OS's use and transfer of information received from Google APIs is intended to comply with the Google API Services User Data Policy, including the Limited Use requirements.

Meeting Capture

If an organization or coach enables meeting capture, Ena OS may dispatch a meeting bot to a booked video meeting. The bot may record audio, generate a transcript, and produce summaries, topics, action items, and follow-up suggestions.

Meeting capture is provided through a recording and transcription subprocessor. The bot appears as a visible meeting participant. Organizations and coaches are responsible for giving required notices and obtaining any legally required consent before recording meetings.

Usage, Device, and Log Data

We may collect:

  • IP address, browser, device type, user agent, request path, timestamps, and error logs.
  • Product usage events, such as session starts, messages, bookings, referrals, applications, and voice usage duration.
  • Plan, billing-period, and usage-limit information for organization accounts.

We do not use third-party advertising trackers in Ena OS.

3. How We Use Information

We use information to:

  • Provide, maintain, secure, and improve Ena OS.
  • Run the AI assistant, voice sessions, chat sessions, knowledge retrieval, program applications, referrals, bookings, meeting capture, summaries, memories, and staff-facing Ask Ena features.
  • Personalize the assistant to the organization's programs, staff, partners, policies, calendar availability, and brand settings.
  • Help organization staff and administrators review client activity, generate reports, export data, and understand usage.
  • Create aggregated or de-identified metrics, benchmarks, and insights about platform usage, program engagement, entrepreneur needs, referrals, applications, bookings, outcomes, and similar trends, as described below.
  • Authenticate users, manage accounts, enforce role-based access, and protect tenant isolation.
  • Send transactional emails, such as invitations, magic links, booking messages, warm introductions, notifications, security notices, and usage alerts.
  • Monitor reliability, debug issues, prevent abuse, and maintain security.
  • Communicate with organization customers about account, billing, support, security, and product matters.

We do not sell personal information. We do not use customer content to train large language models. We use AI providers under commercial terms intended to prevent customer API inputs and outputs from being used to train their general models.

4. Aggregated and De-identified Insights

Ena OS may use Customer Data to create aggregated or de-identified metrics and insights while the data is hosted on the platform. These insights may include, for example, trends in service demand, common entrepreneur needs, topic frequency, referral volume, application activity, booking activity, usage patterns, and program engagement.

Aggregated or de-identified insights are designed not to identify a specific individual, household, organization client, or confidential organization record. We do not include names, email addresses, raw conversation transcripts, raw intake answers, raw coach notes, raw application answers, meeting recordings, or other directly identifying content in network-wide reporting products.

We may use aggregated or de-identified insights to:

  • Operate, measure, and improve Ena OS.
  • Provide benchmarks and trend reporting to organization customers.
  • Develop network-wide analytics products.
  • Report anonymized portfolio-level metrics to a funder, philanthropy, sponsor, or similar third party when that reporting is part of the applicable customer relationship, order form, grant arrangement, or written authorization from the organization customer.

When we provide funder, sponsor, or network-level analytics, we use reasonable safeguards intended to prevent re-identification, such as aggregation thresholds, suppression of small cell sizes, removal of direct identifiers, and contractual limits on recipients' use of the data. We do not permit recipients to attempt to re-identify individuals from aggregated or de-identified reporting.

5. AI Processing

Ena OS uses AI systems to generate responses, summarize conversations and meetings, extract memories, synthesize client context, support staff-facing questions, and retrieve relevant knowledge base content.

AI outputs may be incomplete, inaccurate, or inappropriate for a particular situation. Organizations, staff, and users are responsible for reviewing important outputs before relying on them. Ena OS is not a substitute for professional legal, medical, financial, tax, accounting, or mental health advice.

6. Subprocessors and Service Providers

We use third-party service providers to operate Ena OS. These may include:

  • Supabase for database, authentication, storage, and related backend services.
  • Anthropic for language model processing used in summarization, memory extraction, Ask Ena, and other AI features.
  • ElevenLabs and Retell AI for voice agent infrastructure.
  • Recall.ai for meeting recording and transcription.
  • OpenAI for embeddings used to index uploaded knowledge content for retrieval.
  • SendGrid and Resend for transactional email.
  • Google for calendar integration and Google Meet links.
  • Netlify for hosting, deployment, and domain routing.

These providers process information only as needed to provide their services to us and are expected to handle information under confidentiality and data protection obligations.

We may also disclose information if required by law, legal process, or government request; to protect rights, safety, security, and integrity; or in connection with a merger, acquisition, financing, reorganization, or sale of assets.

7. Data Storage and International Processing

Ena OS is operated from the United States. Customer data is generally stored in the United States unless otherwise configured. Some subprocessors may process information in other locations depending on their infrastructure and the services used.

Organizations with specific data residency or compliance requirements should contact us before onboarding or enabling affected features.

8. Retention

Unless a separate agreement states otherwise:

  • Customer data, including conversations, documents, recordings, applications, coach notes, and summaries, is retained while the organization's subscription is active.
  • After termination of an organization account, customer data may be retained for up to 90 days to allow export, transition, backup recovery, legal compliance, or account reactivation, unless earlier deletion is requested and legally permitted.
  • Organization customers may request export or deletion of Customer Data, subject to legal obligations, security needs, backup retention, unpaid-fee disputes, and any separate written agreement.
  • Aggregated or de-identified insights that no longer identify an individual, household, organization client, or confidential organization record may be retained after Customer Data is deleted, unless a separate written agreement says otherwise.
  • Account data for individual users may be retained while the account is active and for a limited period after deletion.
  • Server logs are generally retained for up to 30 days, unless needed longer for security, debugging, fraud prevention, or legal reasons.
  • Google OAuth tokens are deleted when a user disconnects Google Calendar or when the relevant staff account is deleted.

Backups may persist for a limited period after deletion before being overwritten through normal backup rotation.

9. Security

We use technical and organizational measures designed to protect information, including encryption in transit, encryption at rest where provided by our infrastructure providers, role-based access controls, row-level security for tenant isolation, and limited internal access.

No system is perfectly secure. If we become aware of a security incident that materially affects customer data, we will notify affected organization customers without undue delay and as required by applicable law.

10. Your Choices and Rights

Depending on your location, you may have rights to access, correct, export, delete, restrict, or object to certain processing of personal information.

If you are using Ena OS through an organization, please contact that organization first because it controls most customer data in Ena OS. You may also email privacy@enaintelligence.com, and we will help route the request to the appropriate organization or respond directly when we control the relevant information.

We will respond to privacy requests within the time required by applicable law.

11. Children

Ena OS is intended for adults and professional or business-support contexts. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided information through Ena OS, contact us at privacy@enaintelligence.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, notifying organization administrators.

13. Contact

Privacy questions, requests, and complaints can be sent to:

privacy@enaintelligence.com