Privacy

Privacy Policy

Last updated: May 29, 2026

Who we are

Ena (“we,” “us,” “our”) is a product of Ena Intelligence. We provide an AI client concierge for entrepreneurship support organizations (ESOs), accelerators, incubators, and economic development organizations to help them support their entrepreneurs and small-business clients. The product is hosted at ena.chat; our company site is enaintelligence.com.

This policy explains what data we collect, how we use it, who we share it with, and the rights you have over your information. If you have any questions, email privacy@enaintelligence.com.

The two relationships

Most of the data we hold is on behalf of an organization customer (an ESO that has licensed Ena). For that data, the organization is the data controller and we are the data processor — the organization decides how the data is used and we act on its instructions.

A smaller amount of data we hold directly, as a controller — for example, account-creation information for staff members and administrators who sign up for Ena, and the contents of any support request you send us. The sections below distinguish the two where it matters.

What we collect

Account information

  • Email address, full name, and role (coach, admin, client).
  • Profile fields you choose to add (bio, photo, scheduling link, calendar availability).
  • Authentication artifacts (hashed passwords, session tokens, magic-link nonces). Passwords are never visible to us — we use Supabase Auth which stores them hashed.

Client and coaching content

  • Conversations between entrepreneurs and the Ena AI concierge (voice and text).
  • Documents and files an entrepreneur uploads while working with Ena.
  • Coach notes, action items, memories, and synthesis derived from conversations.
  • Meeting recordings and transcripts when a coach has enabled meeting capture (see Meeting capture below).
  • Program application responses and event referrals.

Google user data (OAuth)

When a coach connects their Google Calendar so Ena can schedule meetings on their behalf, Ena requests these scopes:

  • https://www.googleapis.com/auth/calendar.readonly — to read the coach’s busy times so we can propose meeting slots that don’t conflict with existing events.
  • https://www.googleapis.com/auth/calendar.events — to create new calendar events (with a Google Meet link) when an entrepreneur books a meeting through Ena, and to attach Ena’s meeting bot to that event.

We do not request access to Gmail, Drive, Contacts, or any other Google scope. Calendar data is used only to schedule and dispatch meetings — never for advertising, profiling, or sale. We do not transfer Google user data to third parties except as strictly necessary to provide the scheduling feature (e.g. sending a calendar event back to Google).

A coach can disconnect Google at any time from /admin/integrations/calendar; disconnecting revokes our refresh token and deletes the stored credentials.

Ena’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Meeting capture

When a coach opts in to meeting capture (a per-coach toggle), Ena dispatches a meeting bot to the coach’s booked video calls (Zoom, Google Meet, or Microsoft Teams). The bot records the meeting audio and produces a diarized transcript via our recording sub-processor (Recall.ai). The transcript is summarized by an LLM and the summary plus the underlying transcript are stored in the organization’s workspace for the coach to review.

The bot appears in the meeting as a visible participant so everyone present knows the call is being recorded. Coaches must comply with applicable consent-to-record laws in their jurisdiction.

Usage and device data

  • Standard server logs: IP address, user agent, request paths, and timestamps. Kept up to 30 days for security and debugging.
  • Product-event metadata (e.g. “chat session started”) to support analytics that are visible to the organization’s admins. We do not use third-party ad trackers.

How we use the data

  • Provide the product to the organization that licensed it — running the AI concierge, generating summaries and memories, scheduling meetings, sending warm-intro emails when an entrepreneur and coach decide to introduce a third party.
  • Generate analytics and reporting for the organization’s admins about their own clients and resources.
  • Authenticate users and keep accounts secure.
  • Improve product reliability and detect abuse. We do not train large language models on customer content. Conversations, transcripts, documents, and meeting summaries are not fed back into model training, by us or our LLM providers (we use providers whose terms forbid training on API inputs by default).
  • Communicate with you about account, billing, security, and product-update matters.

Who we share data with (sub-processors)

We use the following sub-processors to operate the platform. Each one is contractually bound to confidentiality and only processes data on our instructions:

  • Supabase — Postgres database, authentication, and file storage. Hosts the canonical copy of all customer data.
  • Anthropic — LLM provider for summarization, memory extraction, Ask Ena, and chat responses (Claude models). API content is not used for training under Anthropic’s commercial terms.
  • ElevenLabs / Retell AI — Voice agent infrastructure. Transports audio between the browser and the AI concierge during voice sessions.
  • Recall.ai — Meeting recording and transcription. Joins meetings the coach has opted in to record and returns the diarized transcript to Ena.
  • OpenAI — Embeddings only (text-embedding model). Used to index uploaded documents for retrieval.
  • SendGrid (Twilio) — Transactional email (warm-intros, notifications).
  • Google — Calendar integration as described above, and Google Meet links generated when meetings are booked.
  • Vercel — Hosting for the web application.

We do not sell personal information to anyone. We do not share data with advertisers. We do not use customer content to train AI models.

Where data is stored

The platform is hosted in the United States. Customer data is stored in Supabase’s US region. Some sub-processors may process data in other regions to deliver their service (for example, Recall.ai may use US, EU, or other regions depending on the recording region the organization selects). If your organization has data-residency requirements, contact us before onboarding so we can configure the workspace accordingly.

How long we keep it

  • Customer data (conversations, documents, recordings, applications, coach notes) is retained for as long as the organization’s subscription is active and for up to 90 days after termination, after which it is deleted unless the organization has requested earlier deletion or an extended retention.
  • Account data for individual users is retained while the account is active and for up to 30 days after deletion.
  • Server logs are kept up to 30 days.
  • Google OAuth tokens are deleted immediately when a coach disconnects Google or when the staff account is deleted.

Your rights

You can access, correct, export, or delete your personal data by emailing privacy@enaintelligence.com. If you are a client of an organization using Ena, we will direct your request to that organization’s administrators, who control the data, and assist them in responding. Depending on your jurisdiction (GDPR, CCPA, PIPEDA, etc.), you may also have rights to object to processing, restrict processing, or lodge a complaint with your data protection authority. We honor those rights and will respond within the timelines required by applicable law.

Security

We use industry-standard practices to protect your data: transport encryption (TLS) in transit, encryption at rest on the database and storage layers, row-level security to enforce tenant isolation in Postgres, OAuth refresh tokens stored encrypted, and least-privilege access for our team. No system is perfectly secure. We disclose security incidents that materially affect customer data without undue delay and in accordance with applicable law.

Children

Ena is a B2B product for adult professionals and entrepreneurs. We do not knowingly collect data from anyone under 16. If you believe a minor has provided information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be announced via email to administrators of organizations using Ena and reflected in the “Last updated” date at the top of this page.

Contact

Questions, requests, or complaints related to this policy: privacy@enaintelligence.com.

© 2026 Ena Intelligence · enaintelligence.com · Terms