Privacy Policy

1. Introduction

Welcome to Engage Work ("we," "our," "us," or "Company"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our website, mobile applications, and related services (collectively, the "Services").

By using Engage Work, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

This Privacy Policy applies to all users globally and complies with:

• General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA)
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Google API Services User Data Policy, including the Limited Use requirements
• Other applicable data protection and privacy laws

1.1 Google API Services

Engage Work's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Key Commitment: We do not use data accessed from your Google account (including Google Drive, Gmail, Calendar, and other Google services) to create, train, or improve machine learning or artificial intelligence models. Google user data is used exclusively to provide and maintain the specific features and functionality of our Services that you have requested.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

Account Information:

• Name, email address, password
• Username and profile details
• Phone number (optional)
• Company name, role, and business contact details

Content and User Data:

• Documents, files, and content you upload or create
• Messages, prompts, and queries you submit to our AI features
• Responses and interactions with AI-generated content
• Comments, feedback, and support requests

Payment Information:

• Billing name and address
• Payment method details (processed securely through third-party payment processors; we do not store full credit card numbers)
• Purchase history and transaction records

Communications:

• Support tickets and customer service correspondence
• Survey responses and feedback
• Marketing preferences

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

Device and Usage Information:

• Device type, model, and manufacturer
• Operating system and version
• Mobile device identifiers (e.g., Advertising ID, Android ID)
• IP address and approximate location (based on IP)
• Browser type and version
• Screen resolution and device settings
• App version and build number

Usage Analytics:

• Pages or screens viewed
• Features accessed and time spent
• Click and tap patterns
• Navigation paths within the app
• Session duration and frequency of use
• Error logs and crash reports
• Performance metrics

Location Data:

• Approximate location based on IP address (always)
• Precise GPS location (only if you grant permission and for specific features)

Cookies and Tracking Technologies:

• Cookies, web beacons, pixels, and similar technologies
• Local storage and cached data
• Session identifiers and authentication tokens

2.3 Information from Third Parties

We may receive information from:

• Integration Partners: Google Workspace (Drive, Calendar, Gmail), Microsoft 365, Slack, Asana, or other productivity tools you connect. Data from Google services is used solely to provide the features you request and is subject to Google's API Services User Data Policy.
• Payment Processors: Google Play Store (for in-app purchases and subscriptions), Stripe, PayPal, or other payment providers
• Analytics and Advertising Partners: Google Analytics, Firebase Analytics, advertising networks (if applicable), crash reporting and performance monitoring services
• Public Sources: Publicly available information, where legally permitted

Important: When you connect third-party services like Google Workspace, we access only the data necessary to provide the requested functionality. We do not use this data for any other purpose, including AI/ML model training.

2.4 AI-Specific Data Collection

When you use our AI-powered features, we collect:

Interaction Data:

• Your prompts, questions, and input to AI models
• AI-generated responses and outputs
• Ratings, feedback, and corrections you provide on AI outputs
• Conversation history and context

Important: Data accessed from your Google account (including Google Drive, Gmail, Calendar, etc.) is used solely to provide and maintain our Services to you. We do not use Google user data to create, train, or improve machine learning or artificial intelligence models.

3. How We Use Your Information

3.1 Service Delivery and Operations

We use your information to:

• Provide, operate, maintain, and improve our Services
• Create and manage your account
• Authenticate users and maintain security
• Process transactions and manage subscriptions
• Enable AI features and generate responses
• Store and sync your data across devices
• Provide customer support and respond to inquiries
• Send service-related notifications and updates

3.2 Google User Data

Important Limitation: Data accessed from your Google account (including Google Drive, Gmail, Calendar, and other Google services) is used solely to provide and maintain the specific features and functionality of our Services that you have requested. We do not use Google user data to:

• Create, train, or improve machine learning or artificial intelligence models
• Develop new AI capabilities unrelated to the Services you requested
• Share with third parties for their model training purposes
• Serve advertisements or for marketing purposes

3.3 Analytics and Improvements

We analyze usage patterns to improve the functionality of our Services:

• Understand how users interact with our Services
• Identify popular features and pain points
• Optimize user experience and interface design
• Conduct A/B testing and experiments
• Generate aggregated statistics and insights

Note: This analytics does not involve using Google user data for AI/ML model training.

3.4 Communications

We may send you:

• Transactional emails (account confirmations, password resets, receipts)
• Service announcements and updates
• Security alerts and policy changes
• Customer support responses
• Marketing communications (you can opt out at any time)

3.5 Security and Fraud Prevention

We use your information to:

• Detect and prevent fraud, abuse, and security threats
• Monitor for unusual activity or violations of our Terms of Service
• Investigate and respond to security incidents
• Enforce our policies and legal rights
• Comply with legal obligations

3.6 Legal Compliance

We may process your data to:

• Comply with applicable laws and regulations
• Respond to legal requests (subpoenas, court orders)
• Protect our rights, property, and safety
• Enforce our Terms of Service and other agreements

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Consent: When you provide explicit permission (e.g., marketing emails, optional features)
• Contract Performance: To fulfill our obligations under the Terms of Service and provide the Services you requested
• Legitimate Interests: For purposes such as service improvement and development, security and fraud prevention, analytics and research, direct marketing (where permitted)
• Legal Obligation: To comply with laws, regulations, and legal processes
• Vital Interests: To protect your or others' safety in emergency situations

You have the right to withdraw consent or object to processing based on legitimate interests. See Section 10 for details.

5. How We Share Your Information

We do not sell your personal information to third parties.

We may share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who perform services on our behalf, including:

Infrastructure and Hosting:

• Cloud storage providers (e.g., Amazon Web Services, Google Cloud)
• Content delivery networks
• Database management services

Payment Processing:

• Google Play Store (for in-app purchases)
• Stripe, PayPal, or other payment processors

Analytics and Performance:

• Google Analytics, Firebase Analytics
• Crash reporting tools (e.g., Crashlytics, Sentry)
• A/B testing platforms

Communication Services:

• Email service providers (e.g., SendGrid, Mailchimp)
• Customer support platforms (e.g., Zendesk, Intercom)

AI and Machine Learning:

• Third-party AI model providers (to provide AI functionality within our Services)
• Natural language processing services (to deliver requested features)

All service providers are contractually obligated to use your data only for specified purposes, maintain appropriate security measures, and comply with applicable privacy laws.

Important: We do not share Google user data with AI service providers for model training purposes. Any data from your Google account is processed solely to provide the specific functionality you have requested within our Services.

5.2 Business Partners and Integrations

When you choose to connect third-party services (e.g., Google Drive, Slack), we share data necessary for those integrations to function. These third parties have their own privacy policies. Data accessed from Google services is subject to Google's API Services User Data Policy and is used exclusively for providing the integration features you requested.

5.3 Legal Requirements and Protection

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations (subpoenas, court orders, regulatory requests)
• Protect our rights, property, or safety
• Investigate fraud, security issues, or Terms of Service violations
• Protect the rights and safety of our users or the public

5.4 Business Transfers

If Engage Work is involved in a merger, acquisition, asset sale, bankruptcy, or reorganization, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Services before your information is transferred and becomes subject to a different privacy policy.

5.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for purposes such as:

• Research and analytics
• Industry reports and benchmarks
• Marketing and business development

6. Data Retention

6.1 Retention Periods

We retain your information for as long as necessary to:

• Provide the Services and maintain your account
• Comply with legal obligations (e.g., tax records, financial reporting)
• Resolve disputes and enforce our agreements
• Support legitimate business purposes

Specific Retention Periods:

• Account Data: Retained while your account is active, plus 90 days after account deletion (unless longer retention is required by law)
• AI Interaction Data: Retained for up to 2 years for quality and safety purposes, or until you request deletion
• Payment Records: Retained for 7 years as required by financial regulations
• Support Communications: Retained for 3 years
• Analytics Data: Aggregated data may be retained indefinitely

6.2 Deletion Requests

You may request deletion of your data at any time (see Section 10). Upon receiving a valid deletion request, we will:

• Delete your account and personal information within 30 days
• Retain certain information as required by law or for legitimate purposes (e.g., fraud prevention)
• Notify you upon completion

Note: Deletion may be delayed or denied if required to complete pending transactions, comply with legal obligations, resolve disputes or enforce agreements, or detect and prevent fraud or security issues.

7. Security Measures

We implement industry-standard security measures to protect your information, including:

Technical Safeguards:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication and password hashing
• Regular security audits and penetration testing
• Firewalls and intrusion detection systems
• Access controls and least-privilege principles

Organizational Safeguards:

• Employee training on data protection
• Background checks for personnel with data access
• Confidentiality agreements and policies
• Incident response and breach notification procedures

Application Security:

• Secure coding practices
• Regular security updates and patches
• Vulnerability scanning and monitoring
• Data backup and disaster recovery

Limitations: While we strive to protect your information, no online system is 100% secure. You use the Services at your own risk. We cannot guarantee absolute security against unauthorized access, hacking, data loss, or other breaches.

Your Responsibility: You are responsible for:

• Keeping your password secure and confidential
• Using strong, unique passwords
• Enabling two-factor authentication when available
• Logging out of shared devices
• Reporting suspected unauthorized access

8. International Data Transfers

Engage Work operates globally, and your information may be processed in countries other than your own, including the United States.

8.1 EEA, UK, and Swiss Users

If you are located in the EEA, UK, or Switzerland, your data may be transferred to countries that do not provide the same level of data protection as your home country. We use appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Data Processing Agreements with service providers

8.2 Cross-Border Transfers

By using our Services, you consent to the transfer, storage, and processing of your information in the United States and other countries where we or our service providers operate.

9. Third-Party Services and Links

9.1 Third-Party Integrations

Our Services may integrate with third-party platforms (e.g., Google, Microsoft, Slack). When you connect these services, you authorize us to access and process data from those platforms according to their terms and privacy policies.

We are not responsible for third-party privacy practices. Please review their privacy policies before connecting.

9.2 Third-Party Links

Our Services may contain links to external websites or services. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies.

9.3 Advertising and Analytics

We may use third-party advertising and analytics services, including:

• Google Analytics (with IP anonymization enabled)
• Firebase Analytics
• Advertising partners (if applicable)

These services may use cookies and tracking technologies. You can opt out of personalized advertising through your device settings (see Section 11).

10. Your Privacy Rights

Depending on your location, you may have the following rights:

10.1 Rights for All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Objection: Object to processing of your information for certain purposes
• Withdrawal: Withdraw consent for processing based on consent
• Account Management: Update your profile, preferences, and settings

10.2 Additional Rights for EEA/UK Users (GDPR)

• Data Portability: Receive your data in a structured, commonly used format
• Restriction: Request restriction of processing under certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Automated Decision-Making: Object to decisions based solely on automated processing
• Complaints: Lodge a complaint with your local data protection authority

10.3 Additional Rights for California Users (CCPA/CPRA)

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (we do not sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit use of sensitive personal information
• Authorized Agent: Designate an authorized agent to make requests on your behalf

10.4 How to Exercise Your Rights

To exercise any of these rights, please:

• 📧 Email: privacy@engagework.com
• 🌐 In-App: Use the "Privacy Settings" or "Data Requests" section
• 📝 Subject Line: Include "Privacy Rights Request"

Please provide:

• Your name and email address
• Description of the request
• Verification information (to confirm your identity)

Response Time: We will respond within 30 days (45 days for complex requests). We may request additional information to verify your identity.

11. Cookies and Tracking Technologies

11.1 Types of Technologies We Use

• Cookies: Small text files stored on your device to remember preferences and enable functionality
• Web Beacons/Pixels: Tiny images that track page views and email opens
• Local Storage: Data stored locally on your device for offline access and caching
• Mobile Identifiers: Device-specific identifiers (e.g., Android Advertising ID)
• SDKs: Third-party software development kits for analytics and functionality

11.2 Categories of Cookies

• Essential Cookies (Required): Authentication and security, service functionality, load balancing
• Analytics Cookies (Optional): Usage statistics, performance monitoring, error tracking
• Preference Cookies (Optional): Language settings, display preferences, saved filters
• Marketing Cookies (Optional): Advertising personalization, campaign tracking, retargeting

11.3 Managing Cookies and Tracking

Browser Settings:

• Most browsers allow you to block or delete cookies
• Visit your browser's help section for instructions

Mobile App Settings:

• Android: Settings > Google > Ads > Opt out of Ads Personalization
• Android: Settings > Google > Ads > Reset Advertising ID
• iOS: Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"
• iOS: Settings > Privacy > Apple Advertising > Disable Personalized Ads

Do Not Track: Our Services do not currently respond to "Do Not Track" browser signals, but we respect the opt-out mechanisms described above.

Impact of Disabling Cookies: Some features may not function properly if you disable cookies. Essential cookies cannot be disabled without affecting service functionality.

12. Children's Privacy

Our Services are not intended for individuals under the age of 16 (or the age of majority in your jurisdiction).

We do not knowingly collect personal information from children under 16. If you are under 16, do not use our Services or provide any personal information.

If we discover that we have collected information from a child under 16:

• We will delete that information promptly
• We will terminate the associated account

Parents/Guardians: If you believe your child has provided personal information to us, please contact us immediately at privacy@engagework.com.

Parental Controls: If you are 16-17 years old (or under 18 in your jurisdiction), we recommend parental or guardian supervision when using AI features.

13. AI-Specific Privacy Considerations

13.1 How We Use AI Interactions

Your interactions with AI features (prompts, queries, responses) may be:

• Stored to maintain conversation context and history
• Used to provide and improve the functionality of our Services to you
• Used to identify safety issues or security threats
• Reviewed by human moderators for quality assurance and safety purposes (in rare cases)

Google User Data: We do not use data accessed from your Google account (Google Drive, Gmail, Calendar, etc.) to create, train, or improve machine learning or artificial intelligence models. Google user data is used exclusively to provide the Services you have requested.

13.2 AI Content and Accuracy

Disclaimer: AI-generated content may contain errors, inaccuracies, or biases. You should verify important information independently and not rely solely on AI outputs for critical decisions.

13.3 Third-Party AI Services

We may use third-party AI models or services to provide functionality within our application. When we do:

• We use providers with strong privacy commitments
• We limit data sharing to what's necessary for functionality
• We ensure they comply with applicable data protection requirements
• We do not share Google user data with third-party AI providers for model training purposes

Note: Third-party AI providers process data solely to deliver the requested AI functionality within our Services and are contractually prohibited from using your data for their own model training or improvement.

14. Data Breach Notification

In the event of a data breach that affects your personal information:

Our Response:

• We will investigate the incident promptly
• Take steps to mitigate harm and prevent future breaches
• Notify affected users without undue delay
• Report to relevant authorities as required by law

User Notification:

• Email to your registered address
• In-app notification
• Public notice on our website (if large-scale breach)

Information Provided:

• Nature of the breach
• Types of information affected
• Steps we are taking
• Recommended actions you should take

Your Actions:

• Change your password immediately
• Monitor your accounts for suspicious activity
• Enable two-factor authentication
• Review your account activity

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our Services or business practices
• New legal or regulatory requirements
• User feedback and evolving privacy standards

15.1 Notice of Changes

Material Changes:

• Email notification to registered users
• Prominent in-app notice or banner
• Update to "Last Updated" date at the top
• At least 30 days' notice before changes take effect

Non-Material Changes:

• Updated "Last Updated" date
• No additional notice required

15.2 Your Acceptance

Continued use of our Services after changes take effect constitutes your acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Services and may request account deletion.

15.3 Version History

Previous versions of this Privacy Policy are available upon request. Contact us at privacy@engagework.com.

16. Contact Us & Data Protection Officer

16.1 General Inquiries

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

16.2 Data Protection Officer (DPO)

For EEA, UK, and Swiss users, our Data Protection Officer can be reached at:

📧 Email: dpo@engagework.com

16.3 Response Time

We aim to respond to all privacy inquiries within:

• 7 business days for general questions
• 30 days for data subject requests (may be extended to 45 days for complex requests)

17. Additional Information for Specific Jurisdictions

17.1 California Residents

CCPA/CPRA Disclosures:

Categories of Personal Information Collected (Last 12 Months):

• Identifiers (name, email, IP address)
• Commercial information (purchase history)
• Internet activity (usage data, cookies)
• Geolocation data (approximate)
• Professional information (company, role)
• Inferences (preferences, characteristics)

Sources: Directly from you, automatically from devices, from third-party integrations

Business Purposes: Service delivery, analytics, communications, security, legal compliance

Third-Party Disclosure: We share data with service providers and business partners as described in Section 5

Sale of Personal Information: We do NOT sell personal information

Sensitive Personal Information: We limit use of sensitive data to purposes disclosed in this policy

Shine the Light: California residents may request information about data shared with affiliates for marketing purposes

17.2 Nevada Residents

Nevada residents have the right to opt out of the sale of personal information. We do not sell personal information as defined by Nevada law. For questions, contact privacy@engagework.com.

17.3 Virginia, Colorado, Connecticut, and Utah Residents

Residents of these states have rights similar to CCPA, including access, deletion, correction, and opt-out rights. See Section 10 for how to exercise these rights.

17.4 EEA, UK, and Swiss Residents

You have rights under GDPR as described in Section 10. You may also lodge a complaint with your local supervisory authority:

• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• EEA: Your country's data protection authority - https://edpb.europa.eu/about-edpb/board/members_en