Ensyra.ai Platform

Legal

Privacy Policy

Ensyra.ai Platform is a B2B commerce intelligence and decision workspace. This policy explains how Ensyra handles account data, workspace data, connector data, and Google Search Console data.

Last updated: 2026-05-05 Contact: privacy@ensyra.ai
Privacy Policy URL https://platform.ensyra.ai/privacy-policy
Terms of Service URL https://platform.ensyra.ai/terms-of-service
User Data Deletion URL https://platform.ensyra.ai/user-data-deletion

1. Who We Are

Ensyra.ai Platform, available at https://platform.ensyra.ai, helps authorized business customers combine commerce data, customer signals, search-demand data, and execution channels in one workspace.

For most workspace data, the customer organization is responsible for deciding what data is connected to Ensyra and how the platform is used. Ensyra processes that data to provide and secure the service.

2. Data We Collect or Process

  • Account and user data: user names, business email addresses, password hashes, authenticator setup status, session data, IP address, user agent, password reset records, role settings, and audit logs.
  • Workspace and commerce data: connector settings, customer profile fields, order and product events, campaign events, segments, analyses, decisions, approval history, output-channel settings, cost settings, and notes entered by authorized users.
  • Google Search Console data: when an administrator connects Google Search Console, Ensyra requests the read-only scope https://www.googleapis.com/auth/webmasters.readonly. Ensyra may read authorized site properties, property URLs, permission levels, search analytics dimensions such as date, query, page, country, device, and search type, and metrics such as clicks, impressions, CTR, and average position.
  • OAuth credentials: access tokens, refresh tokens, token expiry information, and related connector metadata needed to keep the Google Search Console connector working. Tokens are encrypted at rest.
  • Technical data: logs, rate-limit records, security events, device/browser details, and performance data needed to operate, troubleshoot, and secure the service.

Ensyra does not use the Google Search Console connection to read Gmail, Google Drive, Google Calendar, or Google account profile data.

3. How We Use Data

  • To authenticate users, maintain sessions, enforce roles, and protect accounts.
  • To sync customer-approved connectors and display dashboards, customer profiles, segments, insights, ROI views, reports, and recommended actions.
  • To turn Google Search Console data into visible demand, seasonality, query, landing-page, and category signals inside Ensyra.
  • To generate analyses and decision support, including AI-assisted explanations where enabled. Ensyra may send selected, minimized workspace context to AI processors to provide visible product features; raw OAuth tokens are not sent to AI processors.
  • To provide support, debug issues, prevent abuse, monitor reliability, and comply with legal obligations.

4. Google API Data and Limited Use

Ensyra's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • Ensyra uses Google Search Console data only to provide or improve user-facing Ensyra features that are visible in the workspace.
  • Ensyra does not sell Google user data and does not use Google user data for advertising, credit eligibility, surveillance, or unrelated profiling.
  • Ensyra transfers Google user data only when necessary to provide or improve Ensyra features, for security, to comply with applicable law, or as part of a business transaction where legally permitted and subject to required consent.
  • Human access to Google user data is limited to support or security situations, compliance with law, or cases where an authorized customer asks Ensyra to investigate specific data.

5. Sharing and Subprocessors

Ensyra may share data with service providers that host, secure, monitor, support, or process the service under confidentiality and data-processing obligations. Ensyra may also send data to customer-configured connected services, such as commerce platforms, email platforms, advertising platforms, or webhooks, when an authorized user enables those connectors or output channels.

Ensyra may disclose information if required by law, to protect the service or users, or in connection with a merger, acquisition, financing, or sale of assets. Ensyra does not sell personal data or Google user data.

6. Security

Ensyra uses reasonable technical and organizational measures designed to protect data, including HTTPS in transit, encrypted sensitive connector credentials, password hashing, CSRF protection, rate limiting, role-based access controls, audit logging, and session security controls.

No system can be guaranteed to be perfectly secure. Customers are responsible for managing their users, permissions, source systems, and connected output channels.

7. Retention and Deletion

Ensyra retains data for as long as needed to provide the service, maintain security, meet contractual obligations, resolve disputes, and comply with legal requirements. Workspace administrators can remove connectors or wipe workspace data where the product provides those controls.

Deletion requests can be sent to privacy@ensyra.ai. Some information may remain in backups, logs, audit records, or records that Ensyra must keep for security, legal, or accounting reasons.

8. Your Choices and Rights

Users may request access, correction, deletion, restriction, export, or objection where applicable law gives those rights. Workspace administrators can manage user accounts, connector access, and some workspace data directly in the platform.

Google Search Console access can be revoked by deleting the connector in Ensyra, removing the stored tokens where available, or revoking the app from the connected Google account.

User data deletion instructions are available at https://platform.ensyra.ai/user-data-deletion. For Meta app deletion callbacks, Ensyra accepts signed deletion requests at https://platform.ensyra.ai/data-deletion-callback.

9. International Processing

Ensyra and its subprocessors may process data in countries other than the country where a user or customer is located. Where required, Ensyra uses appropriate contractual, technical, and organizational safeguards for those transfers.

10. Children

Ensyra is a business service and is not directed to children. Users must not submit data from children unless their organization has a lawful basis and appropriate safeguards for that processing.

11. Changes

Ensyra may update this Privacy Policy from time to time. If changes materially affect how Ensyra uses Google user data or personal data, Ensyra will update this page and provide additional notice or request renewed consent where required.

12. Contact

Privacy questions and data requests: privacy@ensyra.ai.

Product support: support@ensyra.ai.