Engentfy
EN / ES
EN / ES

LEGAL

Privacy Policy

Last updated: April 23, 2026

This Privacy Policy explains how Engentfy collects, uses, shares, and protects information when you visit our websites, create an account, or use our products.

1. Introduction

This Privacy Policy (the "Policy") describes the privacy practices of Engentfy LLC ("Engentfy," "we," "us," or "our") for our websites at engentfy.com and our subdomains (collectively, the "Sites"), and our software products including Workforce, Suppliers, Community, and Newsletter (collectively, the "Services").

By using the Sites or Services, you agree to this Policy. If you do not agree, do not use the Sites or Services. This Policy is incorporated into and forms part of our Terms of Service.

Quick summary. We collect what we need to run the Services, keep your account secure, bill you correctly, and improve the product. We do not sell personal information. If you upload contact information about your leads or clients ("Lead Data"), you are responsible for obtaining the consents required by law to upload that data and to communicate with those people.

2. Who We Are

Engentfy LLC is a Florida limited liability company with offices at 407 Wekiva Springs Rd., Ste. 207, Longwood, FL 32779, United States. Engentfy is the controller of the personal information described in this Policy, except for Lead Data uploaded by our customers, for which the customer is the controller and Engentfy acts as a processor.

3. Information We Collect

3.1 Information You Provide

  • Account & profile information — name, business email, phone number, company name, role, password, and profile photo.
  • Billing information — billing address, tax ID where applicable, and payment method details. Payment card numbers are processed by our payment provider (Stripe) and are never stored on Engentfy servers.
  • Communications & support requests — messages you send through our forms, email, chat, or support channels.
  • Survey, feedback, and event data — optional information you provide when responding to surveys, feedback prompts, or registering for events.

3.2 Lead Data and Customer Communications

When you use Workforce or related Services, you may upload, import, or capture personal information about prospects, leads, clients, or other contacts ("Lead Data"). Lead Data may include name, phone, email, address, property preferences, transaction history, notes, and the content of communications ("Customer Communications") that you exchange with those people through the Services.

You are the controller of Lead Data. Engentfy processes Lead Data on your behalf and according to your instructions, as set out in our Terms of Service and any data processing addendum that applies to your account.

3.3 Information Collected Automatically

  • Device & usage data — IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, links clicked, time spent, and approximate location derived from IP.
  • Log data — application and server logs that record errors, security events, and feature usage.
  • Cookies & similar technologies — see Section 11.

3.4 Information from Third Parties

  • Single sign-on providers — if you sign in with Google, Microsoft, or another SSO provider, we receive basic profile information from that provider.
  • Integrations you authorize — when you connect a third-party service (e.g., a CRM, calendar, or messaging provider), we receive the data you authorize that service to share with us.
  • Lead-source platforms — if you connect lead-generation platforms (such as portal accounts you own), we receive the leads delivered to those platforms.
  • Service providers — fraud prevention, analytics, and enrichment vendors may provide us additional information about your account or device for security and operational purposes.

3.5 Information We Do Not Want

Do not upload to the Services any of the following: government-issued identification numbers, full payment card numbers, financial account numbers protected by the Gramm-Leach-Bliley Act, protected health information governed by HIPAA, biometric identifiers, information about children under 18, or any "sensitive personal information" under the California Consumer Privacy Act except as we explicitly support. If you do, you are responsible for that data and we may delete it.

4. How We Use Information

We use information to:

  • Provide, operate, maintain, secure, and improve the Sites and Services;
  • Create and manage your account, authenticate you, and provide customer support;
  • Process payments, send invoices, and administer subscriptions;
  • Send transactional messages (e.g., account notices, billing receipts, security alerts);
  • Send product updates and marketing where permitted by law (you can opt out at any time);
  • Analyze usage to develop new features, improve performance, and personalize the experience;
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our policies;
  • Comply with legal obligations and enforce our agreements;
  • Aggregate or de-identify data so it can no longer be reasonably linked to an identified person, and use that data for any lawful purpose.

5. Legal Bases for Processing (EEA, UK & Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to provide the Services you request.
  • Legitimate interests — to operate, secure, improve, and market our Services, where those interests are not overridden by your rights.
  • Consent — for non-essential cookies and certain marketing, where required.
  • Legal obligation — to comply with applicable laws, court orders, and regulators.

6. How We Share Information

We share information only as described below. We do not sell personal information for money.

  • Service providers (sub-processors). Vendors that host, secure, monitor, analyze, communicate with, or support the Services on our behalf — including cloud infrastructure (AWS / Vercel), payment processing (Stripe), transactional email (SendGrid), telephony & SMS (Twilio), error monitoring (Sentry), and product analytics. Each is bound by contract to protect the information and use it only for the services we engage them to provide.
  • Integrations you authorize. When you enable an integration, we share the data needed for that integration to function. Use of your data by the integration is governed by the third party's own terms and privacy policy.
  • Within your organization. If you use the Services through an organization or team, we share account and usage information with the account administrators and other authorized users in that organization.
  • Legal, safety & compliance. When we believe in good faith it is required by law, court order, subpoena, or government request, or necessary to protect the rights, property, or safety of Engentfy, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, subject to standard confidentiality protections.
  • With your consent. Where you direct us to share information with someone else.

7. International Data Transfers

We are based in the United States and our infrastructure is hosted primarily in the United States. If you access the Services from outside the United States, your information will be transferred to, processed, and stored in the United States and other countries that may not have the same data protection laws as your country. Where required, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses.

8. Data Retention

We retain personal information for as long as your account is active and as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account records — kept for the life of the account plus up to 24 months after closure.
  • Lead Data & Customer Communications — kept until you delete them or terminate your account, then permanently deleted within 90 days, except for backups (which roll off within 35 days) and where retention is required by law.
  • Billing records — kept for the period required by tax and accounting laws (typically 7 years).
  • Logs — typically retained 30 to 365 days.

9. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, network segmentation, regular vulnerability scanning, and employee training. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

10. Your Privacy Rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to certain processing of your personal information, and to withdraw consent where we rely on it. To exercise these rights, email [email protected]. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law (generally 30 to 45 days).

10.1 California (CCPA / CPRA)

California residents have the right to (a) know what personal information we collect, use, disclose, and share; (b) request deletion of personal information; (c) request correction of inaccurate personal information; (d) opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising; and (e) limit the use of sensitive personal information. We do not sell personal information for money, and we do not knowingly "share" it for cross-context behavioral advertising. We do not discriminate against users who exercise their privacy rights.

10.2 European Economic Area, United Kingdom & Switzerland

You have the rights to access, rectification, erasure, restriction, portability, and objection under the GDPR / UK GDPR. You also have the right to lodge a complaint with your local data protection authority.

10.3 Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other U.S. states with comprehensive privacy laws have rights similar to those above, including the right to access, delete, correct, and opt out of targeted advertising. Submit requests to [email protected].

11. Cookies and Similar Technologies

We and our service providers use cookies, pixels, local storage, and similar technologies to operate the Sites, remember your preferences, authenticate you, measure performance, and (where permitted) understand how you use the Sites. You can control cookies through your browser settings; blocking certain cookies may limit functionality. Where required by law, we present a cookie banner allowing you to accept or reject non-essential cookies.

Categories of cookies we typically use:

  • Strictly necessary — required for the Sites and Services to function (e.g., session, security, load balancing). Always on.
  • Functional — remember your preferences (e.g., language).
  • Analytics — measure how the Sites are used so we can improve them.
  • Marketing — may be set by third parties to measure and improve advertising. Off by default where consent is required.

12. Information About Leads — Notice to Customers

Customer responsibility. If you upload Lead Data or use the Services to communicate with consumers, you must (a) have a lawful basis to collect and process that information; (b) provide your own privacy notice to those people; (c) honor opt-out, do-not-call, do-not-text, and unsubscribe requests promptly; (d) comply with the Telephone Consumer Protection Act (TCPA), CAN-SPAM, state telemarketing laws, the Fair Housing Act, and all other applicable laws; and (e) maintain proof of consent where required. See our Terms of Service for details.

If a consumer contacts Engentfy about Lead Data held in your account, we will refer them to you as the controller of that information and may notify you so you can respond.

13. Children

The Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

14. Do Not Track

Some browsers offer a "Do Not Track" signal. Because there is no industry-standard way to respond to these signals, the Services do not currently respond to them. We honor opt-out preferences through our cookie banner and through your account settings.

15. Third-Party Sites and Services

The Sites and Services may contain links to third-party sites and services. Their privacy practices are their own and not governed by this Policy. We encourage you to review the privacy policies of any third-party services you use.

16. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will post the updated Policy with a new "Last updated" date and, where appropriate, notify you by email or through the Services. Continued use of the Sites or Services after an update constitutes acceptance of the revised Policy.

17. Contact Us

If you have questions about this Policy or our privacy practices, contact us at:

Engentfy LLC
407 Wekiva Springs Rd., Ste. 207
Longwood, FL 32779, United States
Email: [email protected]