Privacy Policy

Our Privacy Principles

EnforceLogix is an enterprise security software company based in Florida. We provide SaaS and AI access enforcement technology, including browser-based controls, policy administration, telemetry, and related services that help organizations restrict access to approved tenants, workspaces, domains, and services.

We are thoughtful about the information we ask for, we collect only what we need to operate and secure the services, we retain information only for as long as we have a legitimate reason to keep it, and we do not sell personal information.

Because our product is used by security teams, we treat privacy and security as product requirements. We design the services to give customers practical visibility into what data is collected, why it is collected, and how it supports enforcement and audit outcomes.

Scope

This Privacy Policy applies to individuals who visit our website, communicate with us, evaluate our services, administer an EnforceLogix deployment, use an EnforceLogix-managed browser extension or software component, access our APIs or dashboard, or otherwise interact with EnforceLogix.

Depending on context, EnforceLogix may act as an independent controller or business for our own business operations, or as a processor, service provider, or contractor when processing Customer Data on behalf of an enterprise customer. Customer Data is governed by the customer's agreement with EnforceLogix, the Data Processing Addendum where applicable, and the customer's documented instructions.

Information You Provide

• Account and business contact information, such as name, work email, company, job title, phone number, billing contact, and communication preferences.
• Administrative information, such as tenant configuration, administrator actions, policy rules, approved tenants and workspaces, enrollment approvals, license records, support contacts, and audit settings.
• Support, sales, and communications information, such as messages, call notes, forms, meeting records, survey responses, attachments, and feedback.
• Authentication or integration information that a customer authorizes us to use, such as OAuth tokens, API tokens, identity-provider metadata, SaaS tenant identifiers, and other configuration data needed to connect the service to customer-authorized systems.
• Payment, procurement, and commercial information, such as subscription details, order history, invoices, tax information, and payment status. We may use payment processors and do not need full payment card data unless expressly stated by the payment provider.

Information We Collect Automatically

• Log information, such as IP address, browser type, operating system, device type, language preference, referring page, request time, and diagnostic events.
• Usage information, such as dashboard activity, administrative actions, feature usage, documentation searches, page views, and support interactions.
• Device and browser metadata, such as browser version, extension version, operating system, device identifiers, enrollment state, policy health, update status, and managed-device signals.
• Security and enforcement telemetry, such as requested SaaS or AI service, event time, URL host or domain, target tenant or workspace, policy rule matched, policy outcome, enforcement action, and identifiers needed to apply customer policy.
• Approximate location derived from IP address, such as country, region, city, or network location, for security, fraud prevention, analytics, and legal compliance.
• Cookie and similar technology information, as described in the Cookie Policy.

Information From Other Sources

We may receive information from identity providers, SaaS platforms, browser stores, cloud platforms, security tools, customer systems, public sources, marketing providers, resellers, referral partners, or other third parties when permitted by law and customer configuration.

For example, if a customer enables Google, Microsoft, or other identity or SaaS integrations, we may receive basic profile information, tenant metadata, workspace identifiers, user identifiers, group membership, authentication signals, or other data made available through the authorized integration.

How We Use Information

• Provide, operate, secure, maintain, troubleshoot, and improve the services.
• Enroll devices, validate installation health, apply customer policies, enforce approved tenant and workspace access, and generate audit records.
• Authenticate users, administer accounts, manage subscriptions, process payments, deliver support, and communicate with customers and prospects.
• Detect, investigate, and prevent abuse, malware, policy bypass, fraud, security incidents, unauthorized access, service misuse, and illegal activity.
• Analyze usage, performance, reliability, support needs, product quality, and aggregated security outcomes.
• Develop and improve features, including automated analysis and private AI-assisted workflows, provided that Customer Data is not made available to third-party model providers to train their general models unless expressly agreed in writing.
• Send transactional, security, administrative, legal, and account communications, and send marketing communications where permitted by law and user preferences.
• Comply with legal, contractual, accounting, tax, export, sanctions, cybersecurity, and regulatory obligations.
• Protect the rights, safety, availability, confidentiality, integrity, and property of EnforceLogix, customers, users, and the public.

Legal Bases for Processing

Where a legal basis is required, we rely on one or more of the following: performance of a contract, legitimate interests, compliance with legal obligations, consent, protection of vital or important interests, and, where applicable, the customer's instructions as controller or business.

Our legitimate interests include providing and improving security services, protecting the services and customers from misuse, communicating about our services, measuring effectiveness of our website and outreach, maintaining business records, and enforcing legal rights.

Customer Data and Processor Role

Customer Data means data submitted to, collected through, generated by, or processed by the services on behalf of a customer. Customer Data may include customer employee or contractor information, corporate email addresses, browser client details, SaaS and AI service access metadata, tenant and workspace identifiers, policy outcomes, identity security events, and browser data or metadata related to enforcement and detection.

When EnforceLogix processes Customer Data as a processor, service provider, or contractor, we process it to provide the services, follow customer instructions, maintain security and reliability, deliver support, comply with law, and perform the applicable agreement. We do not sell Customer Data, use Customer Data for third-party advertising, or use Customer Data to train third-party foundation models.

Customers are responsible for their own legal basis, notices, consents, employment or monitoring disclosures, device-management authority, and configuration decisions for their users and environments.

Google APIs and Chrome Web Store Data

If a customer authorizes EnforceLogix to access Google APIs, Google Workspace data, or Chrome Web Store related data, EnforceLogix uses that information only to provide and improve customer-requested functionality, security enforcement, policy administration, support, troubleshooting, and compliance with customer instructions.

EnforceLogix's use and transfer of information received from Google APIs will adhere to the Chrome Web Store User Data Policy and the Google API Services User Data Policy, including the Limited Use requirements, to the extent those policies apply.

How We Disclose Information

We do not sell personal information. We disclose information only in limited circumstances:

• To customer administrators and authorized customer personnel for policy administration, enforcement visibility, audit, reporting, and support.
• To service providers and subprocessors that support hosting, cloud infrastructure, product operations, security, monitoring, error tracking, communications, support, analytics, payment, and business operations.
• To customer-authorized integration providers, identity providers, browser stores, SaaS platforms, AI services, and APIs when the customer configures or authorizes those connections.
• To professional advisors, auditors, insurers, banks, payment processors, legal counsel, and other business operations providers.
• To comply with law, legal process, subpoenas, court orders, government requests, sanctions screening, export control, or regulatory requirements.
• In connection with a merger, financing, acquisition, reorganization, bankruptcy, sale of assets, or similar corporate transaction, subject to appropriate confidentiality and continuity protections.
• With consent or at the direction of the customer or individual.
• As aggregated, anonymized, or de-identified information that cannot reasonably identify an individual or customer.

Cookies and Similar Technologies

We may use cookies, local storage, pixels, tags, SDKs, and similar technologies for website functionality, security, analytics, preferences, authentication, and product operations. Details are provided in the Cookie Policy.

At this time, the public marketing site does not intentionally use third-party advertising cookies. If we add optional analytics, advertising, embedded media, support chat, or product-login cookies that require consent, we will provide appropriate notices and controls where required by law.

Retention

We retain information for as long as reasonably necessary for the purposes described in this policy, including providing the services, maintaining security and audit records, resolving disputes, enforcing agreements, preserving business records, and complying with legal obligations.

As a general practice, website and service logs are retained only as long as needed for security, diagnostics, reliability, legal, or business purposes. Security logs and audit records may be retained longer where needed to investigate incidents, prove compliance, or support customer audit requirements.

When a customer removes an integration or token, we aim to delete or disable associated credentials promptly, subject to backups, logs, legal holds, and security records. Backups and caches are deleted according to scheduled retention cycles.

Security

We maintain administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, destruction, and loss. Safeguards may include access controls, encryption in transit, least-privilege administration, secure development practices, logging, monitoring, vulnerability management, and incident response procedures.

No online service can guarantee complete security. Customers remain responsible for securing their own administrators, endpoints, browsers, identity providers, SaaS environments, networks, credentials, policies, and deployment choices.

International Processing

EnforceLogix is based in Florida, and our cloud infrastructure and service providers may process information in the United States and other jurisdictions where they or their infrastructure operate. Where required, we use appropriate contractual, technical, and organizational safeguards for cross-border transfers.

Your Choices and Privacy Rights

• You may opt out of marketing emails by using the unsubscribe link or contacting us. We may still send security, transactional, legal, and account communications.
• You may request access, correction, deletion, portability, restriction, objection, or other rights available under applicable law.
• If a request relates to Customer Data that we process on behalf of a customer, we may refer the request to that customer or follow the customer's instructions.
• We may need to verify identity and authority before acting on a privacy request. Authorized agents may be required to provide proof of authorization.
• If applicable law gives you a right to appeal a denied request, you may appeal by replying to the denial or emailing legal@enforcelogix.com with the subject line Privacy Appeal.

Do Not Track, Sale, Sharing, and Targeted Advertising

Some browsers offer Do Not Track signals, but there is no consistent industry standard for responding to them. We currently do not respond to Do Not Track signals.

We do not sell personal information. We do not use Customer Data for cross-context behavioral advertising or targeted advertising. If our practices change in a way that requires additional notices or opt-out rights, we will update this policy and provide required controls.

Children

The services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child provided information to us, contact legal@enforcelogix.com.

Changes

We may update this Privacy Policy from time to time. The Last Updated date reflects the latest version. Material changes will be handled as required by applicable law or contract.

Contact

For privacy questions or requests, contact legal@enforcelogix.com.