Privacy Policy
Welcome to Endeva! Here’s a quick, non-binding summary of our Privacy Policy to help you understand the key points. The full, legally binding terms follow below.
- We Collect Only What's Necessary. We collect your account info (name, email) and the data you create (like documents, prompts, and app code) to make the service work. We also collect technical data (like IP addresses) for security.
- You Own and Control Your Data. You can access, correct, and delete your data. We don't sell your data to anyone.
- We Use Trusted Partners. We rely on third-party services for hosting (AWS), payments (Stripe), AI (OpenAI, Replicate), web search (Brave), and more. We vet them for their security and privacy practices.
- Powerful AI & Assistant Features. When you use our Assistant, we send your input to our partners to generate text, create images, or browse the web. We have agreements that prevent them from training their models on your data.
- You Are Responsible for Your Custom Apps. You can build your own apps on our platform. These apps can access your data, so you are responsible for ensuring they are safe and secure. Always review code before running it.
- Your Rights. You have the right to access, update, and delete your information. Just email us.
At Endeva, we are committed to protecting the privacy and security of our users. This Privacy Policy is designed to help you understand how we collect, use, share, and safeguard your personal information when you use our productivity application and related services (collectively referred to as the "Service").
This Privacy Policy is valid in conjunction with our Terms of Service. Any definitions outlined in the Terms of Service shall apply to this Privacy Policy.
1. Information We Collect
We collect information to provide and improve our Service. The types of information we collect can be categorized as follows:
1.1 Information You Provide to Us
- Account Information: When you register for an account, we collect your name and email address.
- User-Generated Content: We collect and store the data you create and upload. This includes files, documents, project details, prompts and instructions provided to the Assistant, code for Custom Applications, and other content you generate within your workspaces.
- Communication Data: When you contact us for support or other inquiries, we collect your email address and the contents of your communications to assist you.
1.2 Information We Collect Automatically
- Device and Connection Information: We collect information about the device you use to access our Service, such as your IP address, operating system, and browser type. This data is used for security purposes, such as helping workspace admins detect unusual activity and preventing unauthorized access.
- Cookies: We use essential cookies for session management, security, and load balancing. These cookies are necessary for the proper functioning of the platform and do not track you across other sites.
1.3 Data Processed on Your Behalf
- Third-Party Website Data: When you use features like our Assistant to browse the web, we process information from third-party websites at your direction. This data is retrieved on your behalf and incorporated into your workspace as User-Generated Content.
2. How We Use Your Information
2.1 Purpose of Data Usage
We use the information we collect for the following purposes:
- To Provide and Maintain the Service: To authenticate users, manage accounts, and deliver the core functionalities of the platform.
- To Operate Assistant and AI Features: To process your prompts and commands to generate text and images, perform web searches, and browse websites on your behalf.
- To Enable Custom Applications: To run the Custom Applications you create and provide them with the necessary API access to your workspace data and platform tools.
- To Improve and Secure the Service: To monitor for security threats, prevent fraud and abuse, and analyze aggregated, non-identifiable data to improve our service features and performance.
- To Provide Customer Support: To respond to your requests, troubleshoot issues, and gather feedback.
- For Billing and Payments: To process payments, manage subscriptions, and send invoices through our payment processor, Stripe.
- To Comply with Legal Obligations: To adhere to applicable laws, regulations, and lawful governmental requests.
2.2 Legal Basis for Data Processing (for EEA/UK Users)
If you are in the European Economic Area (EEA) or the UK, our legal basis for collecting and using your personal data is as follows:
- Performance of a Contract: We process your data to fulfill our contractual obligations to provide you with the Service.
- Legitimate Interests: We process your data for our legitimate interests, such as for security and service improvement, provided these interests are not overridden by your data protection rights.
- Legal Obligation: We may process your data to comply with a legal requirement.
3. Data Sharing and Subprocessors
We do not sell your personal data. We share information only with third-party service providers (subprocessors) who help us operate, provide, and improve our Service. We ensure these subprocessors adhere to strict data protection and confidentiality standards.
We share data with the following categories of subprocessors:
- Cloud Infrastructure Providers: To host our application and store your data.
- Payment Processors: To securely handle billing and payment information.
- Email Service Providers: To send transactional emails and important service notifications.
- Security and Performance Providers: To protect our Service from threats like DDoS attacks and to enhance performance.
- AI Service Providers: To power AI-driven features like text and image generation.
- Web Search and Data Extraction Providers: To enable web search and content fetching capabilities for our Assistant.
Our current list of major subprocessors is below:
| Service Provider | Purpose | Privacy Policy |
|---|---|---|
| Cloudflare | DDOS protection, caching | Link |
| AWS | Cloud hosting | Link |
| Stripe | Payments | Link |
| Postmark | Emails | Link |
| OpenAI | AI text + audio generation | Link |
| Anthropic | AI text generation | Link |
| AI text generation (Gemini) | Link | |
| Replicate | AI image generation | Link |
| Brave Software Inc. | Web search API | Link |
| VostokInc (ScrapingBee) | Web crawling / data extraction | Link |
4. Your Data Protection Rights
You have the following rights regarding your personal data:
- Right to Access: You can access most of your data directly within your account settings.
- Right to Rectification: You can correct inaccurate or incomplete data through your account settings or by contacting us.
- Right to Erasure (Deletion): You can request the deletion of your account and associated data.
- Right to Data Portability: You can request a copy of your personal data in a machine-readable format.
To exercise any of these rights, please contact us at support@endeva.app. We will respond to your request without undue delay, in accordance with applicable data protection laws.
Note on Workspace Data: Data within a workspace is controlled by that workspace's owner or organization. Requests to modify or delete workspace data may require approval from your workspace administrator to ensure data integrity and prevent unauthorized actions.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the Service. We may also retain data to comply with our legal obligations, resolve disputes, and enforce our agreements. Data fetched from third-party websites on your behalf via the Assistant is considered User-Generated Content and is subject to the same retention policies as other data in your workspace. When data is no longer needed, it will be securely deleted in accordance with our policies.
6. Assistant, AI, and Web-Enabled Features
Our Service includes powerful features powered by artificial intelligence and web-automation tools. Your use of these features is subject to the following conditions:
6.1 Text and Image Generation
When you use our Assistant to generate text or images, the input you provide (e.g., text from your documents, prompts) is sent to our AI service providers (such as OpenAI, Anthropic, Google, and Replicate) to generate a response. We have configured our agreements with these providers to ensure they do not store your data or use it to train their models. Your data is processed only to fulfill your request and is not retained by them afterward.
6.2 Web Search and Browsing
When you instruct the Assistant to search the web or browse a website, we use third-party subprocessors (such as Brave Search and ScrapingBee) to perform these actions on your behalf. This means we are programmatically accessing external websites based on your command. The content retrieved is returned to you and may be stored in your workspace.
Please be aware that when you use this feature to interact with a third-party website, you are indirectly subject to that website's own terms and privacy policies. We encourage you to avoid using this feature for websites containing sensitive personal or confidential information.
7. Custom Applications and User Responsibility
Endeva provides tools that allow you to generate and run custom applications ("Custom Apps") within the platform. These apps run in an isolated iframe but can be granted programmatic access to your workspace data, platform APIs (such as AI models and web search), and storage.
While this enables powerful, customized workflows, it also carries significant security responsibilities. By creating and using Custom Apps, you acknowledge and agree to the following:
- You are the "Data Controller" of Your Apps: You are solely responsible for the design, functionality, and behavior of any Custom App you create or install in your workspace.
- Potential for Data Exposure: A poorly designed or malicious app could potentially access, modify, or leak your workspace data.
- Review All Code: We strongly recommend that you or a trusted technical resource manually review all code, especially AI-generated code, before running a Custom App to ensure it only performs the actions you intend.
- Disclaimer of Liability: Endeva provides the platform and tools for you to build apps, but we are not responsible or liable for any data loss, security breaches, or other damages caused by the functioning of a Custom App that you have created or authorized.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, through email. We encourage you to review this policy periodically.
9. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Endeva Corporation
1111B S Governors Ave, #3257
Dover, Delaware 19904
Email: support@endeva.app