Privacy Policy

Through the Site. When you visit entvas.com, we collect information you choose to provide — such as your name, email address, phone number, and company details when you fill out a contact form or schedule a strategy session — along with standard technical information such as IP address, browser type, and pages visited, collected through cookies and similar analytics technologies.

Through the Platform Services. The Platform Services are business tools we build for our clients. When a client uses a Platform Service, we collect and process: account information for the client's authorized users, such as name, email address, and phone number; business records the client manages within the Platform Service, such as customer contact information, appointments, job and lead details, messages, invoices, and reviews; and connected service data. When a client authorizes a connection between a Platform Service and a third-party service (for example, Thumbtack or Google Calendar), we receive data from that service as permitted by the client's authorization — such as incoming leads, customer messages, calendar events, and review information. These connections use the third party's official, secure authorization methods (such as OAuth), and we do not ask for or store the client's password to any third-party service.

We use the information we collect to: provide, operate, maintain, and support the Site and the Platform Services; display a client's business information — leads, messages, appointments, and reviews — within that client's own Platform Service; send communications the client has configured within their Platform Service, such as appointment reminders and follow-up messages to the client's own customers; respond to inquiries, provide customer support, and communicate about our services; and secure and improve our services, prevent misuse, and comply with legal obligations.

We do not sell personal data. We do not use personal data for advertising. We do not use data obtained through Platform Services for purposes unrelated to providing those services to the relevant client.

Where a Platform Service connects to Google services, Entvas's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data received from Google APIs is used only to provide and improve the features of the Platform Service the user has authorized, is never used for advertising, and is never sold.

We share personal data only in the following circumstances. Service providers: we host our infrastructure on Amazon Web Services (AWS) in the United States and use a small number of service providers (such as communications carriers for sending text messages and email) strictly to operate our services; these providers are permitted to use the data only to provide services to us. The relevant client: data processed within a Platform Service belongs to and is accessible by the client for whom we operate that service. Connected services: when a client uses their Platform Service to take an action on a connected third-party service (for example, replying to a customer message), the relevant data is transmitted to that service. Legal requirements: we may disclose information when required by law, subpoena, or court order, or to protect the rights, safety, or property of Entvas, our clients, or others. Business transfers: if Entvas is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to this policy.

We retain Site inquiry data for as long as needed to respond to and manage the relationship. Data within a Platform Service is retained for the duration of our engagement with the relevant client. When an engagement ends, or when a client disconnects a connected service or requests deletion, we delete the associated data from our active systems within 90 days, except where retention is required by law or for the establishment or defense of legal claims. Residual copies in encrypted backups are deleted in the ordinary course on our standard backup rotation schedule.

We use administrative and technical safeguards designed to protect personal data, including encryption of data in transit, encryption at rest, AWS security infrastructure, role-based access controls, and secrets management for service credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to protect your information consistent with the sensitivity of the data we handle.

Access, correction, and deletion: you may request access to, correction of, or deletion of your personal data by contacting us using the information below; we will respond within a reasonable time, generally within 45 days. Disconnecting services: a client may revoke a Platform Service's access to a connected third-party service at any time, either within the Platform Service or through the third-party service's own account settings; upon disconnection, we stop receiving data from that service. Communications: you may opt out of marketing emails using the unsubscribe link in any message, and text messages sent through a Platform Service support standard opt-out keywords such as STOP. End customers of our clients: if your information is in a Platform Service because you are a customer of one of our clients, that client controls your data; we will direct your request to them or assist them in responding.

Our Site and Platform Services are business tools and are not directed to children under 13. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated “Last updated” date. Material changes affecting Platform Service clients will be communicated directly.