Enduring Labs Privacy Policy

Effective Date: January 6, 2025

Enduring Labs Inc ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal information. By accessing or using our services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect the following types of information:

  • Personal Information: This includes your name, email address, and any other contact details you provide to us directly when you register for our services or communicate with us.
  • Service Data: When you use our services, we process email content and metadata through our systems for the purpose of providing our email organization services. This processing is temporary and conducted solely to provide our services.
  • Integration Data: We collect and store necessary authentication tokens and credentials required to maintain your authorized connection with email service providers.
  • Usage Data: We gather information about how you interact with our services, including feature usage, service performance metrics, and interaction patterns.

2. How We Use Your Information

We use your information for the following purposes:

  • a) To provide and maintain our services, including processing your emails for organization and labeling.
  • b) To improve and optimize our services, including enhancing our AI processing capabilities.
  • c) To communicate with you about service updates, technical notices, and support messages.
  • d) To protect our services and users from unauthorized access or potential breaches.
  • e) To comply with legal obligations and enforce our terms of service.

3. Artificial Intelligence Processing

Our services utilize artificial intelligence to process and organize your emails. You acknowledge and agree that:

  • a) We use third-party artificial intelligence providers to process email content. None of the third-party providers utilize our data to train generalized /non-personalized artificial intelligence models.
  • b) Your data is processed solely to provide our services and is not used to train generalized artificial intelligence models. This includes all data processed through the Google Workspace APIs, none of which are used to develop, improve, or train generalized/non-personalized AI and/or ML models.
  • c) Due to the probabilistic nature of machine learning, our services may occasionally produce unexpected results, and human review is recommended for critical communications.
  • d) While we aim to ensure the availability of these providers, we do not make any representations or warranties to ensure the availability of these providers

4. Data Protection and Security

We implement robust security measures to protect your information:

  • a) All data is encrypted during transmission and storage using industry-standard protocols.
  • b) Access to your information is strictly controlled and limited to employed personnel.
  • c) We regularly audit and update our security measures to maintain data protection.
  • d) All processing of personal data under this Privacy Policy is governed by our Data Processing Agreement (DPA), which is attached as Schedule 1 to this Privacy Policy and forms an integral part of this agreement.

5. Data Sharing and Third-Party Services

We do not sell your personal information. We share your information only in the following circumstances:

  • a) With third-party service providers who assist in operating our services, subject to strict confidentiality obligations.
  • b) With artificial intelligence processing providers, solely for the purpose of providing our services.
  • c) When required by law or to protect our rights and the safety of our users.

6. Your Rights

You have the right to:

  • a) Access your personal information and request details about how we process it.
  • b) Correct any inaccurate personal information we hold about you.
  • c) Request deletion of your personal information from our systems.
  • d) Withdraw your consent for data processing at any time.
  • e) Object to the processing of your personal information.

To exercise these rights, contact us at info@enduring-labs.com.

7. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the state of Delaware. All disputes arising from or relating to this policy shall be resolved exclusively in Delaware courts.

Schedule 1: Data Processing Agreement

Definitions.

1. For the purposes of this Data Processing Agreement (DPA):

  • "Controller", "Processor", "Data Subject", "Personal Data", "Processing", "Personal Data Breach" shall have the meanings given in applicable Data Protection Laws
  • "Data Protection Laws" means all applicable laws relating to data protection and privacy
  • "Sub-processor" means any Processor engaged by Enduring Labs who processes Personal Data on behalf of User

2. Roles and Responsibilities

2.1. The parties acknowledge that for the purposes of Data Protection Laws:

  • User is the Controller
  • Enduring Labs is the Processor
  • Enduring Labs' AI service providers are Sub-processors

2.2. The subject matter and details of the Processing are:
Subject Matter: Email organization and management services
Duration: Term of the main agreement
Nature and Purpose: Processing email content and metadata to provide the Services, including processing by AI service providers solely for the purpose of providing personalized services to the User. Such processing explicitly excludes the use of Personal Data for training, improving, or developing generalized or non-personalized AI/ML models
Types of Personal Data: Email addresses, names, email content, metadata
Categories of Data Subjects: User's email contacts and correspondents

3. Enduring Labs' Obligations

3.1. Enduring Labs shall:

  • a) Process Personal Data only on documented instructions from User, including regarding transfers to third countries
  • b) Ensure persons authorized to process Personal Data have committed to confidentiality
  • c) Implement appropriate technical and organizational measures to ensure security appropriate to the risk, including:
    • Encryption of Personal Data in transit and at rest
    • Ability to ensure ongoing confidentiality, integrity, availability
    • Regular testing and evaluation of measures
    • Access controls and authentication
    • Incident detection and response procedures
  • d) Respect the conditions for engaging Sub-processors, including:
    • Obtaining User's prior written authorization
    • Imposing the same data protection obligations
    • Remaining fully liable to User for performance
  • e) Assist User in:
    • Responding to Data Subject requests
    • Ensuring compliance with security obligations
    • Notifying Personal Data Breaches
    • Conducting impact assessments
  • f) At User's choice, delete or return Personal Data after end of Services

4. Sub-processors

4.1. User provides general authorization for Enduring Labs to engage Sub-processors, subject to:

  • Providing notice of any intended changes
  • Giving User opportunity to object within 30 days
  • Ensuring Sub-processor agreements include same obligations

4.2. AI Service Provider Restrictions. When Enduring Labs engages AI service providers as Sub-processors, such Sub-processors:

  • Shall process Personal Data solely to provide personalized services to the specific User
  • Are explicitly prohibited from using Personal Data for training, developing, or improving any generalized or non-personalized AI/ML models
  • Must contractually commit to these restrictions in their Sub-processor agreements with Enduring Labs

5. Audit Rights

5.1. Enduring Labs shall:

  • Make available information necessary to demonstrate compliance
  • Allow for and contribute to audits by User or designated auditor
  • Immediately inform User if instruction infringes Data Protection Laws

6. Personal Data Breaches

6.1. Enduring Labs shall:

  • Notify User without undue delay after becoming aware
  • Provide details of the breach and affected data
  • Assist User in meeting notification obligations
  • Document all breaches and remedial actions

7. International Transfers

7.1. Enduring Labs shall not transfer Personal Data outside approved jurisdictions without:

  • Implementing appropriate safeguards
  • Obtaining User's prior written consent
  • Ensuring compliance with Data Protection Laws

8. Liability

8.1. Any claims arising from breach of this DPA shall be subject to the limitations and exclusions of liability in the main agreement.