Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains how Encloso (“Encloso,” “we,” “us,” or “our”) collects, uses, and protects information in connection with our websites and the Encloso platform (the “Service”). We built Encloso around privacy and encryption, and this policy reflects that commitment.

Contents

  1. Scope of This Policy
  2. Information We Collect
  3. How We Use Information
  4. Encryption & Zero-Knowledge
  5. Self-Hosted Deployments
  6. How We Share Information
  7. Service Providers
  8. Data Retention
  9. Your Rights
  10. Security
  11. Children’s Privacy
  12. International Transfers
  13. Changes to This Policy
  14. Contact

1. Scope of This Policy

This policy applies to information we process as a controller - primarily through our marketing website and when you contact us or purchase a plan. For self-hosted Encloso deployments, the operator of that instance (you or your organization) is the controller of the data processed within it; see Self-Hosted Deployments below.

2. Information We Collect

  • Contact information you provide when you email us or request a demo, such as your name, email address, and the contents of your message.
  • Account & billing information needed to provision and bill a hosted plan or license, such as your organization name, contact details, and payment records (payment card data is handled by our payment processor, not stored by us).
  • Usage and technical data such as IP address, browser type, and pages visited on our website, collected to operate and secure the site.
  • Platform content - messages, tickets, and files - which, on hosted instances, is stored in encrypted form as described below.

3. How We Use Information

We use the information we collect to:

  • Respond to enquiries and provide customer support;
  • Provision, operate, maintain, and secure the Service;
  • Process payments and manage subscriptions and licenses;
  • Send service-related communications, such as billing and security notices;
  • Comply with legal obligations and enforce our agreements.

We do not sell your personal information.

4. Encryption & Zero-Knowledge

Encloso encrypts message content on the client using AES-256, with keys exchanged via RSA, before it reaches the server. As a result, the server stores ciphertext and cannot read your message content. Because of this zero-knowledge design, we generally cannot access, recover, or disclose the plaintext of your encrypted content, even if compelled - and we cannot recover it if you lose your keys.

5. Self-Hosted Deployments

When you self-host Encloso, your platform data resides entirely on infrastructure you control. We do not have access to that data, and you are responsible for how it is collected, stored, and protected, including providing privacy notices to your own users and responding to their requests. This policy does not govern data processed within a self-hosted instance except where you separately engage us for support.

6. How We Share Information

We share information only as described here:

  • With service providers who process data on our behalf under appropriate confidentiality and security obligations;
  • When required by law or to respond to valid legal process;
  • To protect the rights, safety, and security of Encloso, our users, and the public;
  • In connection with a business transfer such as a merger or acquisition, subject to this policy.

7. Service Providers

We rely on trusted third parties to deliver the Service, which may include hosting, payment processing, email delivery, push-notification (e.g., Firebase Cloud Messaging), and bot-protection providers. These providers process information only as needed to perform their services for us.

8. Data Retention

We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When information is no longer required, we delete or anonymize it. For hosted plans, content is retained for the life of the account and for a reasonable export window after termination.

9. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, reach us via our contact page. We will respond within the timeframe required by applicable law.

10. Security

We use technical and organizational measures - including encryption, access controls, and the zero-knowledge architecture described above - to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children’s Privacy

The Service is not directed to children under the age of 13 (or the age required by your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us so we can remove it.

12. International Transfers

We may process and store information in countries other than your own. Where we transfer personal information across borders, we take steps to ensure it receives an adequate level of protection consistent with applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date and, where appropriate, provide additional notice. Please review this page periodically.

14. Contact

For any privacy questions or to exercise your rights, reach us through our contact page.