Privacy Policy

1. Information we collect

We collect only the information needed to operate the Service, improve timing bands, and provide you with briefs and analytics.

• Account information. When you create an account, we collect your name (or alias), email address, password (hashed), role, and basic profile or organization details you choose to provide.
• Calendar and event metadata. If you connect a calendar integration (such as Google Calendar), we request permission to read event metadata in order to overlay Enuma bands. This typically includes event titles, start and end times, time zone, participants, and short descriptions. We do not need or use the full content of your communications.
• Ledger entries and outcomes. When you log decisions and tag outcomes, we store the information you enter (for example, type of decision, date and time, band classification, and self-reported result) so we can maintain your ledger and personalize your bands over time.
• Billing information. When you subscribe to a paid plan, payment information is processed by our third-party payment provider (such as Stripe). We receive limited billing information (for example, the last four digits of a card, expiration month/year, billing address, subscription status), but we do not store full credit card numbers on our servers.
• Log data and usage information. We may automatically collect technical information about how you use the Service, including IP address, device and browser type, operating system, pages viewed, timestamps, and error logs. We use this to maintain security, prevent abuse, and improve reliability.
• Optional profile details. You may choose to provide additional information such as preferred time zone, location, or (optionally) a birth date for certain features. Providing this information is voluntary, and you can remove or update it in your settings.

2. How we use information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service.
• To compute and display Enuma, Neutral, Taboo, and Fog bands on your calendar and dashboards.
• To generate briefs, summaries, alerts, and analytics based on your logged events and bands.
• To personalize bands over time using your own logged outcomes and ledger history.
• To process payments, manage subscriptions, and communicate about billing.
• To send you transactional messages (for example, password resets, security alerts, billing notices) and, where permitted, product updates or announcements.
• To monitor and protect the security and integrity of the Service, prevent fraud and abuse, and comply with legal obligations.

3. Legal bases for processing (where applicable)

Where data protection laws such as the EU/UK GDPR apply, we rely on one or more of the following legal bases:

• Performance of a contract (to provide you with the Service).
• Legitimate interests (for example, securing and improving the Service).
• Your consent (for example, for optional features, certain analytics, or marketing communications where required).
• Compliance with legal obligations.

4. Cookies and similar technologies

We may use cookies and similar technologies to keep you signed in, remember your preferences, and measure aggregate usage. You can adjust your browser settings to refuse cookies or alert you when cookies are being sent. Some features of the Service may not function properly without essential cookies.

5. Google Calendar and Google user data

When you connect Google Calendar, Enuma Index uses Google APIs to access your calendar data. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We use Google Calendar data only to provide user-facing features in Enuma Index, such as band overlays, suggestions for cleaner windows, and related briefs and analytics for your own account.
• We do not use Google Calendar data to build ads, advertising audience segments, or for selling to third parties.
• We do not allow humans to read your Google Calendar data except where reasonably necessary for operating, securing, or improving the Service (for example, investigating abuse or debugging a support request), or where required by law.
• You can disconnect Google Calendar at any time from your account settings. After disconnection, we will no longer access new data from your Google account, though we may retain limited historical records as described in this Policy and as required for security or compliance.

6. How we share information

We do not sell your personal data. We share information only as needed to operate the Service, comply with the law, or protect our rights.

• Service providers. We may share information with trusted vendors and processors that perform services on our behalf, such as cloud hosting, logging and monitoring, analytics, email delivery, and payment processing. These providers are contractually required to protect your information and use it only for the services they provide to us.
• Calendar and integration partners. When you connect a third-party calendar or integration, we exchange the minimum necessary data to enable the integration in accordance with your settings and the provider's terms.
• Compliance and safety. We may disclose information if we believe in good faith that it is reasonably necessary to (a) comply with applicable law, regulation, legal process, or governmental request; (b) protect the safety or rights of any person; or (c) detect, prevent, or address fraud, security issues, or technical problems.
• Business transfers. If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to continued protection consistent with this Policy.

7. Data retention

We retain your information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated personal data, subject to certain legal or operational retention requirements (for example, billing records).

8. Security

We use reasonable technical and organizational measures designed to protect your information, including encryption in transit, access controls, and restricted access to production data. However, no system can be completely secure, and we cannot guarantee absolute security of your information.

9. Your rights and choices

Depending on your location and applicable law, you may have certain rights regarding your personal data, such as:

• Accessing the personal data we hold about you.
• Correcting inaccurate or incomplete data.
• Requesting deletion of your personal data.
• Objecting to or restricting certain processing, including for direct marketing.
• Requesting a copy of your data in a portable format.
• Withdrawing consent where processing is based on your consent (this will not affect the lawfulness of processing before withdrawal).

You can exercise many of these rights directly in your account settings (for example, disconnecting a calendar, editing profile details, or cancelling a subscription). You can also contact us using the details below to make a request. We may need to verify your identity before responding.

10. Children's privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data in violation of this Policy, please contact us so we can take appropriate steps.

11. International data transfers

We may process and store information in countries other than the one where you are located. Where required by law, we will take steps to ensure that appropriate safeguards are in place to protect your personal data when it is transferred internationally.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending an email or in-app notice. Your continued use of the Service after any changes takes effect constitutes acceptance of the updated Policy.

13. Contact us

If you have questions about this Privacy Policy or how we handle your data, or if you wish to exercise your rights, please contact us at:

Email: privacy@enumaindex.com

This Privacy Policy is provided for informational purposes and does not constitute legal advice. For specific compliance obligations in your jurisdiction, you should consult with qualified counsel.