Privacy Policy

1. Introduction and scope

Enduris LLC (“Enduris,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals who interact with us. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with:

• our website located at enduris.ai and any related subdomains (collectively, the “Site”); and
• our business operations, including marketing, sales, and customer support activities.

Who this policy covers. This Privacy Policy applies to visitors to our Site (“Site Visitors”); business representatives and employees of our customers and prospective customers (“Business Contacts”); and individuals who communicate with us for business purposes.

What this policy does not cover. This Privacy Policy does not govern employment and contractor relationships, which are governed by separate notices provided at the time of engagement.

If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, please also review Section 10. If you are located in Canada, please also review Section 11.

2. Information we collect

We collect personal information in the following categories and through the following means:

2.1 Information you provide directly

• Contact information: name, business email address, job title, employer name, phone number, and similar business contact details, collected when you request a demo, subscribe to communications, or otherwise contact us.
• Communications: the content of messages you send us via email, web forms, chat, or other channels, including inquiries and feedback.
• Event and webinar registration: name, employer, job title, and contact information provided when registering for events we host or co-sponsor.

2.2 Information collected automatically

When you visit our Site, we and our third-party service providers automatically collect certain technical and usage information, including:

• Device and browser information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Usage data: pages visited, links clicked, session duration, referring URLs, and navigation paths.
• Location data: general geographic location inferred from IP address (city/region level; we do not collect precise geolocation).
• Cookies and similar technologies: we use cookies, web beacons, pixels, and similar tracking technologies to operate the Site, analyze usage, and support marketing activities.

2.3 Information from third parties

We may receive personal information about you from third-party sources, including business data providers (we may supplement our records with firmographic and contact data from B2B data platforms for sales and marketing purposes); corporate partners and referral sources; publicly available sources such as public business directories and professional profiles; and analytics and advertising partners.

3. How we use personal information

We use personal information for the following purposes (with the corresponding GDPR legal basis noted where applicable):

• Operating, maintaining, and improving our Site — using contact information and usage data. Legal basis: legitimate interests.
• Responding to inquiries and demo requests — using contact information and communications. Legal basis: performance of contract; legitimate interests.
• Marketing and communications (with opt-out) — using contact information and usage data. Legal basis: legitimate interests; consent where required.
• Analytics — using usage data and technical data. Legal basis: legitimate interests.
• Security, fraud prevention, and abuse detection — using technical data and usage data. Legal basis: legitimate interests; legal obligation.
• Compliance with legal obligations — as required. Legal basis: legal obligation.
• Business transfers (see Section 4) — as applicable. Legal basis: legitimate interests.

We do not make solely automated decisions that produce legal effects concerning Site Visitors based on their activity on our Site.

4. How we share personal information

We do not sell personal information. We may share personal information in the following circumstances:

4.1 Service providers

We share personal information with third-party vendors and service providers that perform services on our behalf, including website and cloud hosting; analytics providers; customer relationship management and marketing automation platforms; customer support and ticketing tools; and communications providers such as email delivery, video conferencing, and scheduling. We require all service providers to maintain appropriate confidentiality and security obligations and to process personal information only as directed by us.

4.2 Corporate partners and affiliates

We may share personal information with our affiliated entities and, where relevant, with our corporate partners. Such sharing is subject to confidentiality obligations consistent with this Privacy Policy.

4.3 Business transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, bankruptcy, or similar transaction, personal information we hold may be transferred to or acquired by a successor entity. We will provide notice of any such transfer and any material changes to this Privacy Policy that result from it.

4.4 Legal requirements and protection of rights

We may disclose personal information if we believe in good faith that disclosure is necessary to comply with applicable law, regulation, legal process, or enforceable governmental request; enforce our Terms of Service or other agreements; detect, prevent, or address fraud, security incidents, or technical issues; or protect the rights, property, or safety of our company, our customers, or others.

4.5 With your consent

We may share personal information with third parties when you have given us your consent to do so, including in connection with co-marketing activities, joint events, or public testimonials.

4.6 Aggregated and de-identified data

We may share aggregated or de-identified information that cannot reasonably be used to identify any individual. We do not attempt to re-identify de-identified data.

5. Cookies and tracking technologies

We use cookies and similar tracking technologies on our Site to operate the Site, analyze usage, and support marketing. Where required by applicable law, we obtain your consent before placing non-essential cookies, and you may withdraw that consent at any time.

6. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention decisions are based on the nature and sensitivity of the personal information; the purposes for which we collected it; legal obligations (tax, regulatory, or litigation holds); our legitimate business interests including fraud prevention and security; and applicable statutes of limitations. Typical retention periods are:

• Contact information — duration of the business relationship plus 3 years.
• Marketing contact records — until opt-out or 3 years of inactivity, whichever is earlier.
• Communications records — 3 years from close of the matter.
• Usage and technical logs — 12–24 months (rolling).

Upon expiration of the applicable retention period, we will delete or anonymize personal information. Where immediate deletion is not technically feasible (e.g., data in backup systems), we will isolate the data from further processing until deletion is possible.

7. Data security

We implement and maintain reasonable and appropriate technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security program includes encryption of personal information in transit (TLS) and at rest; access controls and authentication requirements; vulnerability management; employee training on data handling and security practices; and incident response procedures, including breach notification protocols. No security program can guarantee absolute security. In the event of a security incident that affects your personal information, we will notify you as required by applicable law.

7.1 Vulnerability reporting

If you believe you have discovered a security vulnerability affecting our Site, please report it responsibly to us at hello@enduris.ai. Please include a description of the vulnerability, the potential impact, and steps to reproduce. We take all disclosures seriously and will investigate promptly.

8. Your privacy rights and choices

Depending on your location, you may have rights with respect to your personal information, including the right to access; to request correction of inaccurate or incomplete information; to request deletion, subject to certain exceptions; to request restriction of processing in certain circumstances; to portability; to object to processing based on legitimate interests or for direct marketing; and to opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at hello@enduris.ai.

8.1 How to submit a request

To exercise any of these rights, please contact Enduris LLC, Attn: Privacy, at hello@enduris.ai. We will respond to verifiable requests within the timeframes required by applicable law. We may need to verify your identity before processing your request, and we will not discriminate against you for exercising your privacy rights.

9. California privacy rights (CCPA/CPRA)

This section applies to residents of California. In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the California Consumer Privacy Act, as amended (“CCPA”):

• Identifiers (name, email address, IP address, device ID) — collected.
• Personal information under Cal. Civ. Code § 1798.80 (name, contact information) — collected.
• Commercial information (products or services inquired about, interactions with us) — collected.
• Internet or electronic network activity (usage data, browsing activity on our Site) — collected.
• Geolocation data (general location from IP address, city/region only) — collected.
• Professional or employment-related information (employer, job title) — collected.
• Inferences (marketing preferences) — collected.

California residents have the right to know the categories and specific pieces of personal information we have collected, the categories of sources, business purposes, and third parties involved; the right to delete personal information we collected from you, subject to certain exceptions; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information; and the right of non-discrimination. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising without your consent. If this practice changes, we will update this Policy and provide a “Do Not Sell or Share My Personal Information” link on our Site.

To submit a request, contact us as described in Section 8.1. We will respond to verifiable consumer requests within 45 days, with an extension of an additional 45 days where reasonably necessary. California Civil Code Section 1798.83 (“Shine the Light”) permits California residents to request information about disclosures of personal information to third parties for their direct marketing purposes; we do not make such disclosures without your consent.

10. Additional rights for EEA, UK, and Swiss residents

This section applies to individuals located in the European Economic Area, the United Kingdom, or Switzerland. For personal information processed in connection with our Site and marketing activities, Enduris LLC acts as the data controller.

Legal bases for processing include performance of a contract (Article 6(1)(b)) for responding to inquiries and providing information you request; legitimate interests (Article 6(1)(f)) for B2B marketing, analytics, and security and fraud prevention; legal obligation (Article 6(1)(c)) for compliance; and consent (Article 6(1)(a)) for cookie-based processing.

International data transfers. We are based in the United States. If you are located in the EEA, UK, or Switzerland, your personal information will be transferred to and processed in the United States. Where we transfer personal information to countries not recognized as providing adequate protection, we rely on Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum for UK transfers, adequacy decisions where applicable, or, in limited circumstances, your explicit consent. You may request a copy of the applicable transfer mechanism by contacting us at hello@enduris.ai.

Your GDPR rights. In addition to the rights described in Section 8, EEA, UK, and Swiss residents have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement (UK residents may contact the Information Commissioner’s Office at ico.org.uk), and the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing. We will respond to GDPR rights requests within one (1) month, extendable by two additional months where necessary.

11. Additional rights for Canadian residents

This section applies to individuals located in Canada, including residents of Quebec. Our collection, use, and disclosure of personal information about Canadian residents is governed by the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applicable provincial privacy legislation, including Quebec’s Law 25 as amended.

We collect, use, and disclose personal information with your knowledge and consent, except where otherwise permitted or required by law. For business contact information used for B2B marketing, we rely on implied consent consistent with CASL and applicable privacy law. You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at hello@enduris.ai. Our commercial electronic messages comply with Canada’s Anti-Spam Legislation (“CASL”); you may unsubscribe at any time using the mechanism in any such message, and we will process unsubscribe requests within 10 business days. Residents of Quebec also have the right to data portability in a structured, technological format and the right to lodge a complaint with the Commission d’accès à l’information du Québec.

12. Accessibility

Enduris is committed to making its Site accessible to individuals with disabilities. We strive for our Site to meet the Web Content Accessibility Guidelines (“WCAG”) 2.1 at Level AA. If you experience accessibility barriers on our Site or need information in an accessible format, please contact us at hello@enduris.ai, and we will work to provide the information or content in an alternative format.

13. Children’s privacy

Our Site is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without parental consent, we will promptly delete that information. If you believe we may have inadvertently collected such information, please contact us at hello@enduris.ai.

14. No offer or solicitation

Nothing on our Site constitutes an offer or solicitation of an offer to purchase or sell any security, investment, or other asset, or investment, legal, financial, or other professional advice. Any information regarding our company, products, or services is provided for general informational purposes only and does not constitute a basis for making any investment or business decision.

15. Third-party links

Our Site may contain links to third-party websites, products, or services. We are not responsible for the privacy practices of third parties, and this Privacy Policy does not apply to any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the revised Policy on our Site with an updated “Last Updated” date and, where appropriate, by other means. Your continued use of our Site after the effective date of any revised Policy constitutes your acceptance of the updated terms. We encourage you to review this Policy periodically.

17. Contact us

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact Enduris LLC, Attn: Privacy, at hello@enduris.ai.