Privacy Policy

When you use Endall or request a demo, we collect information you provide directly: your name, email address, company name, trade, and team size. We also collect usage data including pages visited, features used, and files generated within the platform.

We use your information to provide and improve the Endall platform, respond to demo requests, communicate about your account, and send relevant product updates. We do not sell your personal information to third parties.

Your data is stored on secure, encrypted servers. Documents and files generated through Ask Endall are stored in encrypted cloud storage and are accessible only to your account. We use industry-standard security measures to protect your information.

Endall uses third-party services for hosting (Vercel), data storage (Supabase), email delivery (Resend), and scheduling (Calendly). These services have their own privacy policies and are selected for their security standards.

Endall integrates with Google Gmail to enable contractors to send customer-facing estimate emails directly from their own Gmail account. When a contractor connects their Gmail account, Endall requests the https://www.googleapis.com/auth/gmail.send scope, which grants permission only to send emails on the contractor's behalf.

What we access: The gmail.send scope is the narrowest scope that enables email sending. Endall does NOT request read access to the contractor's inbox, modify access, label management, or any other Gmail permissions. We cannot read, delete, or modify any existing emails in the contractor's Gmail account.

How we use it: When a contractor approves an estimate email draft inside Endall, the email is sent through the Gmail API using the gmail.send scope. Each email requires explicit per-email contractor approval; Endall does not send emails autonomously.

How we store it: OAuth refresh tokens are encrypted at rest using Fernet symmetric encryption. Tokens are stored in our Supabase database and are never logged, transmitted to third parties, or used for any purpose other than sending emails on the contractor's behalf.

How to revoke: Contractors can revoke Endall's Gmail access at any time by visiting https://myaccount.google.com/permissions and removing Endall, or by disconnecting Gmail from within Endall's Settings > Integrations page.

Data retention: Endall does not store the content of sent emails beyond what is needed to display the contractor's sent history within Endall. Email content is not sold, shared with third parties, or used for advertising or training of AI models.

Endall's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can request access to, correction of, or deletion of your personal data at any time by contacting us at jake@endall.ai. We will respond to your request within 30 days.

We use essential cookies and local storage to maintain your session and preferences. We do not use tracking cookies or third-party advertising cookies.

We may update this policy from time to time. We will notify you of material changes via email or through the platform.

Questions about this policy? Email jake@endall.ai.