Privacy Policy

1. Introduction

Enso Webworks Private Limited ("Enso Webworks", "Enso", "Company", "we", "us" or "our") offers comprehensive suite of digital platforms and services that help our users explore new avenues, enhance productivity, communication and their true potential. Our offerings include:

• InfoQueries – InfoQueries provides real-time assistance powered by cutting-edge AI, delivering accurate information and support whenever you need it.
• InfoPhone – InfoPhone offers a secure environment for private conversations, prioritizing your privacy with advanced encryption and user-friendly interfaces.
• InfoMemo – InfoMemo will provide verified email IDs to ensure communication is authenticated and trustworthy. It's being designed to enhance the credibility of digital interactions, helping professionals and organizations maintain secure communication channels while preventing fraud or impersonation.
• InfoProfile – InfoProfile is designed to streamline your digital networking with intelligent features that enhance connectivity and collaboration, ensuring seamless communication across platforms.
• InfoCalling – InfoCalling is a professional communication platform for lawyers, doctors, designed to manage both online and offline appointments efficiently. It helps schedule, track, and follow up with clients or patients while keeping all communication secure.
• InfoConverse – a solution for hosting and managing online meetings.
• InfoDatabox – InfoContract will enable users to manage, sign, and track documents digitally. With features like e-signatures and secure document sharing, it will streamline contract workflows for businesses and professionals, ensuring legal compliance and efficiency.
• InfoContract – InfoContract will enable users to manage, sign, and track documents digitally. With features like e-signatures and secure document sharing, it will streamline contract workflows for businesses and professionals, ensuring legal compliance and efficiency.
• InfoLives – InfoLive will offer Single Sign-On (SSO) services, allowing users to access multiple applications with a single, secure login. It aims to simplify authentication workflows while enhancing security and user convenience across platforms.
• InfoTelecast – a livestreaming platform for broadcasting content in real time.
• InfoTodo – InfoTodo is planned as a task and notepad-like tool to help individuals and teams document their schedules, notes, and action items. Though still in development, it will focus on simplicity and ease of use, offering structured note-taking and task management to keep work organized and actionable.

You may choose to create a single account to access and manage personalized features as per your needs like saving documents on InfoMemo, hosting meetings on InfoConverse, or managing your professional profile on InfoProfile. However, several of our services and platforms can be used without signing in, such as browsing InfoQueries or viewing public live sessions on InfoTelecast. Further, you can use private or incognito browsing modes to keep your activity private.

You may use our services and platforms as per your convenience and requirements while having the full control over your personal data and maintaining your privacy.

Your privacy is of utmost importance and we are committed to protect it while safeguarding your personal data.

When you interact with any of our platforms (collectively referred to as "InfoSuite/InfoUniverse platforms"), you share some information directly and we collect some of it by collecting data about your usage, time spent, interactions with our products to enhance your experiences.

2. Applicability

This Privacy Policy uniformly applies to all our platforms (except InfoCalling) and to all users, however where local legal requirements differ, we have provided jurisdiction-specific information through Annexures attached to this policy at the end. We understand that you trust us with your information when you use any of our platforms. This policy explains that:

• Personal data we collect;
• Source of personal data;
• Need to collect data;
• How we use this data;
• Where and when do we share the data
• How you can manage your data
• The choices and rights that you have, to manage and delete your information; and
• Safety measures undertaken to safely handle your data;
• How to Contact us.

However, this Privacy Policy does not apply to third-party platforms, applications, websites, products, or services that may be linked to or integrated with our platforms. We encourage you to review the privacy policies of such third parties before sharing any personal data with them.

3. Personal data we collect

Enso collects data when you access InfoSuite/InfoUniverse platforms, for a variety of purposes described in forthcoming paragraphs including to operate effectively and provide you with the best experiences with our products.

Types of personal data we collect and process

The data we collect and process depends on your interactions with Enso, InfoSuite/InfoUniverse platforms and features you use, your privacy settings, location, and applicable laws.

This may include:

• Contact details: such as name, email address, phone number.
• Credentials: including passwords, authentication information, security hints /information used for authentication, account access and retrieving the account.
• Demographic information: such as age, gender, country, and language preference.
• Payment details: including account details, payment instrument numbers, CVV and related security codes.
• Subscription data: including your licenses, and entitlements.
• Interaction data: information about how you use InfoSuite/InfoUniverse platforms, including data you provide, your searches (e.g., search queries on InfoQueries), your likes, clicks etc. The interaction data may include the personal data you provide in order to make use of the platforms.
• Device and usage data: Data about your device, type of product, and the features you use, including information about your hardware and software, how our products perform, as well as your settings. For example:
  • Account history: Data about past and present activities associated with your account like username, email id, phone numbers etc.
  • Browse history: Data about the webpages you visit from your browser(s).
  • Device, connectivity, and configuration data: Your device configuration, the operating systems and other software installed on your device, including product keys. In addition, IP address, device identifiers, regional and language settings, and information about WLAN access points near your device.
  • Device and performance data: Data about the performance of the InfoSuite/InfoUniverse platforms and any problems you experience, including error reports, configuration and connectivity.
  • Troubleshooting and help data: Data you provide when you contact Enso for help, such as the InfoSuite/InfoUniverse platforms you use, and other details that help us provide support. For example, when you contact us, for customer support, phone or chat support sessions with our representatives may be monitored and recorded.
• Interests and favourites: Data about your interests and favourites, such as the sports teams you follow, the programming languages you prefer, the stocks you track, or cities you add to track things like weather or traffic. In addition to those you explicitly provide, your interests and favourites can also be inferred or derived from other data we collect, such as your interactions on websites where any of our platforms are used to deliver the results.
• Searches and commands: Search queries and commands when you use Enso platforms such as InfoQueries with search or related productivity functionality.
• Voice data: Your voice data such as search queries, commands, or dictation you speak, which may include background sounds.
• Images: Images and related information, such as picture metadata.
• Contacts and relationships: Data about your contacts and relationships if you use a platform such as InfoProfile to share information with others, manage contacts, communicate with others, or improve your productivity.
• Social data: Information about your relationships and interactions between you, other people, and organizations, such as types of engagement (e.g., likes, dislikes, events, etc.) related to people and organizations.
• Location data: Data about your device's location, which can be either precise or imprecise. For example, when you make a search to find nearby doctors, hotels restaurants around you or showing the road maps or places, you bookmark like home or work or wi-fi hotspots near you, cell towers or Bluetooth-enabled devices you are connecting with at different locations.
• Biometric data and identifiers: Data about you resulting from specific technical processing relating to your physical, physiological, or behavioural characteristics which allow or confirm unique identification.. Our collection and use of biometric data depend on the products and features you use in certain InfoSuite/InfoUniverse Platforms, as well as your consent.
• Document Content: Content of your files when you upload, receive, create or share. For example, if you transmit a file using InfoDatabox to another InfoDatabox user, we need to collect the content of that file to display it to you and the other user. Other content we collect when providing products to you include:
  • Communications, including audio, video, text (typed, dictated, or otherwise), in a message, email, call, meeting request, or chat.
  • Photos, images, songs, movies, software, and other media or documents you store, retrieve, or otherwise process with our cloud.
• Feedback and ratings: Information you provide to us and the content of messages you send to us, such as feedback, survey data, and product reviews you write.
• Traffic data: Data generated through your use of InfoUniverse Platforms. Traffic data indicates with whom you have communicated and when your communications occurred. We will process your traffic data only as required to provide, maintain, and improve our communications services and we do so with your permission or based on legitimate interest.

You control your personal data

You have full control over the personal data. You may choose not to provide your personal data; however, certain products or features may not be accessible if you decline to provide required data. When providing data is optional, certain personalized or enhanced features may not be available.

Similarly, if your personal data is necessary for legal, contractual, or operational reasons and you chose not to share it with us, we may be unable to provide you with full services or rich user experience or enter into or continue the contract, and we will inform you accordingly.

We may process personal data based on legal grounds depending upon your jurisdiction, including consent, legitimate interests, contractual necessity, and compliance with legal obligations.

4. Sources of personal data

Personal data collected directly: You provide some of this data directly, such as when you create an account on our platform on InfoProfile, submit a search query to InfoQueries, schedule a meeting on InfoConverse, upload a document on InfoDatabox, communicate via InfoPhone, or contact us for support.

We get some of it by collecting data about your interactions, use, and experience with our products and communications, Enso affiliates and subsidiaries.

Personal data collected through other sources: We also receive data from third parties and protect it in accordance with this Privacy Policy, applicable laws and any permissions or preferences you have opted. Such sources may include:

• Data brokers;
• Demographic data providers;
• Information shared by you on social/public platforms and user-generated content (e.g., reviews, social media);
• Communication and location service providers;
• Co-branding, marketing, and development partners; and

We may also collect information about you from publicly available sources like land records or exam results or if your name or business details appear in public records or online publications, our InfoQueries search engine may index that information and make it accessible to others through search results.

5. How we use personal data

Enso uses the data to provide you an immersive experience. In particular, we use the data to:

• operate our platforms, which include updating, securing, as well as providing support. This also includes storing and sharing your personal data when it is needed to carry out or execute the services you request.
• Improve, personalize, optimize the user experience, and develop our products.
• Communicate with you to improve campaign relevance and assess the effectiveness of marketing and referral programs.

We may use your personal data to provide and maintain our services and in accordance with law.

We may combine data to enhance the outcomes for you when you use two or more InfoUniverse Platforms.

We may conduct research, analytics and service enhancements.

Our processing of personal data may involve both human and automated methods. The automated methods are supported by our manual reviews to ensure quality and accuracy.

6. Collection of children data

Our platforms and services are not designed for or directed to attract children. We do not knowingly collect, use, or process personal data from individuals who are below the age of digital consent as defined under applicable data protection and child privacy laws.

7. Personal data processing

Below we outline the categories of personal data Enso collects, their sources, purposes of processing, and categories of recipients.

Categories of Personal Data

Categories of Sensitive Data

Depending on your privacy settings, consent, and product use, Enso may collect, and process, certain personal data that qualifies as "sensitive data" under applicable data privacy laws.

The following list outlines the categories of sensitive data Enso collects, their sources, purposes of processing, and categories of third-party recipients.

Enso does not use or disclose your sensitive data except for the following purposes:

• Perform the services or provide the goods you reasonably expect.
• Ensure the security and integrity of our services, systems, and data, prevent malicious deceptive, fraudulent or illegal acts, and to protect the physical safety of individuals.
• Short-term non-personalized advertising, without profiling.
• Perform services on behalf of Enso, such as maintaining accounts, providing customer service, processing payments, providing financing, providing analytics, providing storage, and similar services.
• Verify or maintain quality or safety of InfoSuite/InfoUniverse platforms.
• Any other activities permitted under applicable data privacy laws.

Purposes and legal bases for processing

Enso processes your personal data with your consent or as required to provide the features that you use, select, to perform a contract or legal obligations, ensure security of our other users and functionality of our servers. Apart from consent, we may also rely on contractual obligation, legal obligation, vital and public interest as the grounds for processing personal data. Our legal bases depend on how and which one of the InfoSuite/InfoUniverse platforms you use.

In certain cases, we may also process your data based on the basis of legitimate interest. However, in such cases, we carefully consider and balance those interests against your rights, interests and freedoms, ensuring that your rights are not overridden.

8. Purposes of processing:

We use data to operate our products and provide you with rich and interactive features. For example, if you enter a search query on InfoQueries, we use that query to display search results to you or inform when updates are available by way of notifications, pop-ups, emails.

• Product development and improvement. We may use your personal data to continually improve our services at InfoSuite/InfoUniverse platforms, including adding exciting new platforms, features, ways to interact as well as new capabilities. For example, we use error reports to improve security features, or voice recordings to develop and improve speech recognition accuracy.
• Personalization. Many products include personalized features, such as algorithm curated recommendations with the objective of enhancing your productivity and enjoyment. With your permission, we may use automated algorithmic processes to curate your InfoSuite/InfoUniverse experiences based on the data we have about you. For example, if you have a Enso account, with your permission, we can sync your settings on several devices. Many of our products provide controls to disable personalized features.
• Product activation. We use device related data such as device type, device location, and unique device, application, network, and subscription identifiers to activate products that require activation.
• Customer support. We use data to diagnose issues, troubleshoot and provide other customer support services, including to help us provide, improve, and secure the quality of our products, services, and training, and to investigate security incidents. Call recordings may be used to authenticate users and investigate security incidents.
• To secure and troubleshoot. Data is used to secure InfoSuite/InfoUniverse ecosystem that comprise our platforms and users, detecting malware and malicious activities, improving performance or compatibility issues. This may include using automated systems to detect security threats and safety issues.
• Updates and maintenance. We process certain device data to develop and deliver the software updates, latest features and security patches while ensuring optimum performances. For example, available memory of your device's, and evaluate whether your device is ready to process such updates.
• Promotional communications. We may use your personal data with your consent to deliver promotional and sponsored communications by email, SMS, in-app notifications, and telephone. You may manage or opt-out of these communications at any time. However, these choices do not apply to mandatory service communications that are part of certain InfoSuite/ InfoUniverse platforms.
• Relevant offers. We analyse data from a variety of sources to provide you with relevant and valuable information that will be best suited and relevant to you as per your usage patterns.
• Advertising. We only use personal data we collect through our interactions with you for advertising on InfoSuite/InfoUniverse platforms and on third-party platforms. We may use automated processes to deliver more relevant ads. Enso does not use your private communications like email, chats, video calls, voice mail, or your documents, photos, or other personal files to target ads to you.
• Transactions and commerce. We use your personal data to carry out transactions, offer subscriptions and payments, and to deliver purchased products or services with us.
• Reporting and business operations. We use data to analyse our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
• Legal compliance. We process your personal data to comply with applicable laws of your jurisdiction including those related to data protection, age verification, and consumer rights.
• Research and innovation. With appropriate technical and organizational measures, we may use your personal data to conduct research, including advanced machine learning and artificial intelligence capabilities for the benefit of the public interest or scientific purposes.

9. Sharing of personal data

We may share your personal data, only when necessary, with your consent or to complete a transaction or to deliver Enso services and features you have requested or authorized. For instance, we share your content with third parties when you instruct to do so, such as share photos and documents on InfoDatabox, or link accounts with another service. Or when you make a payment, we share transaction details with banks, card networks, or payment processors to complete the transaction, for fraud prevention and credit risk reduction.

We may also share limited data with our third-party advertising partners when you interact with a website or app that uses Enso's ad services, device or interaction data may be exchanged to help deliver relevant ads and assess performance.

Additionally, we may share personal data among Enso-controlled affiliates and subsidiaries for the purpose described in this privacy policy.

We may share personal data with our trusted vendors to provide support services such as customer care, hosting, etc. and they are bound by our data privacy and security requirements. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.

We may access, retain, transfer, disclose, or preserve personal data, including your content in private folders, when we have a good faith to belief that such action is necessary for of the following:

• Legal Compliance: Complying with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
• Safety and Harm Prevention: To protect our users, organizations, or public which may include detecting or preventing spam or combating harmful or illegal behaviour including the creation and sharing of harmful or illegal content.
• Security Operations: To securely operate our platforms, to prevent or stop an attack on our systems or networks.
• Protection of Enso's Rights and Property: It includes enforcing our User Agreement, Terms of Service and Community Guidelines. In case of misuse or potential misuse of Enso's Intellectual or physical property, we may refer the matter to law enforcement.

Please note that some of our platforms may be integrated with or link to third party services whose privacy practices differ from those of Enso. If you provide personal data to any of those products, your data is governed by their respective privacy policies.

Parties that control collection of personal data

In certain situations, Enso may allow a third party to control the collection of your personal data. Enso may permit advertising partners to collect personal data about your interactions with our websites to deliver personalized ads on its behalf, You may opt out from such sharing by contacting us.

Advertising

Advertising supports, sustains, and enhances InfoSuite/InfoUniverse platforms. Enso does not use what you say in emails, human-to-human chat, video calls or voicemail, or your documents, photos, or other personal files to target ads. We use other data, detailed below, for advertising on our InfoSuite/InfoUniverse platforms and on third-party platforms. For example:

• We may use data to select and deliver ads on third-party platforms.
• When the advertising ID is enabled, third parties may access it to deliver ads within applications.
• We may share data with partners so that the ads you see on our platforms and their products are more relevant and valuable to you.
• Advertisers may include Enso's web beacons to allow Enso to collect information on their sites. We use this data on behalf of our advertising customers to provide ads.

The ads that you see may be selected based on data we process about you, such as your interests and favourites, your location, your transactions, how you use our platforms, your search queries, or the content you view.

If you are signed in to your Enso account and have consented to personalized advertising, Enso may tailor ads to your online activity as mentioned in the sections below.

10. Managing your personal data

Enso provides various ways for you to access, manage, and control your personal data depending upon the platforms you navigate and information we collect and process. You may:

• Manage how Enso use your data for personalized advertising by contacting us.
• Choose whether to receive sponsored emails, SMS or calls, from Enso by visiting our privacy support and requests page.
• Exercise your data protection rights as per your jurisdiction by contacting our Data Protection Officer (DPO) using the details in Contact Us section.

Your Rights as Data Subjects

Regardless of your location, you have the following rights over the personal data that Enso processes about you:

• Right to withdraw your consent where processing is based on your prior consent.
• Right to be informed about how your personal data is collected and used.
• Right to request access to, correction of, or deletion of your personal data.
• Right to request portability of your data to another service.
• Right to object to or restrict the processing of your personal data. For example, you can object our use of your personal data for targeted marketing or advertisement purposes, or where we are processing your data based on public interest or our legitimate interest.

In some cases, your rights over your personal data may be limited by applicable law and may be declined with reason in written response.

If your Enso account is provided by an organization, contact your organization directly to manage your data access and control rights.

As mentioned above, you can exercise your data subject rights by contacting our DPO.

Browser-based controls

You can control some of your personal data through browser settings. For example:

• Cookie controls. You can manage or withdraw consent to cookies by using the browser's cookie settings in your browser as described in the Cookies section of this Privacy policy.
• Tracking protections. You can use tracking protection list in your browser that allow you to block trackers and prevent them from collecting data about your browsing activity.

11. Cookies and similar technologies

We use cookies and similar technologies to support core InfoSuite/InfoUniverse platform functionalities, personalize user experiences, maintain sessions, analyse usage trends, enhance security, and serve relevant targeted advertising. InfoSuite/InfoUniverse platforms use additional identifiers for similar purposes, and many of our websites and applications also contain web beacons or other similar technologies, as described below.

Our use of Cookies and Similar Technologies

The use of cookies depends on the context of your interaction and the InfoSuite/InfoUniverse platform in use. Common purposes include:

• Storing your preferences and settings. Cookies store your preferences and settings on your device to optimize user experience and avoid repeated configurations on your device. Further, if you opt out of interest-based advertising, we store that preference in a cookie on your device.
• Sign-in and authentication. We also use cookies to identify and authenticate your identity. When you sign in to one of InfoSuite/InfoUniverse platform using your Enso account, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie enables session continuity so you don't need to log in repeatedly while navigating between pages within the platform. You can also save your sign-in information(credentials) so you do not have to sign in each time you return to the InfoUniverse Platform.
• Security. We use cookies to process information that helps us to protect you, our products, as well as to detect fraud, abuse or any unauthorised activity.
• Storing information you provide to a website. We use cookies to remember information that you shared, such as when you add products to a shopping cart on one of the InfoSuite/InfoUniverse platform, we store the data in a cookie so that you can resume from the same place when you access that webpage later.
• Social media. Some of our platforms include social media cookies, including those that enable users who are signed in to the social media service to share content via that service.
• Feedback. Enso uses cookies to enable you to provide feedback on a platform.
• Interest-based advertising. Enso uses cookies to collect data about your online activity and identify your interests so that we can provide direct digital advertising. You can choose to opt out of receiving interest-based advertising from Enso as described above.
• Advertising display. Enso uses cookies to analyse the number of visitors and clicks on an advertisement and record which advertisements you have seen, so you do not see the same on a loop.
• Analytics. We use cookie identifiers to gather usage and performance data to develop other statistics about the operations of our products.
• Performance. Enso uses cookies to maintain and improve system performance such as load balancing cookies; this helps us keep our websites remain up and running.

Where required by law, Enso seeks your consent prior to placing non-essential and personal advertising cookies on your device.

Third-Party Cookies

In addition to the cookies Enso places on your device, we also use cookies from third parties to enhance your experience and services on our platforms. Some third parties place cookies directly when you visit Enso sites. This can happen in the following scenarios:

• Service providers that we engage to support platforms functionality.
• Content and advertising providers that deliver content on InfoSuite/InfoUniverse platforms, also place cookies on their own when their content is embedded on InfoSuite/InfoUniverse platforms (such as videos or news, or ads).

These third-parties process data in accordance with their own privacy policies, and may combine information about your activities across websites, apps, or online services. The types of third-party cookies in use will vary depending on the context, InfoSuite/InfoUniverse platform, as well as your account settings and permissions:

• Necessary cookies. Required cookies are used to perform essential functions such as to log you in, save your language preferences, improve performance, route traffic, page load times, and measure audiences. These cookies are necessary for our platforms to work.
• Social Media cookies. These cookies connect your InfoSuite/InfoUniverse activity to your social media profiles and may be used to show you relevant ads or tailored content.
• Analytics cookies. Third party analytics cookies are used to help us better understand how you use our platforms. They are used to gather information about the pages you visit and how many clicks you need to accomplish a task.
• Advertising cookies. Advertising cookies are used to track ads you click on or purchases you make to show relevant ads.

Where legally required, Enso obtains your consent before placing or using optional cookies.

We encourage you to review the third-party privacy policies for details on their privacy practices with respect to their cookies that may be set on our websites.

How to control cookies

Most modern web browsers automatically accept cookies by default, but also provide options to block or delete them. You can manage cookies by adjusting your browser settings as follow:

Settings > Privacy and services > Clear Browsing data > Cookies and other site data.

As outlined above, optional cookies are placed only with your consent. You may choose to give consent to certain categories of optional cookies or withdraw consent at any time.

If you block cookies, you may not be able to sign in or use some features which depend on cookies, and saved preferences may be lost.

Additional privacy controls that can impact cookies, including the tracking protections feature in Enso browsers, are described in the How to access and control your personal data section of this privacy policy.

Some Enso webpages and communications contain electronic tags known as web beacons (also known as clear GIFs, pixel tags, or single-pixel images) that we use to help deliver cookies on InfoSuite/InfoUniverse platforms, count visitors, determine if your mails were opened and deliver co-branded content or services.

Additionally, Enso may work with other companies to place our web beacons on their websites or advertisements. This helps us to gather aggregated, non-identifying metrics related to your activity on the website of an Enso partner in connection with your use of an InfoSuite/InfoUniverse platform.

In addition to standard cookies and web beacons, InfoSuite/InfoUniverse platforms may also use other data storage technologies to maintain your preferences, improve speed, performance, and track usage patterns by storing certain files locally.

12. Manage your Enso account data

An Enso account allows you to sign into InfoSuite/InfoUniverse platforms, as well as certain partner services. Personal data linked to your Enso account may include your credentials, information about your activities, and your interests.

Using your Enso account provides a personalized and seamless experience across products and devices, enables cloud data storage, facilitates payments, and unlocks other integrated features. There are two types of Enso account:

• Personal Enso Account: Created by you and linked to your personal email address.
• Organisational/Workplace or School Account: When you or your organization create your Enso account tied to your organization email address.

Personal Enso Accounts

The personal data collected and its use depends on how you interact with the account.

Creating your Enso account. When you create a personal Enso account, you will provide certain personal data such as your display name, email address, and phone number, can be used to help others to search you and connect with you within InfoSuite/InfoUniverse platforms.

Note: If you use a work or school email address to create a personal Enso account, your employer or school may access your data. In some cases, you will need to change the email address to a personal email address in order to continue accessing consumer-oriented products.

Signing in to Enso account. Each time you sign in to your personal Enso account, we record the date and time, information about the product you signed in to, your sign-in name, your device identifier, IP address, and your system and browser version.

Staying Signed in. When you sign in to your account, you will stay signed in until you sign out. Staying signed in enables personalization, consistent experiences across all InfoSuite/InfoUniverse platforms and devices, access to synchronised data across devices, payments information.

Using third-party products. When you sign in to a third-party product with your Enso account, data is shared with the third party in accordance with its privacy policy. If you share your profile data, the third party can display your name or user name and your profile picture (if you have added one to your profile) when you are signed in to that third-party product.

Similarly, if you carry out transactions using your Enso account, Enso will pass information such as name, payment instrument details, billing and shipping addresses, and relevant contact information stored in your Enso account to the third party or with the financial intermediaries or payment processors as necessary to process your transaction.

The third party can use or share the data it receives when you sign in or make a purchase according to its own practices and policies. You should carefully review the privacy policy for each product you sign in to and each merchant you purchase from to determine how it will use the data it collects.

Organisational/Workplace or School Accounts.

Many InfoSuite/InfoUniverse platforms are designed for use by organizations, such as NGO's, schools and businesses. If your organization provides you with access to InfoSuite/InfoUniverse platforms, your use of the platforms is subject to your organization's policies, if any.

Data associated with a workplace or school account, is handled similar to the personal Enso account.

When signing in with a work or school account note that:

• The organization owning your email address may manage and administer your account, and access data shared by you, including the contents of your communications and stored files.
• Losing access to your organization account may also revoke access to your Enso account.
• Enso is not responsible for the privacy or security practices of your organization, which may differ from Enso's own.

If your organization is administering your use of InfoSuite/InfoUniverse platforms, please direct your privacy inquiries, including any requests to exercise your data subject rights, to your administrator.

13. Storage and processing of personal data

Typically, the primary storage location for personal data collected by Enso is in the user's region or in India, often with a backup to a data centre. Processing of personal data including usage, access, transfer etc. may take place in your region, in India, or in any other jurisdiction where Enso or its affiliates, subsidiaries, or service providers operate facilities.

We handle all data collected under this Privacy Policy in accordance with its provisions and applicable data protection laws.

We may transfer personal data from the country of origin to other jurisdictions, some of which may not yet be recognized by local data protection authority as having an adequate level of data protection. Such countries may not guarantee you the same rights, or there may not be a privacy supervisory authority capable of addressing data protection complaints.

When we transfer personal data internationally, we implement appropriate legal safeguards and technical measures to ensure the continued protection of your personal data. These safeguards may include:

• Adequacy decisions issued by competent authorities;
• Binding corporate rules adopted by Enso and its affiliates; and
• Standard contractual clauses (SCCs) adopted by the European Commission under Implementing Decision 2021/914, or equivalent instruments under applicable laws.

These measures will ensure your data protection rights and the consistent level of protection to your data, regardless where your data is processed.

14. How we protect your personal data

Enso implements a combination of organizational and technical safeguards to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. Security is embedded into our systems and practices through the principle of privacy-by-design. The measures that we take to protect your data include:

• Information Security Management Program: We maintain a documented and continuously evolving Information Security Management Program aligned with internationally recognized frameworks. This program is periodically reviewed and updated to address emerging threats, regulatory developments, and technological advancements.
• Data Minimization: Where feasible, we apply data-minimization, pseudonymization, and anonymization techniques to limit the volume and identifiability of data we process. Your personal data is never retained or processed beyond the legitimate and declared purposes for which it was collected.
• Employee Training: All Enso employees handling your personal data receive mandatory privacy and security training at onboarding and at regular intervals. They are bound by contractual confidentiality obligations and operate under access-control policies that restrict data use to authorized personnel only.
• Vendor and Processor Oversight: Before engaging third-party processors, we conduct due-diligence assessments covering their data-protection and security practices. Each processor is bound by a written Data Processing Agreement (DPO) requiring compliance with applicable privacy laws, technical safeguards, and our internal security standards. Ongoing monitoring and periodic reassessments are performed to verify continued compliance.
• Data Breach Management & Data Breach Notification: We maintain a breach management plan that defines how potential security incidents are identified, escalated, contained, and resolved. In the event of a confirmed personal data breach, we promptly investigate the incident, assess its scope and impact, implement remedial measures, and, where required by law, notify affected individuals and relevant supervisory authorities within the prescribed timelines.

15. Retention of personal data

Enso retains personal data for as long as necessary to deliver the services and fulfil the transactions you have initiated. We may also retain data for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

Since retention needs depend on the nature of the data, the purpose of processing, and the context of our relationship with you, actual retention periods may differ significantly.

In determining how long to retain personal data, Enso considers several factors including:

• User Consent: Where you have expressly consented to a longer retention period, Enso will retain the data in accordance with your consent.
• User Activity: If users share, create, or store data with the understanding that it will be retained until they actively delete it, Enso retains that data accordingly. For example, document stored in InfoDatabox, or chat message in your InfoConverse chat is retained till you choose to delete it. In some cases, earlier deletion may occur, such as when account storage limits are exceeded.
• User Control: Where user options such as those in the Enso privacy settings allow you to access and delete your personal data at any time, the retention period aligns with these controls. In the absence of such functionality, a shorter retention period will generally apply.
• Sensitivity of Data: Personal data classified as sensitive is typically retained for a shorter duration to minimize risk.
• Legal or Contractual Requirement: Enso may be required to retain or delete data to comply with laws, regulatory mandates, or contractual obligations such as mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data retained for litigation purposes.
• De-Identified Data: In certain cases, Enso processes data in a de-identified form i.e. it cannot be linked to an individual to whom such data may relate without taking additional steps. Where applicable law requires, Enso maintains such data in a de-identified state and does not attempt to re-identify the individual to whom the data relates.

16. Changes to this privacy policy

Enso shall update this privacy policy periodically to reflect greater transparency or in response to:

• feedback from customer, regulators, industry, or other stakeholders.
• changes in our products.
• changes in our data processing activities or policies.

When we post changes to this policy, we will revise the "last updated" date at the top of policy. If there are material changes to the policy, such as a change to the purposes of processing of personal data that is not consistent with the purpose for which it was originally collected, Enso will notify you in advance, either through a prominent on-site notice or direct communication.

We encourage you to regularly review this privacy policy to learn how Enso is protecting your information.

17. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

Data Protection Officer

Email: dpo@ensowebworks.com

Enso Webworks Private Limited, Address: 701 and 705, Dalamal House, Jamnalal Bajaj Marg, Nariman Point, Mumbai, Mumbai, Maharashtra, 400021