Last Updated: 19-Dec-2025
This Privacy Policy (the "Policy") explains what happens to any personal data that you provide to us ("ENFOS, Inc." or "ENFOS"), or that we collect from you while you visit www.ENFOS.com. This Policy may be updated from time to time. This Privacy Policy is developed in accordance with SOC 1, and SOC 2 Trust Services Criteria for Security, Confidentiality, and Privacy.
We may collect and process the following data about you:
Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer to assist us in improving our website. We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer's hard drive. We do not use such information to identify you personally.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done by activating the "reject cookies" setting on your browser. Note that if you clear your cookies, or if you change computers or web browsers, you may need to perform the opt-out procedure again.
We use the information that we collect from you to provide our services to you. In addition to this, we may use the information for one or more of the following purposes:
We operate internationally and many of our computer systems are currently based in the United States. As a result, your personal data will be processed by us in the United States where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. If you create a user account with us, you agree to this Privacy Policy and you consent to the transfer of all information you provide to us in the United States.
We maintain administrative, technical, and physical safeguards aligned with ISO/IEC 27001 and SOC 2 frameworks to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Unfortunately, the sending of information via the internet is not completely secure, and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send to us electronically, and sending such information is entirely at your own risk.
ENFOS complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (collectively the "DPF"). We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:
If we ever engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we will provide you with an opt-out choice to limit the use and disclosure of your personal data.
On occasion, we include links to third-party websites. When we provide a link, it does not mean that we endorse or approve that site's privacy policy. You should review their privacy policy before sending them any personal data.
ENFOS complies with industry standards for data retention and deletion. Upon written request, or following termination of customer agreements, ENFOS will remove data from live systems within an agreed timeframe. Data stored in replicas, backups, and snapshots is automatically phased out in accordance with defined retention policies and lifecycle expiration schedules ENFOS acknowledges that EU, UK, and Swiss individuals have the right to access, correct, or delete personal information we maintain about them. Requests should be sent to privacy@enfos.com, and we will respond within a reasonable timeframe.
ENFOS complies with ISO 27701 Privacy Information Management standards and the SOC 2 Privacy Trust Services Criteria in maintaining data subject rights.
ENFOS complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. ENFOS has certified adherence to these frameworks regarding the processing of personal data received from the EU, UK, and Switzerland. If there is any conflict between this policy and the DPF Principles, the Principles shall govern. To learn more about the DPF Program, please visit https://www.dataprivacyframework.gov/.
In compliance with the DPF Principles, ENFOS commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact ENFOS at privacy@enfos.com.
If you do not receive timely acknowledgment of your complaint, please contact the independent dispute resolution mechanism, Data Privacy Framework Services (operated by BBB National Programs), via https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers. This service is provided free of charge. Under certain conditions, you may invoke binding arbitration for unresolved claims.
ENFOS, Inc. maintains compliance with ISO/IEC 27001, ISO/IEC 27701, SOC 1 Type II, and SOC 2 Type II frameworks. These standards ensure the integrity, confidentiality, availability, and privacy of personal information handled by ENFOS. Periodic audits and assessments are performed to verify compliance and to continuously improve our controls.
The IT and Security Teams shall review and validate the accuracy of the asset inventory at least annually or upon major changes to infrastructure. The Data Protection Officer (DPO) shall ensure that physical and logical asset inventories are consistent and aligned with information security controls. Any discrepancies or unauthorized devices identified during audits shall be investigated and remediated immediately.
Requests for exceptions to this policy must be submitted to the Chief Technology Officer for review and approval.
Any known violations of this policy must be reported to the Chief Technology Officer. Violations can result in immediate suspension of system and network privileges, disciplinary action, or termination of employment, depending on severity and intent.