Privacy Policy

This Privacy Policy ("Policy") describes how Elite Founders & Company LLC ("Company," "we," "us," or "our"), operating under the brand ENTRPRNR AI, collects, uses, stores, shares, and protects information when you access or use our marketing website at entrprnr.ai, the application at app.entrprnr.ai, and all associated tools, agents, APIs, mobile applications, and services (collectively, the "Service").

By accessing or using the Service, creating an account, clicking "Get Started," "Start Free," "Sign Up," or any equivalent button, or by submitting information through the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Service immediately.

This Policy is incorporated into and forms part of our Terms and Conditions. Capitalized terms not defined herein have the meanings assigned to them in our Terms and Conditions.

2.1 Information You Provide Directly

We collect information you voluntarily provide when you register, use the Service, or communicate with us, including but not limited to:

• Account registration data: name, email address, password (hashed), company name, job title, business type, and billing address;
• Payment and billing data: payment method details processed by our third-party payment processor (e.g., Stripe). We do NOT store full credit card numbers, CVVs, or complete payment credentials on our servers;
• Profile and preference data: avatar, communication preferences, notification settings, and timezone;
• CRM and pipeline data: contact names, email addresses, phone numbers, deal information, pipeline stages, notes, and tags you enter into the Client Hub;
• Content and creative assets: text prompts, documents, PDFs, URLs, images, brand guidelines, and other materials you upload to Intelligence, Studio, AI Pages, or AI Proposals;
• Call recordings and transcripts: audio files and call data you upload to Sales Coach for analysis;
• Communications: messages sent through SDR Inbox, AI-suggested replies, outreach sequences, and any correspondence with our support team;
• Proposals and landing pages: content you create, edit, or publish through AI Proposals and AI Pages, including custom domain configurations;
• Feedback and surveys: comments, suggestions, ratings, and responses to surveys or feedback forms.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

• Device information: device type, operating system, browser type and version, screen resolution, device identifiers, and hardware model;
• Usage data: pages visited, features used, actions taken, timestamps, session duration, click patterns, and navigation paths;
• Log data: IP address, access times, referring URLs, error logs, and server logs;
• Performance data: page load times, response times, feature usage frequency, and interaction metrics;
• Location data: approximate geographic location inferred from your IP address (we do not collect precise GPS location);
• Cookie and tracking data: as described in Section 7 below.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Payment processors (e.g., Stripe): transaction confirmations, payment status, and fraud screening data;
• Authentication providers: if you sign in via third-party services (e.g., Google OAuth), we receive your name, email, and profile picture as permitted by your settings;
• Analytics providers: aggregated and de-identified usage data and behavioral insights;
• AI service providers (e.g., OpenAI): metadata related to API calls made on your behalf (not your content);
• Marketing platforms: if you arrive via an advertising campaign, we may receive campaign attribution data.

2.4 AI-Generated and Derived Data

In the course of providing the Service, our AI systems generate derived data based on your inputs, including:

• AI-generated content: landing pages, proposals, email drafts, images, and other outputs created by the Service;
• Analysis outputs: call coaching insights, sentiment scores, objection maps, client health scores, risk alerts, and competitive intelligence summaries;
• Embeddings and indexes: vector representations of your uploaded documents used for RAG-powered retrieval within your account;
• Usage patterns: aggregated, de-identified patterns used to improve AI model accuracy and Service functionality.

3.1 Service Delivery & Operations

We use your information to:

• Create, maintain, and secure your account;
• Provide, operate, and improve the Service and its features;
• Process AI prompts and generate AI Outputs using your inputs;
• Enable CRM, SDR Inbox, Sales Coach, AI Pages, AI Proposals, Intelligence, and Studio features;
• Process payments, manage subscriptions, and send billing-related communications;
• Enforce usage limits and manage plan entitlements;
• Deliver customer support and respond to inquiries.

3.2 Personalization & Improvement

We use your information to:

• Personalize your experience and surface relevant features;
• Train, improve, and fine-tune our proprietary AI models and Entrepreneur Intelligence™ coordination layer using aggregated, de-identified data;
• Conduct analytics and research to improve Service performance, reliability, and user experience;
• Develop new products, features, and services.

3.3 Communications

We use your information to:

• Send transactional emails (account verification, password resets, billing receipts, subscription changes);
• Send product updates, feature announcements, and security alerts;
• Send marketing communications (only with your consent or where permitted by law; you may opt out at any time);
• Respond to your support requests and feedback.

3.4 Safety, Security & Legal Compliance

We use your information to:

• Detect, prevent, and address fraud, abuse, security incidents, and technical issues;
• Enforce our Terms and Conditions, Acceptable Use Policy, and other legal agreements;
• Comply with applicable laws, regulations, legal processes, and governmental requests;
• Protect the rights, property, and safety of the Company, our users, and the public;
• Investigate and resolve disputes, including chargeback and payment disputes;
• Maintain audit logs for compliance and dispute resolution purposes.

Depending on your jurisdiction, we process your personal information on one or more of the following legal bases:

• Contract Performance: Processing necessary to perform our contract with you (e.g., providing the Service, processing payments, managing your account);
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the Service, preventing fraud, ensuring security) where such interests are not overridden by your rights;
• Consent: Processing based on your explicit consent (e.g., marketing communications, optional analytics). You may withdraw consent at any time;
• Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal processes;
• Vital Interests: Processing necessary to protect the vital interests of you or another individual (used only in exceptional circumstances).

5.1 How AI Processes Your Data

The Service uses artificial intelligence and large language models (LLMs) provided by third parties (including OpenAI) and proprietary systems to process your inputs and generate AI Outputs. When you use AI features:

• Your prompts and inputs are transmitted to our servers and, where necessary, to third-party AI providers via encrypted API calls;
• AI providers process your inputs to generate outputs and may retain data as described in their respective privacy policies;
• We implement contractual safeguards with AI providers to limit their use of your data;
• AI Outputs are stored in your account and associated with your user profile for your access and retrieval.

5.3 RAG Knowledge Base

When you upload documents, PDFs, URLs, or other materials to the Intelligence feature, these are processed into vector embeddings stored in your isolated account namespace. This data is used exclusively to enhance AI responses within your account and is not shared with or accessible by other users.

5.5 SDR Inbox & Automated Communications

When you use the SDR Inbox, the Service generates AI-suggested replies and automated follow-up sequences. You are solely responsible for reviewing all communications before sending and for compliance with CAN-SPAM, TCPA, GDPR, and all other applicable anti-spam and electronic communication laws.

6.2 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, subject to contractual obligations of confidentiality and data protection. These include:

• Cloud hosting and infrastructure (e.g., AWS, Vercel);
• Payment processing (e.g., Stripe);
• AI and machine learning providers (e.g., OpenAI);
• Email delivery services;
• Analytics and monitoring platforms;
• Customer support tools;
• Content delivery networks (CDNs).

6.3 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, court order, or governmental request;
• Protect and defend the rights or property of the Company;
• Prevent or investigate possible wrongdoing in connection with the Service;
• Protect the personal safety of users of the Service or the public;
• Protect against legal liability.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar transaction, your information may be transferred as a business asset. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6.6 Aggregated Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you with third parties for industry analysis, benchmarking, research, and marketing.

7.1 Types of Cookies We Use

We use the following categories of cookies and similar tracking technologies:

• Strictly Necessary Cookies: Essential for the Service to function (e.g., authentication, security, session management). These cannot be disabled;
• Performance & Analytics Cookies: Help us understand how visitors interact with the Service, measure performance, and identify areas for improvement;
• Functional Cookies: Enable enhanced functionality and personalization (e.g., remembering your preferences, language, or theme settings);
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. These are only placed with your consent where required by law.

7.2 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages (e.g., analytics providers, advertising networks). These third parties may collect information about your online activities across different websites and services over time.

7.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking certain cookies may impact the functionality of the Service. You can also manage preferences through any cookie consent mechanism we provide on the Service.

7.4 Pixel Tags and Web Beacons

We may use pixel tags (also known as web beacons or clear GIFs) in emails and on the Service to track open rates, click-through rates, and user engagement. These technologies work in conjunction with cookies and may be disabled by disabling cookies.

8.1 Retention Periods

We retain your personal information for as long as necessary to:

• Provide and maintain the Service while your account is active;
• Fulfill the purposes described in this Policy;
• Comply with legal, regulatory, accounting, or reporting obligations;
• Resolve disputes and enforce our agreements;
• Maintain records necessary for fraud prevention and chargeback defense.

8.2 Account Deletion

You may request deletion of your account and associated data by contacting support@entrprnr.ai. Upon verified request, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, chargeback records, tax compliance, or pending disputes).

8.3 Backup and Archival Copies

Residual copies of your information may persist in backup systems for a limited period after deletion. These backups are encrypted and access-controlled, and data therein is not actively processed.

9.1 Security Measures

We implement commercially reasonable technical and organizational measures designed to protect your personal information, including but not limited to:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256 or equivalent);
• Secure password hashing using industry-standard algorithms (bcrypt or Argon2);
• Role-based access controls and the principle of least privilege;
• Regular security assessments and vulnerability scanning;
• Multi-factor authentication support;
• Isolated tenant data architectures for CRM, Knowledge Base, and AI features;
• Automated monitoring for unauthorized access attempts;
• Secure development lifecycle practices.

9.3 Your Security Responsibilities

You are responsible for: (a) maintaining the confidentiality of your account credentials; (b) using a strong, unique password; (c) logging out of shared devices; (d) promptly notifying us at support@entrprnr.ai of any suspected unauthorized access.

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you;
• Right to Rectification: Request correction of inaccurate or incomplete personal information;
• Right to Deletion: Request deletion of your personal information, subject to legal exceptions;
• Right to Data Portability: Request a machine-readable copy of your personal information;
• Right to Restrict Processing: Request that we limit how we use your personal information;
• Right to Object: Object to processing of your personal information for certain purposes;
• Right to Withdraw Consent: Withdraw previously given consent at any time;
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment;
• Right to Opt Out of Sale/Sharing: Opt out of the sale or sharing of your personal information (we do not sell or share your data);
• Right to Opt Out of Automated Decision-Making: Where applicable, opt out of decisions based solely on automated processing that produce legal or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, contact us at privacy@entrprnr.ai or support@entrprnr.ai. We will verify your identity before processing your request. We will respond within the timeframe required by applicable law (typically 30–45 days, with extensions where permitted). You may also designate an authorized agent to submit requests on your behalf.

Appeals

If we decline a request, we will provide a written explanation. You may appeal by contacting privacy@entrprnr.ai. If you are not satisfied with our response, you may lodge a complaint with your applicable data protection authority.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share;
• Right to Delete: You may request deletion of personal information we have collected from you, subject to legal exceptions;
• Right to Correct: You may request correction of inaccurate personal information;
• Right to Opt Out of Sale/Sharing: We do NOT sell or share your personal information as defined under CCPA/CPRA;
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service;
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information as defined by the CCPA: identifiers (name, email, IP address); commercial information (subscription and transaction records); internet or electronic network activity (usage data, browsing history within the Service); geolocation data (approximate, from IP address); professional or employment-related information (company name, job title); and inferences drawn from the above categories.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent local laws, including:

• All rights described in Section 10 above;
• The right to lodge a complaint with your local supervisory authority;
• The right to be informed of the legal basis for processing (see Section 4);
• The right to object to processing based on legitimate interests;
• The right to data portability in a structured, commonly used, machine-readable format.

Data Controller

For purposes of the GDPR, Elite Founders & Company LLC is the data controller for personal information collected through the Service. If you use the CRM, SDR Inbox, or other features to process personal data of your own clients or contacts, you act as the data controller for that data, and we act as a data processor on your behalf.

Data Processing Agreement

If you require a Data Processing Agreement (DPA) for GDPR compliance, contact legal@entrprnr.ai.

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers of personal information from the EEA, UK, or Switzerland to the United States, we rely on: (a) Standard Contractual Clauses (SCCs) approved by the European Commission; (b) other lawful transfer mechanisms as may be available under applicable law; and (c) contractual commitments with our sub-processors to ensure adequate protection.

The Service may contain links to or integrations with third-party websites, applications, or services that are not owned or controlled by the Company. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third-party services.

Key Third-Party Providers

The Service integrates with or relies upon the following categories of third-party providers, each of which has its own privacy policy:

• AI Providers (e.g., OpenAI): for AI content generation, image generation, and natural language processing;
• Payment Processors (e.g., Stripe): for subscription billing and payment processing;
• Cloud Infrastructure (e.g., AWS, Vercel): for hosting, storage, and content delivery;
• Analytics (e.g., Google Analytics, Mixpanel): for Service performance and usage analysis;
• Email Services: for transactional and marketing email delivery;
• Authentication: for secure sign-in and identity verification.

We encourage you to review the privacy policies of any third-party service before providing personal information or enabling integrations.

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no universally accepted standard for how companies should respond to DNT signals. We currently do not respond to DNT signals but may update this practice as standards evolve.

We honor Global Privacy Control (GPC) signals where required by applicable law (e.g., California, Colorado, Connecticut). When we detect a GPC signal, we will treat it as a valid opt-out of sale/sharing of personal information under applicable state privacy laws.

In the event of a data breach that affects your personal information, we will:

• Promptly investigate and take steps to mitigate the breach;
• Notify affected individuals as required by applicable law, including providing details about the nature of the breach, categories of data affected, and steps you can take to protect yourself;
• Notify relevant supervisory authorities as required by GDPR (within 72 hours where feasible) and other applicable breach notification laws;
• Document the breach and our response for accountability purposes.

18.1 Informal Resolution

Before initiating any formal dispute related to this Privacy Policy, you agree to contact us at legal@entrprnr.ai and attempt to resolve the dispute informally for at least thirty (30) days.

18.2 Binding Arbitration

If informal resolution fails, any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the collection, use, storage, or disclosure of your personal information shall be resolved exclusively by binding individual arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules. The arbitration shall be conducted in the State of Delaware. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

18.3 Exceptions

Either party may seek emergency injunctive or equitable relief from a court of competent jurisdiction to prevent irreparable harm pending the outcome of arbitration. Nothing in this section prevents you from filing a complaint with a data protection authority regarding the processing of your personal information.

Mass Action Waiver

You agree not to join or coordinate with other individuals to bring privacy-related claims in a coordinated, consolidated, or mass action. Each individual's claims must be brought and resolved on an individual basis.

Severability of Waiver

If the class action waiver or any part of this dispute resolution section is found to be unenforceable, the remainder of this section shall still apply, and any claim that cannot be arbitrated individually shall be litigated in the state or federal courts of Delaware.

The limitations set forth in this section apply regardless of the legal theory on which the claim is based, whether warranty, contract, tort (including negligence), strict liability, or any other basis, and whether or not the Company has been advised of the possibility of such damages. Some jurisdictions do not allow the limitation or exclusion of certain damages. In such jurisdictions, our liability is limited to the greatest extent permitted by law.

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will: (a) update the "Last Updated" date at the top of this Policy; (b) provide notice through the Service or via email to the address associated with your account; and (c) where required by law, obtain your consent before implementing changes that materially affect our processing of your personal information.

Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the revised terms. If you do not agree to the updated Policy, you must discontinue use of the Service and request account deletion.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@entrprnr.ai
• Legal Department: legal@entrprnr.ai
• General Support: support@entrprnr.ai
• Company: Elite Founders & Company LLC
• Website: https://entrprnr.ai

For data protection inquiries from the EEA, UK, or Switzerland, you may also contact your local supervisory authority.

Response Times

We aim to respond to all privacy-related inquiries within 30 days. For requests under GDPR, we will respond within 30 days (with a possible 60-day extension for complex requests). For requests under CCPA/CPRA, we will respond within 45 days (with a possible 45-day extension).