EEngagement Verse
Sign inGet Started
Legal

Privacy Policy

Last updated: 5 May 2026

This Privacy Policy describes how Engagement Verse collects, uses, and shares information when you use our platform. We aim to be precise about what we keep, why we keep it, and how to get it back.

1. Information we collect

We collect three categories of information:

  • Account information. Name, email, phone number, password (hashed), company name, role, primary therapeutic area.
  • Workspace data. HCP contacts, leads, voice scripts, email templates, call transcripts, AI insights, segments, master data, media uploads, audit log entries.
  • Operational telemetry. Request logs (method, path, response status, latency, request ID), authentication events, error traces. Used solely for reliability and security investigations.

2. How we use it

  • To provide the Service — store templates, dispatch calls, render dashboards.
  • To send transactional notifications (sign-up OTP, password reset, billing).
  • To enforce compliance (DNC checks, MLR rule evaluation, audit trail).
  • To improve product reliability through aggregated, de-identified analytics.

3. AI processing

When you use the AI assistant, your brief and any drug / therapeutic area context is sent to our AI provider (currently Anthropic) for generation. Generated drafts are returned to you for review and are only persisted when you explicitly save them. We do not use your AI prompts to train third-party models.

4. Tenant isolation

Each customer is a separate tenant. Workspace data is scoped to a company at the database level — cross-company reads are rejected even if a record identifier leaks. We never share workspace data between customers.

5. Sub-processors

We use a small set of sub-processors to operate the Service:

  • AWS — application hosting, database, object storage
  • Twilio + ElevenLabs — outbound voice and TTS
  • Anthropic — AI authoring features
  • Email provider (SES / Postmark) — transactional emails

Each sub-processor is bound by a data-processing agreement. Updates to this list are announced at least 30 days before they take effect.

6. Data retention

Workspace data is retained for the lifetime of the account. Closed accounts are deleted within 30 days of termination unless you request an export beforehand. Operational logs are retained for 90 days.

7. Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.) you may have the right to access, correct, export, or delete your personal data. Email privacy@engagementverse.example.comand we will respond within 30 days.

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Passwords are hashed with bcrypt. JWTs are short-lived and signed. Access to production is gated by SSO + 2FA.

9. Children

The Service is not directed at children under 16 and we do not knowingly collect their personal information.

10. Contact

Privacy questions go to privacy@engagementverse.example.com. For security disclosures, use security@engagementverse.example.com.