Privacy
Privacy Policy
Last updated: May 29, 2026
Ensii, LLC ("Ensii," "we," "us," or "our") provides Vaulte, a software platform for independent professionals and the organizations that host or work with them. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use our websites, applications, documentation, communications, and related services.
This Privacy Policy applies to the Ensii public website, Vaulte websites and applications, Vaulte product documentation, contact forms, support requests, early-access requests, business inquiries, Vaulte accounts, professional workspaces, organization accounts, scheduling, checkout, customer-management, inventory, reporting, professional-network, affiliation, and related product features.
This Privacy Policy does not replace any written agreement between Ensii and a customer, professional, organization, vendor, contractor, or partner. If a written agreement applies and conflicts with this Privacy Policy, that agreement controls to the extent of the conflict.
1. Who we are
Ensii, LLC is the company that builds and operates Vaulte.
Vaulte is designed to help independent professionals manage their business records, including customers, services, appointments, availability, transactions, inventory, professional profiles, and host-business relationships.
For privacy questions or requests, contact us at contact@ensii.co.
We do not publish a physical mailing address on the public website because Ensii is currently registered at a personal residence. If a legally required mailing address is needed for a formal notice, request, or legal process, contact us by email and we will provide the appropriate notice method.
2. Our role
Ensii may act in different privacy roles depending on the context.
When Ensii collects information directly from website visitors, account holders, prospective users, support contacts, or product users for Ensii's own business purposes, Ensii generally acts as the controller or business for that information.
When a professional workspace, organization, or other customer uses Vaulte to store or process information about its own customers, clients, staff, contractors, business contacts, or service recipients, that professional or organization is generally responsible for deciding why and how that information is used. In that context, Ensii generally acts as a processor or service provider that processes information on behalf of the professional or organization.
If you are a customer or client of a professional or organization that uses Vaulte, the professional or organization may be responsible for responding to certain privacy requests involving your customer record, appointment history, service notes, transaction records, or other information stored in that workspace.
Ensii may still process some information for its own legitimate business purposes, such as account administration, platform security, fraud prevention, billing, legal compliance, service improvement, support, and enforcement of agreements.
3. Personal information we collect
The information we collect depends on how you interact with Ensii or Vaulte.
3.1 Information you provide directly
We may collect information you choose to provide, including name, email address, phone number, business name, organization name, role or title, account information, contact-form messages, support requests, product feedback, early-access or waitlist submissions, uploaded files, images, documents, notes, records, and other information you submit to us.
3.2 Account and authentication information
Vaulte uses Microsoft Entra for identity and authentication. Microsoft Entra helps verify identities, authenticate users, enforce access policies, and protect access to applications and resources.
When you create or use an account, we may collect or process account identifiers, authentication identifiers, email address, login status, session information, role and permission information, workspace identifiers, organization identifiers, security and access logs, account status, and audit-log information.
Microsoft may process certain authentication, administrator, security, diagnostic, or service data under Microsoft's own privacy terms and applicable enterprise cloud service terms.
3.3 Professional workspace information
If you use Vaulte as an independent professional, we may collect and process information related to your professional workspace, including business profile, public professional identity, services or offerings, pricing, availability, calendar settings, scheduling preferences, customer or client records, appointment history, service notes, portfolio content, uploaded images or files, professional certifications if you choose to provide them, business location preferences, marketplace or professional-network profile details, communication preferences, and reporting or analytics records generated inside Vaulte.
Professional certifications are optional unless a specific product workflow, organization rule, or legal requirement makes them necessary for a particular use case.
3.4 Organization and host-business information
If you create or manage an organization, host business, location, or administrative account, we may collect and process organization profile, location information, business contact information, business identification numbers, tax or registration identifiers used to identify the business, location records, capacity or workspace-unit records, staff, owner, manager, or administrator information, host policies, professional affiliation records, marketplace or network listings, operational notes, revenue-share, rent, or relationship terms entered into the system, organization communications, and workflow history.
Business identification numbers are collected to support organization setup, administration, verification, tax, accounting, compliance, or payment-related workflows. Users should not submit Social Security numbers or personal government IDs unless a future workflow clearly requests them and provides specific notice.
3.5 Customer, client, and appointment information
Vaulte may allow professionals and organizations to store information about their customers or clients, including name, contact details, appointment details, service history, notes entered by the professional or organization, preferences, transaction history, product purchases, communications, images or records uploaded by the professional, organization, or customer, and other information needed to provide services.
Professionals and organizations are responsible for entering and using customer/client information lawfully and for obtaining any required permissions.
Vaulte is not designed to collect protected health information, medical records, biometric information, or health-related notes. Users must not enter health information, medical records, or protected health information into Vaulte unless Ensii has expressly agreed in writing to support that use case.
3.6 Scheduling, calendar, and availability information
We may collect and process calendar availability, appointment dates and times, service duration, booking status, cancellations, no-show records, calendar settings, time zone, location context, blocked time, scheduling rules, and appointment-related communications.
3.7 Payment, checkout, and financial information
Vaulte uses Stripe as its current payment processor.
When Vaulte supports checkout, payment, transaction, payout, or financial-record workflows, we may collect or receive transaction amounts, payment status, discounts, taxes, fees, adjustments, transaction notes, product or service line items, refund information, payout or settlement metadata, Stripe transaction identifiers, Stripe account identifiers, ledger or accounting records, invoices, receipts, and payment confirmations.
Stripe may collect and process payment information, payment method details, transaction data, fraud-prevention data, payout information, and related financial data under Stripe's own privacy policy and contractual terms. Ensii generally does not need to store full payment card numbers in Vaulte.
3.8 Inventory and product information
If you use inventory or retail features, we may collect and process product names, product identifiers, stock levels, inventory movement history, retail sales, adjustments, transfers, product costs or prices, supplier or vendor references if entered by users, and inventory notes.
3.9 Marketplace, professional-network, and affiliation information
If Vaulte includes discovery, marketplace, network, or affiliation features, we may collect and process public professional profiles, public organization or location profiles, capacity listings, professional availability listings, specialties, service categories, relative geography or preferred work areas, introductory messages, interest records, message threads, contact-release status, affiliation drafts, affiliation terms and history, trust or verification signals, and listing metrics.
Some information may be visible to other users if you publish it, share it, send it, or use marketplace, network, or affiliation features.
3.10 Communications
We may collect and process communications with Ensii or through Vaulte, including emails, contact-form submissions, support requests, product feedback, in-app messages, marketplace or interest-thread messages, notification preferences, and transactional communications.
3.11 Mobile messaging and SMS notices
If you provide a mobile telephone number and consent to receive text messages from Ensii or Vaulte, we may use that number to send account, authentication, scheduling, transactional, service, support, administrative, and other product-related messages.
Message frequency varies based on your use of Vaulte, your account activity, your notification settings, and the workflows you participate in. For example, messages may be sent in connection with account access, appointment scheduling, reminders, confirmations, cancellations, customer communications, security notices, support requests, or other service-related events.
Message and data rates may apply. Where supported, you may reply STOP to opt out of further text messages and HELP for help.
We do not sell, rent, or share mobile telephone numbers, SMS opt-in data, or SMS consent records with third parties for their marketing or promotional purposes. We may share mobile telephone numbers and related messaging data with service providers, telecommunications carriers, messaging providers, or other vendors only as needed to deliver and operate the messaging service, maintain security, prevent abuse, comply with law, or protect rights.
3.12 Relative geolocation and technical information
We may collect relative geolocation information, such as city, region, state, approximate location, or location inferred from IP address or user-entered business/location data.
We do not intentionally collect precise GPS location unless a future feature specifically requests it and provides additional notice.
We may also collect technical information such as IP address, browser type, device type, operating system, referring pages, pages viewed, feature usage, session events, date and time of access, error logs, performance logs, security logs, approximate location inferred from IP address, and cookies or similar identifiers needed to operate the service.
3.13 Cookies and similar technologies
We may use cookies, local storage, or similar technologies to keep users signed in, remember preferences, secure the service, maintain sessions, debug errors, improve performance, prevent fraud or abuse, and support core product functionality.
We do not currently use third-party advertising, retargeting, or third-party analytics providers.
If we add third-party analytics, advertising, retargeting, or session-recording tools later, we will update this Privacy Policy before deployment where required.
3.14 Sensitive information
We do not intentionally collect government IDs, biometric data, health-related notes, protected health information, or precise GPS location.
We may collect professional certifications if a user chooses to provide them, business identification numbers when a user creates or manages an organization, payment and transaction data through Stripe-powered workflows, and relative geolocation such as approximate region, city, state, service area, or IP-derived location.
Users should avoid entering unnecessary sensitive information into Vaulte.
4. Sources of personal information
We may collect personal information from you directly, your account or workspace activity, professionals or organizations that use Vaulte, customers or clients interacting with Vaulte workflows, Stripe, Microsoft Entra, hosting and infrastructure providers, email or notification providers, support communications, public sources where permitted, and other users who interact with you through marketplace, network, scheduling, checkout, or affiliation features.
5. How we use personal information
We may use personal information to provide, operate, and maintain Vaulte; create and manage accounts; authenticate users through Microsoft Entra; manage workspaces, organizations, roles, and permissions; provide scheduling, calendar, appointment, customer, service, checkout, inventory, reporting, marketplace, and affiliation features; process transactions and maintain financial records through Stripe-supported workflows; send transactional notifications; respond to support requests; communicate about product updates, security issues, administrative matters, and account activity; improve and debug the service; analyze product usage using first-party operational records; prevent fraud, abuse, unauthorized access, and security incidents; enforce agreements and policies; comply with legal obligations; maintain business records; evaluate partnerships, early access, and business inquiries; and protect the rights, safety, and property of Ensii, users, customers, and others.
6. Legal bases for processing
Where a legal basis is required, we may process personal information based on contract, legitimate interests, consent, legal obligation, or protection of rights and safety.
Contract processing includes processing needed to provide Vaulte or perform an agreement. Legitimate-interest processing includes processing needed to operate, secure, improve, support, and administer Vaulte. Consent-based processing applies where we ask for permission for a specific use. Legal-obligation processing includes processing needed to comply with tax, accounting, payment, security, regulatory, or legal requirements.
7. How we disclose personal information
We may disclose personal information to the categories of recipients described below.
7.1 Service providers
We may share information with vendors that help us operate Vaulte, such as cloud hosting providers, database and storage providers, Microsoft Entra for identity and authentication, Stripe for payment processing, payouts, fraud prevention, and transaction workflows, email and notification providers, support tools, security tools, error, performance, and infrastructure monitoring tools, and professional services providers.
We do not maintain a separate public subprocessors page at this time. If a customer agreement requires a subprocessors list, we may provide it through the applicable agreement, support channel, or account process.
7.2 Professionals, organizations, and other Vaulte users
We may disclose information between Vaulte users when needed for product functionality. For example, a customer may see appointment, service, receipt, or checkout information; a professional may see customer records in the professional's workspace; an organization may see affiliation, location, capacity, or host-relationship information; a professional and organization may exchange marketplace, network, or affiliation messages; and published marketplace or professional-network listings may be visible to other users.
Visibility depends on product settings, roles, permissions, published content, and applicable product rules.
7.3 Stripe and financial providers
Stripe, banks, card networks, fraud-prevention services, payout providers, and related financial infrastructure providers may receive information needed to process payments, facilitate payouts, verify accounts, prevent fraud, resolve disputes, handle refunds or chargebacks, and comply with financial, tax, legal, or regulatory requirements.
7.4 Microsoft Entra
Microsoft Entra may receive or process information needed to authenticate users, manage identity and access, enforce security policies, support login and account access, detect or prevent unauthorized access, and maintain security and operational logs.
Microsoft's processing is governed by Microsoft's applicable privacy, cloud service, and contractual terms.
7.5 Messaging providers and mobile carriers
We may disclose mobile telephone numbers and related messaging data to service providers, telecommunications carriers, messaging providers, and similar vendors only as needed to deliver, route, operate, secure, support, and improve text messaging features, prevent abuse, comply with law, or protect rights. We do not authorize those parties to use mobile telephone numbers, SMS opt-in data, or SMS consent records for their own marketing or promotional purposes.
7.6 Legal, compliance, and safety disclosures
We may disclose information if we believe it is reasonably necessary to comply with law, regulation, subpoena, court order, or legal process; respond to lawful government requests; enforce our agreements; protect against fraud, abuse, or security threats; protect the rights, property, or safety of Ensii, users, customers, or others; investigate potential policy violations; or establish, exercise, or defend legal claims.
7.7 Business transfers
If Ensii is involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, personal information may be disclosed or transferred as part of that transaction, subject to appropriate protections.
7.8 With consent or direction
We may disclose information when you direct us to do so or give us permission.
8. Sale, sharing, advertising, and analytics
We do not sell personal information.
We do not currently use third-party advertising or retargeting tools.
We do not currently use third-party analytics providers.
We do not currently share personal information for cross-context behavioral advertising.
We do not sell, rent, or share mobile telephone numbers, SMS opt-in data, or SMS consent records with third parties for their marketing or promotional purposes.
If we later use advertising, retargeting, session-recording, or third-party analytics tools that qualify as a sale, sharing, targeted advertising, or profiling under applicable law, we will update this Privacy Policy and provide required choices before deployment where required.
9. Artificial intelligence and automated processing
Vaulte may include automation or internal logic that supports product functionality, security, workflow routing, reporting, categorization, recommendations, or support.
We do not use customer workspace content to train public artificial intelligence models.
We do not intend for automated systems to make legally or similarly significant decisions about users without appropriate human review, notice, and safeguards.
If we add AI features that materially affect user rights, eligibility, ranking, access, pricing, or professional opportunity visibility, we will update this Privacy Policy as appropriate before deployment.
10. Data retention
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide Vaulte, maintain accounts and workspaces, preserve business records, complete transactions, maintain audit logs, comply with accounting, tax, payment, legal, or regulatory obligations, resolve disputes, enforce agreements, protect security, and prevent fraud or abuse.
Retention periods vary depending on the type of information and the context.
Account records may be retained while the account is active and for a reasonable period afterward. Transaction, payout, tax, accounting, and ledger records may be retained longer because of legal, financial, dispute, fraud-prevention, or accounting obligations. Support communications may be retained for quality, security, and dispute-resolution purposes. Backups may persist for a limited period after deletion from active systems. Published marketplace or network content may remain visible until removed, paused, unpublished, archived, or deleted according to product rules.
When information is no longer needed, we may delete, de-identify, or aggregate it.
11. Security
We use administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure.
These safeguards may include access controls, authentication controls, Microsoft Entra identity and access controls, encryption in transit, logging and monitoring, infrastructure security controls, role-based permissions, vendor review, backup and recovery processes, and security incident response practices.
No system is perfectly secure. Users are responsible for protecting their account credentials, using secure devices, and promptly notifying us of suspected unauthorized access.
12. User responsibilities
Users are responsible for the information they enter into Vaulte and for using Vaulte lawfully.
Professionals and organizations should provide required privacy notices to their own customers, clients, staff, contractors, or business contacts; obtain required permissions or consents; enter only information they are authorized to process; avoid entering unnecessary sensitive information; avoid entering protected health information, biometric data, personal government IDs, or medical records; use role permissions carefully; keep account credentials secure; and comply with applicable laws, industry obligations, and customer agreements.
Professionals and organizations are also responsible for complying with any local, state, federal, industry, licensing, tax, or professional rules that apply to their use of Vaulte.
13. Minor's privacy
Vaulte is not intended for minors under 16, and we do not knowingly collect personal information directly from minors under 16.
If you believe a minor has provided personal information directly to us without appropriate consent, contact us at contact@ensii.co.
Professionals or organizations using Vaulte should not enter information about minors unless they have lawful authority to do so and the information is necessary for their business purpose.
14. United States focus and international users
Vaulte is intended for use in the United States at launch.
We do not actively market Vaulte for use outside the United States, but we do not block access from every non-U.S. location.
If you access or use Vaulte from outside the United States, you understand that Vaulte is operated from the United States; your information will be processed in the United States; U.S. privacy and data-protection laws may differ from the laws in your location; you are responsible for determining whether your use of Vaulte complies with laws that apply to you, your business, your customers, and your location; and Ensii may restrict, suspend, or decline to support use in jurisdictions where Vaulte is not designed, approved, or legally supported.
Nothing in this section limits rights you may have under applicable law.
15. Your privacy choices
Depending on your location and relationship with us, you may have rights to access personal information, correct inaccurate personal information, delete personal information, receive a copy of personal information, restrict or object to processing, withdraw consent, opt out of certain processing such as sale, sharing, targeted advertising, or certain profiling, appeal a denied privacy request, or lodge a complaint with a regulator.
Some rights may be limited by law, security requirements, identity verification, our obligations to other users, or our need to maintain transaction, tax, accounting, security, legal, or business records.
To make a request, contact us at contact@ensii.co.
We may need to verify your identity before completing a request. If your request relates to information controlled by a professional or organization using Vaulte, we may direct you to that professional or organization.
16. U.S. state privacy rights
Some U.S. state privacy laws provide residents with specific rights regarding personal information. Depending on where you live and whether the relevant law applies to Ensii, you may have rights to know, access, correct, delete, obtain a portable copy, opt out of certain processing, or appeal a decision.
We do not discriminate against users for exercising privacy rights.
If we deny a request, you may appeal by replying to our decision email or contacting us at contact@ensii.co with the subject line "Privacy Appeal."
16.1 California notice
If the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to Ensii, California residents may have additional rights.
The categories of personal information we may collect are described in Section 3 above. These may include identifiers, commercial information, internet or electronic network activity information, approximate geolocation information, professional or employment-related information, financial and transaction-related information, user-generated content, business identification information, professional certification information if provided, and sensitive personal information only where entered by users or required for a supported workflow.
We collect and use these categories for the purposes described in Sections 5 and 6. We disclose personal information to the categories of recipients described in Section 7. We do not knowingly sell or share personal information of users under 16. We do not use sensitive personal information for purposes that would require a separate right to limit use unless we provide the required notice and choice.
16.2 Colorado and similar state notices
Where applicable, residents of Colorado and similar states may have the right to opt out of targeted advertising, sale of personal data, or certain profiling.
We do not currently sell personal information, use third-party targeted advertising, or use third-party advertising/retargeting tools.
If we engage in those activities later, we will provide the required opt-out method.
17. European Economic Area, United Kingdom, Switzerland, and other non-U.S. locations
Vaulte is currently focused on the United States.
If you are located outside the United States and choose to use Vaulte, you are responsible for determining whether Vaulte is appropriate for your location and whether your use complies with applicable local, regional, national, industry, licensing, tax, consumer-protection, employment, contractor, and privacy laws.
If the laws of your location require a local privacy representative, data-processing agreement, data-transfer mechanism, special consent, regulatory filing, or other compliance step that Ensii has not expressly agreed to in writing, you should not use Vaulte for that regulated purpose.
Where applicable law gives you data-protection rights, you may contact us at contact@ensii.co.
18. Do Not Track and universal opt-out signals
Some browsers offer "Do Not Track" signals. There is not currently a uniform industry standard for responding to those signals. We do not currently respond to browser Do Not Track signals.
Where legally required and technically feasible, we will honor recognized universal opt-out mechanisms that apply to our services.
Because we do not currently use third-party advertising, retargeting, or third-party analytics providers, these signals may not materially change the way our current public website operates.
19. Third-party links and services
Our websites and services may link to third-party websites, applications, payment processors, identity providers, document-signing services, calendar tools, or other integrations.
Examples include Microsoft Entra and Stripe.
We are not responsible for the privacy practices of third parties. Their privacy policies and terms apply to their services.
20. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will update the "Last updated" date and may provide additional notice, such as through the website, application, email, or account notice.
Your continued use of Vaulte after an updated Privacy Policy becomes effective means you acknowledge the updated policy.
21. Contact us
Questions or privacy requests may be sent to Ensii, LLC at contact@ensii.co.