Privacy
Privacy notice
How Envene handles the information needed to run access reviews for small and growing teams.
Last updated: June 18, 2026
Information we collect
We collect the information needed to create your workspace, connect the tools you choose, run access reviews, provide support, keep the service secure, and manage billing.
- Account details, such as name, email, login identifiers, team membership, role, permissions, and workspace settings.
- Integration details, such as provider name, connection status, OAuth scopes, app registrations, owners, risk signals, and scan history.
- Review records, such as findings, approvals, comments, reports, audit events, notifications, support messages, feedback, and security logs.
- Billing details handled through Stripe or another payment provider, such as plan, subscription status, invoice metadata, and payment portal activity.
Connected app metadata
Envene is designed to be metadata-first. We focus on access, ownership, OAuth scopes, app registration, sharing settings, and review evidence rather than copying raw business content into Envene.
Some providers may show file names, resource identifiers, permission records, or sharing metadata so your team can understand exposure. You choose which providers to connect, and you can disconnect them from your workspace.
How we use information
We use this information to run the product: dashboards, scans, findings, approvals, reports, notifications, support, billing, security monitoring, abuse prevention, and product improvements.
AI features
If you use Ask Envene, MCP, or remediation guidance, we may process prompts, workspace metadata, findings, policies, reports, and response context to generate summaries or draft guidance.
Please do not put passwords, private keys, or sensitive document contents into free-form prompts unless your company has approved that use.
Sharing
We do not sell personal information. We share information only when needed to operate Envene, protect the service, follow the law, or complete a workflow you started.
- Service providers that help with hosting, databases, security, authentication, email, payments, analytics, AI features, and product operations.
- Connected apps and providers when you authorize Envene to read metadata or send workflow requests.
- Advisers, authorities, or business transaction partners when required or reasonably necessary.
Security and retention
We use team-scoped access controls, encrypted integration credentials, audit logs, limited operational access, and monitoring to help protect customer workspaces. We keep information for as long as needed to provide the service, meet legal obligations, maintain security, and support customer agreements. Team owners can request export, correction, or deletion through support or the contact page.
Your choices
Depending on where you live and your relationship to a workspace, you may be able to request access, correction, deletion, export, objection, restriction, or appeal for certain personal information. We may need to verify your identity and authority before we act.
Changes and questions
We may update this notice as Envene changes. If the update is important, we will take reasonable steps to notify customers. Questions about privacy or data handling can be sent through the contact page.
This page explains the standard Envene product experience in plain language. If your company has a signed agreement with Envene, that agreement may add to or replace parts of this notice.