• Businesses
  • Connect
  • About
    • Start free
    Sign in

    Enfinity Privacy Policy

    Effective Date: April 29, 2026Β  Β·Β  Last Updated: April 29, 2026

    Enfinity

    enfinity.com Β· enfinipay (Project ID)

    Privacy Policy

    Effective Date: April 29, 2026Β  Β·Β  Last Updated: May 8, 2026

    CONTENTS

    Information we collect

    Google OAuth 2.0 & account access

    YouTube API services

    Google Analytics

    How we use your information

    Data sharing & disclosure

    Data retention

    Your rights & choices

    Cookies & tracking

    Data protection mechanisms for sensitive data

    Children's privacy

    Changes to this policy

    Contact us


    Enfinity ("we," "our," or "us") operates enfinity.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services, including features powered by Google APIs. Please read this policy carefully. By using the site, you agree to the practices described here.


    1. Information we collect


    We may collect the following categories of personal information:


    Account information β€” name, email address, and profile picture provided when you sign in with Google.

    Usage data β€” pages visited, time spent on pages, click paths, browser type, operating system, IP address, and referring URLs.

    Device data β€” device identifiers, screen resolution, language preferences.

    Communications β€” messages or inquiries you send to us directly.

    Google API data β€” data accessed via Google OAuth 2.0 and YouTube API Services, as described in Sections 2 and 3 below.

    2. Google OAuth 2.0 & account access

    Our use of Google OAuth 2.0 is governed by Google's Terms of Service and Privacy Policy. We comply with the Google API Services User Data Policy, including the Limited Use requirements.


    We use Google OAuth 2.0 to allow you to sign in to Enfinity using your Google account. When you authenticate via Google, we request only the scopes necessary to provide our services. Depending on the features you use, this may include:


    Basic profile (openid, email, profile) β€” to identify you and personalize your experience.

    Google Analytics scopes (e.g., analytics.readonly) β€” to display your Analytics data within our dashboard.

    YouTube scopes β€” see Section 3.


    Limited Use policy compliance. Data obtained through Google OAuth is used solely to provide and improve our services to you. We do not:


    Use Google-sourced data to serve advertising.

    Sell or transfer Google-sourced data to third parties, except as necessary to provide our services and only with your consent or as required by law.

    Allow humans to read your Google data unless you explicitly grant permission, it is necessary for security purposes, or we are required to do so by law.

    Use Google-sourced data for any purpose unrelated to providing our service to you.


    You may revoke Enfinity's access to your Google account at any time by visiting your Google Account permissions page.


    3. YouTube API services

    Enfinity uses the YouTube API Services. By using features that interact with YouTube, you additionally agree to YouTube's Terms of Service and acknowledge Google's Privacy Policy.


    Where Enfinity integrates with YouTube, we may request the following scopes on your behalf:


    youtube.readonly β€” to read your YouTube channel data, video metadata, and analytics.

    yt-analytics.readonly β€” to retrieve YouTube Analytics reports for your channel.

    yt-analytics-monetary.readonly β€” to retrieve revenue and monetization data if you choose to connect this feature.


    YouTube data obtained through the API is not shared with third parties for advertising or any purpose unrelated to your use of Enfinity. We retain YouTube API data only as long as necessary to provide the requested feature. You can revoke access at any time via Google security settings.


    4. Google Analytics


    Enfinity uses Google Analytics (including Google Analytics 4) to understand how visitors interact with our website. We have enabled IP anonymization so that your full IP address is not stored. You can opt out via the Google Analytics Opt-out Browser Add-on.


    5. How we use your information

    Provide, operate, and improve Enfinity and its features.

    Authenticate your identity via Google OAuth 2.0 and manage your account.

    Display your Google Analytics and YouTube data within your Enfinity dashboard.

    Analyze usage trends and improve our services.

    Communicate with you about updates, support, or changes to our services.

    Detect, investigate, and prevent fraudulent or unauthorized activity.

    Comply with legal obligations.

    6. Data sharing & disclosure


    We do not sell your personal information. We may share your data only in these limited circumstances:


    Service providers β€” trusted vendors who process data on our behalf under strict confidentiality agreements.

    Legal requirements β€” if required by law, court order, or governmental authority.

    Business transfers β€” in connection with a merger, acquisition, or sale of assets, with notice to you.

    With your consent β€” for any other purpose with your explicit permission.


    Data obtained through Google APIs (including YouTube API Services) is never shared with third parties for advertising, profiling, or any purpose beyond providing Enfinity's core services to you.


    7. Data retention


    We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal or compliance purposes. Cached API responses from Google and YouTube are purged within 24 hours unless you have explicitly saved that data within the platform.


    8. Your rights & choices


    Depending on your location, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to withdraw consent at any time. To exercise any of these rights, contact us at privacy@enfinity.com. You may also revoke Google API access at any time via Google Account permissions.


    9. Cookies & tracking technologies


    We use essential cookies for site functionality and authentication, analytics cookies set by Google Analytics, and preference cookies to remember your settings. You can control cookies through your browser settings. We do not use third-party advertising cookies or cross-site tracking for ad targeting.


    10. Data protection mechanisms for sensitive data


    We take the security and protection of sensitive data seriously. The following technical, administrative, and organizational measures are in place to safeguard personal information β€” including data obtained through Google OAuth 2.0 and YouTube API Services β€” against unauthorized access, disclosure, alteration, or destruction.


    10.1 Encryption


    Encryption in transit: All data transmitted between your browser and our servers is protected using TLS 1.2 or higher (HTTPS). API communications with Google services are conducted exclusively over encrypted HTTPS connections.

    Encryption at rest: Sensitive data stored on our servers β€” including OAuth tokens, user credentials, and personal account information β€” is encrypted at rest using AES-256 encryption.

    OAuth token security: Google OAuth 2.0 access tokens and refresh tokens are stored in encrypted form. Tokens are never logged, exposed in URLs, or transmitted in plaintext.


    10.2 Access controls


    Least privilege: We request only the minimum OAuth scopes required for specific features. Employees and systems access only the data necessary to perform their designated functions.

    Role-based access control (RBAC): Internal access to databases and systems containing personal data is restricted by role. Access is granted only to authorized personnel with a legitimate business need.

    Multi-factor authentication (MFA): Administrative access to our infrastructure requires multi-factor authentication.

    Audit logging: Access to systems containing sensitive data is logged and monitored. Logs are retained for a minimum of 90 days and reviewed periodically for anomalies.


    10.3 Data minimization & scope limitation


    We collect only the data necessary to provide the features you actively use.

    Google API scopes are requested incrementally β€” only when a user activates a specific feature β€” rather than requesting broad permissions upfront.

    Google-sourced data is never used for secondary purposes such as advertising, profiling, or sale to third parties, consistent with Google's API Services User Data Policy Limited Use requirements.


    10.4 Secure development practices


    Our engineering team follows OWASP secure coding guidelines.

    Dependencies and libraries are regularly audited and updated to address known vulnerabilities.

    Code changes undergo peer review before deployment to production.


    10.5 Infrastructure security


    Our services are hosted on industry-standard cloud infrastructure with SOC 2-compliant providers.

    Firewalls, intrusion detection, and DDoS protection are in place to safeguard our systems.

    We perform regular security assessments and vulnerability scans of our infrastructure.


    10.6 Incident response


    We maintain a documented incident response plan for data security events.

    In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities within the timeframes required by applicable law (e.g., within 72 hours under GDPR where applicable).

    To report a security vulnerability, contact us at requests@enfinity.com


    10.7 Third-party processor due diligence


    Third-party service providers who process personal data on our behalf are vetted for their security practices and bound by data processing agreements requiring them to protect your data to at least the same standard as this policy.

    We do not engage sub-processors for Google API-sourced data without ensuring compliance with the Google API Services User Data Policy.


    10.8 User-level controls


    You can revoke Enfinity's access to your Google account at any time via Google Account Permissions, which immediately invalidates our stored OAuth tokens for your account.

    You can request deletion of all your personal data by contacting requests@enfinity.com. Upon verified request, data will be deleted within 30 days.

    You can download a copy of your data by submitting a data access request to requests@enfinity.com.


    Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong, unique passwords and to protect access to your Google account.


    11. Children's privacy


    Enfinity is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us at requests@enfinity.com and we will promptly delete it.


    12. Changes to this policy


    We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. Your continued use of Enfinity after changes are posted constitutes acceptance of the updated policy.


    13. Contact us


    If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:


    Email: requests@enfinity.com

    Website: enfinity.com/contact

    26/F, Citicorp Centre, 18 Whitfield Road, Causeway Bay, Hong Kong

    This policy covers the use of Google API Services and YouTube API Services in accordance with the Google API Services User Data Policy and YouTube API Terms of Service. Google is a trademark of Google LLC.