EnRoute Growth Platform Privacy Policy
Effective Date: May 30, 2026 Last Modified: May 30, 2026 Version: 3.0 (Full Publication-Ready) Supersedes: V2.0 (April 1, 2026)
1. Introduction
EnRoute Growth Platform ("EGP," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you access or use our websites, platforms, applications, products, and services (collectively, the "Services").
This Privacy Policy applies to all EGP products and services, including EGP MapBoost, EGP PRBoost, EGP AIBoost, EGP RepBoost, EGP VoiceBoost, EGP AutoBoost, EGP ContentBoost, EGP ComplianceGuard, EGP LegalBoost, EGP CRM, and EGP ORCA.
By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.
EGP Headquarters: EnRoute Growth Platform 1640 Boro Pl, 4th Floor McLean, VA 22102 United States
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, phone number, postal address, company name, job title
- Payment Information: Credit or debit card details, billing address, transaction history
- Profile Data: User preferences, settings, communication choices, profile photos
- Communication Data: Messages sent through the Services, support inquiries, feedback, survey responses
- Client Business Data: Business information you provide for service delivery, including business name, address, website URL, industry, customer records, marketing materials
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, actions taken, time spent on pages, navigation paths, search queries
- Device Information: Browser type and version, operating system, device type, screen resolution, device identifiers
- Network Information: Internet Protocol (IP) address, internet service provider, approximate geographic location
- Cookie and Tracking Data: Cookies, web beacons, pixels, and similar tracking technologies (see Section 10)
2.3 Information from Third-Party Sources
- Partner Data: Information received from business partners, data providers, and integrated platforms
- Public Data: Publicly available information from business directories, social media profiles, and government records
- Referral Data: Information provided by other users who refer you to our Services
2.4 AI-Related Data Collection
When you use our Artificial Intelligence (AI) powered Services, we may collect:
- Input Data: Text, files, images, and other content you submit to AI-powered features
- AI Interaction Data: Your interactions with AI systems, including queries, selections, and feedback
- Voice Data: Audio recordings when using EGP VoiceBoost or other voice-enabled services (with your explicit consent)
2.5 Sensitive Personal Information (SPI)
We do not intentionally collect Sensitive Personal Information (SPI) as defined under the California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), or other applicable laws (e.g., precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, health data, sexual orientation, contents of mail/email/text messages). Where SPI is incidentally collected (e.g., in client-supplied content), it is processed only for the purposes described in Section 4 and subject to the right-to-limit described in Section 7.3.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):
| Legal Basis | Processing Activity |
|---|---|
| Contract Performance (Art. 6(1)(b)) | Providing Services, processing payments, account management |
| Legitimate Interests (Art. 6(1)(f)) | Service improvement, fraud prevention, analytics, security |
| Consent (Art. 6(1)(a)) | Marketing communications, cookies, voice recording, AI data processing |
| Legal Obligation (Art. 6(1)(c)) | Tax compliance, regulatory requirements, legal proceedings |
You may withdraw consent at any time by contacting us or using the opt-out mechanisms described in this Policy.
4. How We Use Your Information
We use personal information for the following purposes:
4.1 Service Delivery
- Processing transactions and managing your account
- Providing, maintaining, and improving the Services
- Delivering AI-powered features, including content generation, search optimization, and analytics
- Fulfilling your requests and responding to inquiries
4.2 Communication
- Sending administrative notices, service updates, and security alerts
- Responding to customer support requests
- Sending marketing communications (with your consent or as permitted by law)
4.3 Improvement and Analytics
- Analyzing usage patterns to improve the Services
- Conducting research and development
- Testing new features and functionality
- Generating aggregated, anonymized insights
4.4 Security and Compliance
- Detecting, preventing, and responding to fraud, abuse, and security threats
- Enforcing our Terms of Service and other agreements
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful government requests
4.5 AI Service Delivery
- Processing input data through AI models to generate outputs
- Improving the accuracy and quality of AI-powered features
- Monitoring AI systems for bias, errors, and compliance
Important: EGP does not use your personal data or Client Content to train third-party AI models. Your data is processed solely for the purpose of delivering the contracted Services.
5. How We Share Your Information
5.1 Service Providers
We share information with trusted third-party service providers who assist in operating the Services, including:
- Payment processors for transaction handling
- Cloud hosting and infrastructure providers
- Analytics and performance monitoring services
- Customer support tools
- Email delivery services
All service providers are bound by contractual obligations to protect your data and use it only for the purposes for which it was disclosed.
5.2 Business Transfers
In the event of a merger, acquisition, reorganization, asset sale, or bankruptcy, your information may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy.
5.3 Legal Requirements
We may disclose information when required by law, regulation, legal process, or government request, or when disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
5.4 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5.5 Aggregated and De-identified Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Such data is not subject to the restrictions of this Privacy Policy.
6. Data Retention
We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Information | Duration of account plus 2 years | Contract, legal obligation |
| Payment Records | 7 years | Tax and financial reporting requirements |
| Usage and Analytics Data | 3 years | Legitimate interests |
| Marketing Consent Records | Duration of consent plus 3 years | Legal obligation |
| Support Communications | 3 years after resolution | Legitimate interests |
| AI Interaction Data | 1 year | Service improvement |
| Voice Recordings | 90 days | Consent-based processing |
Upon request, we will delete or anonymize your personal information in accordance with applicable law, subject to our legal retention obligations.
7. Your Privacy Rights
7.1 Rights for All Users
Regardless of your location, you may:
- Access your personal information held by EGP
- Correct inaccurate or incomplete personal information
- Delete your account and associated personal information
- Opt out of marketing communications at any time
- Request information about how your data is used
7.2 GDPR Rights (EEA, UK, Switzerland Residents)
Under the GDPR, you have the following additional rights:
- Right of Access (Art. 15): Obtain a copy of your personal data and information about its processing
- Right to Rectification (Art. 16): Correct inaccurate personal data
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing (Art. 18): Limit how we process your data
- Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (JSON or CSV)
- Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
- Right Not to Be Subject to Automated Decision-Making (Art. 22): Request human review of automated decisions that significantly affect you
- Right to Withdraw Consent: Withdraw previously given consent at any time
Response Time: We will respond to all GDPR requests within 30 days of receipt.
Data Protection Contact: privacy@enroutegrowthplatform.com
7.3 California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) Rights (California Residents)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you in the preceding 12 months
- Right to Delete: Request deletion of personal information we have collected
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing of Personal Information: EGP does not "sell" personal information for monetary consideration. EGP may "share" personal information for cross-context behavioral advertising in certain limited contexts; California residents may opt out via our "Do Not Sell or Share My Personal Information" link or by transmitting a Global Privacy Control (GPC) signal, which EGP honors as a valid opt-out request consistent with the California Attorney General's GPC guidance.
- Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): Under Cal. Civ. Code Section 1798.121, California residents may limit EGP's use and disclosure of SPI to purposes necessary to perform the Services, consistent with the regulations adopted by the California Privacy Protection Agency (CPPA).
- Right to Non-Discrimination: Receive equal service and pricing regardless of exercising your privacy rights
- Right to Data Portability: Receive a copy of your personal information in a readily usable format
- Right Regarding Automated Decision-Making Technology (ADMT): Consistent with CPPA regulations adopted under Cal. Civ. Code Section 1798.185(a)(16), California residents may request information about, and opt out of, certain uses of ADMT.
Categories of Personal Information Collected (Preceding 12 Months):
- Identifiers (name, email, phone, IP address)
- Commercial information (purchase history, subscription records)
- Internet or electronic network activity (usage data, browsing history on our Services)
- Geolocation data (approximate location from IP address)
- Professional or employment information (job title, company name)
- Inferences drawn from the above categories
Sale of Personal Information: EGP does not sell personal information as defined under the CCPA/CPRA.
Global Privacy Control (GPC): EGP recognizes the Global Privacy Control browser signal as a valid opt-out request for sale and sharing of personal information under the CCPA/CPRA. No additional action is required from California residents whose browsers transmit a GPC signal.
Response Time: We will respond to all CCPA/CPRA requests within 45 days of receipt, extendable by one additional 45-day period where reasonably necessary.
To Exercise CCPA/CPRA Rights:
- Email: privacy@enroutegrowthplatform.com
- Web form: https://app.enroute.global/privacy-request
- Phone: +1.866.891.2779
You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.
7.4 Virginia Consumer Data Protection Act (VCDPA) Rights (Virginia Residents)
Under the Virginia Consumer Data Protection Act (VCDPA), Va. Code Ann. Section 59.1-575 et seq., effective January 1, 2023, Virginia residents have the following rights:
- Right to Access: Confirm whether we are processing your data and access it
- Right to Correct: Correct inaccurate personal data
- Right to Delete: Delete personal data we hold about you
- Right to Data Portability: Obtain your data in a portable format
- Right to Opt-Out: Opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects
Response Time: We will respond to all VCDPA requests within 45 days of receipt.
Appeal Process: If we deny your request, you may appeal by contacting privacy@enroutegrowthplatform.com. We will respond to your appeal within 60 days.
7.5 Colorado Privacy Act (CPA) Rights (Colorado Residents)
Under the Colorado Privacy Act (CPA), C.R.S. Section 6-1-1301 et seq., effective July 1, 2023, Colorado residents have the following rights:
- Right of Access to confirm processing and access personal data
- Right to Correction of inaccurate personal data
- Right to Deletion of personal data
- Right to Data Portability in a readily usable format
- Right to Opt-Out of targeted advertising, sale of personal data, and profiling in furtherance of decisions producing legal or similarly significant effects
- Universal Opt-Out Mechanism (UOOM): EGP recognizes Colorado-approved Universal Opt-Out Mechanisms, including the Global Privacy Control (GPC), as of the July 1, 2024 enforcement date.
Response Time: 45 days, with one 45-day extension where reasonably necessary.
Appeal Process: If we deny your request, you may appeal by contacting privacy@enroutegrowthplatform.com. We respond to appeals within 45 days.
7.6 Connecticut Data Privacy Act (CTDPA) Rights (Connecticut Residents)
Under the Connecticut Data Privacy Act (CTDPA), Conn. Gen. Stat. Section 42-515 et seq., effective July 1, 2023, Connecticut residents have rights of access, correction, deletion, data portability, and opt-out of targeted advertising, sale of personal data, and consequential profiling. EGP recognizes Universal Opt-Out Mechanisms (including GPC), effective January 1, 2025.
Response Time: 45 days, extendable by 45 days.
7.7 Utah Consumer Privacy Act (UCPA) Rights (Utah Residents)
Under the Utah Consumer Privacy Act (UCPA), Utah Code Section 13-61-101 et seq., effective December 31, 2023, Utah residents have rights of access, deletion, data portability, and opt-out of targeted advertising and sale of personal data.
Response Time: 45 days, extendable by 45 days.
7.8 Texas Data Privacy and Security Act (TDPSA) Rights (Texas Residents)
Under the Texas Data Privacy and Security Act (TDPSA), Tex. Bus. & Com. Code Section 541.001 et seq., effective July 1, 2024, Texas residents have rights of access, correction, deletion, data portability, and opt-out of targeted advertising, sale of personal data, and consequential profiling. EGP recognizes Universal Opt-Out Mechanisms (including GPC), effective January 1, 2025.
Response Time: 45 days, extendable by 45 days.
7.9 Oregon Consumer Privacy Act (OCPA) Rights (Oregon Residents)
Under the Oregon Consumer Privacy Act (OCPA), ORS Section 646A.570 et seq., effective July 1, 2024, Oregon residents have rights of access (including a list of specific third parties to whom personal data has been disclosed), correction, deletion, data portability, and opt-out of targeted advertising, sale of personal data, and consequential profiling.
Response Time: 45 days, extendable by 45 days.
7.10 How to Exercise Your Rights
Submit privacy requests via:
- Email: privacy@enroutegrowthplatform.com
- Web form: https://app.enroute.global/privacy-request
- Mail: EnRoute Growth Platform, Attn: Privacy Team, 1640 Boro Pl, 4th Floor, McLean, VA 22102
- Phone: +1.866.891.2779
EGP verifies requestor identity proportionate to the sensitivity of the data and the request. EGP does not discriminate against consumers for exercising privacy rights.
8. Data Security
We implement appropriate technical and organizational measures to protect personal information, including:
- Encryption of data in transit (Transport Layer Security (TLS) 1.2 or higher) and at rest (Advanced Encryption Standard (AES) 256-bit)
- Access controls and authentication requirements
- Regular security assessments and vulnerability testing
- Employee security awareness training
- Incident response and breach notification procedures
- Secure data backup and disaster recovery
Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your personal information.
9. International Data Transfers
EGP is headquartered in the United States. If you are located outside the United States, your personal information may be transferred to, stored in, and processed in the United States or other countries.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Supplementary measures as appropriate based on transfer impact assessments
- The EU-U.S. Data Privacy Framework (DPF) and UK Extension where applicable
By using the Services, you consent to the transfer of your information to the United States and other countries as described in this Policy.
10. Cookies and Tracking Technologies
10.1 Types of Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for site functionality, security, and authentication | Session or persistent |
| Performance/Analytics | Measure site usage, improve performance | Up to 2 years |
| Functional | Remember preferences, settings, and choices | Up to 1 year |
| Marketing/Targeting | Deliver relevant advertising, measure campaign effectiveness | Up to 2 years |
10.2 Cookie Management
You can manage cookie preferences through:
- Your browser settings
- Our cookie consent banner (displayed on first visit)
- Our Privacy Center
Disabling certain cookies may affect the functionality of the Services.
10.3 Do Not Track and Global Privacy Control
EGP honors Do Not Track (DNT) browser signals where technically feasible. EGP additionally honors the Global Privacy Control (GPC) browser signal as a valid opt-out request for the sale and sharing of personal information under applicable state privacy laws (CCPA/CPRA, CPA, CTDPA, TDPSA, OCPA).
11. Children's Privacy
The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@enroutegrowthplatform.com.
12. Automated Decision-Making and Profiling
EGP uses automated decision-making and profiling in the following contexts:
- AI Content Generation: Automated content creation based on your input and preferences
- Search Optimization: Automated analysis and optimization of search visibility
- Fraud Detection: Automated monitoring of account activity for suspicious behavior
- Service Recommendations: Automated suggestions based on usage patterns
You have the right to request human review of automated decisions that have a significant effect on you. Contact us at privacy@enroutegrowthplatform.com to exercise this right. See also EGP's AI Disclosure for additional information on automated decision-making technology.
13. Third-Party Links and Services
The Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated Policy on our website with a new effective date
- Sending email notification to the address associated with your account
- Displaying a notice within the Services
Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes.
15. Contact Us
For questions, concerns, or requests related to this Privacy Policy, contact us at:
EnRoute Growth Platform Attn: Privacy Team 1640 Boro Pl, 4th Floor McLean, VA 22102
- Email: privacy@enroutegrowthplatform.com
- Privacy request form: https://app.enroute.global/privacy-request
- Phone: +1.866.891.2779
- Website: www.enroutegrowthplatform.io
For GDPR-related inquiries: Email: privacy@enroutegrowthplatform.com (Data Protection Officer designation pending; contact the Privacy Team for all requests)
For CCPA/CPRA-related inquiries: Email: privacy@enroutegrowthplatform.com Phone: +1.866.891.2779
16. Acceptance
By accessing or using the Services on or after the Effective Date above, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.
(c) 1991-2026 EnRoute Growth Platform. All rights reserved.