Legal

Privacy Policy

Last updated: May 2026

Full Engage is a service of PROCEDO SOFTWARE SOLUTIONS Inc. ("Full Engage", "we", "us", "our"), a Canadian corporation with its registered office at 2967 Dundas St. W. #849, Toronto, ON M6P 1Z2, Canada.

This Privacy Policy explains what information we collect, how we use it, and the choices you have. It covers our marketing website (fullengage.ai) and our SaaS product (fullengage.ai/app), which together we refer to as the "Service".

What We Do

Full Engage is the operational backbone for independent consultants and small consulting teams managing multiple client engagements. The product consolidates client records, tasks, notes, files, scheduling, calendar sync, and an AI assistant scoped to your workspace.

Information We Collect

Account information

When you create an account — either with an email and password or by signing in with Google — we collect:

  • Your name, email address, and (if provided by your identity provider) your profile picture.
  • Authentication credentials and, for Google sign-in, OAuth tokens (access and refresh tokens) which are encrypted at rest.
  • Optional profile settings such as your timezone and two-factor authentication configuration.

Organization and workspace data

When you and your teammates use Full Engage, you create records that we host and process on your behalf, including:

  • Client records, tasks, notes, custom fields, and team membership and role information.
  • Files you upload (images, PDFs, documents) stored in object storage, plus vector embeddings of files and notes generated to power in-product search and the AI assistant.
  • Meetings, events, event types (bookable templates), availability, and invitations.

Google Calendar data (only if you connect it)

If you choose to connect Google Calendar from within Full Engage, we request the https://www.googleapis.com/auth/calendar scope (alongside openid and email) and access the following:

  • Calendar events from the connected calendar — including title, description, start and end time, location, organizer email, and attendee emails — to display alongside your Full Engage events, prevent double-booking, and sync changes both ways.
  • Webhook channel metadata so we can receive real-time notifications when events change in Google Calendar.
  • The Google OAuth access and refresh tokens used to make these calls. These tokens are encrypted at rest and used only by automated systems to keep your calendar in sync.

We only access Google Calendar data while your connection is active. You can disconnect at any time from within Full Engage, which revokes our access; you can also revoke our access directly from your Google Account at myaccount.google.com/permissions.

Billing information

Payments are processed by Stripe. We receive and store your Stripe customer ID, the plan you are on, your subscription status, invoices, and webhook events related to your subscription. We do not store full card numbers or other payment instrument details — those are handled by Stripe.

AI assistant usage

The Full Engage AI assistant lets you ask questions about your workspace. For each interaction we store the conversation history, the model used, token counts and latency, the AI credit ledger associated with your organization, and any errors. Prompts may include workspace context (such as client names, notes, or file excerpts) that you choose to make available to the assistant.

Audit and security information

To keep your account safe and to power the audit log we expose in-product, we record session and security data: IP address, user agent, session lifetime, and an audit trail of mutating actions performed by users in your organization (who did what, when, and from where). API keys created in Full Engage are stored as hashes only — we cannot recover the original key after creation.

Marketing-site visitor data

When you visit fullengage.ai:

  • If you use the contact form, we collect the name, email, and message you submit.
  • If you join the waitlist, we collect the name and email you provide.
  • We use Cloudflare Turnstile to verify that form submissions come from a human, and Resend to deliver transactional and confirmation emails.
  • In production, we use Google Tag Manager, Vercel Analytics, and Umami (a privacy-friendly analytics tool) to understand aggregate site usage. These collect data such as page views, referrers, device and browser type, and approximate location derived from IP address. We do not use this data to build advertising profiles.

How We Use Information

We use the information described above to:

  • Provide, operate, secure, and improve the Service.
  • Authenticate you and connect external services you have authorized (such as Google Calendar).
  • Keep your calendar in sync, run the scheduling and event features, and process meetings booked through your public booking links.
  • Power the AI assistant against your workspace context (and only your workspace context).
  • Process payments, manage subscriptions, and send invoices.
  • Send transactional email (verification, password reset, organization invites, booking confirmations, billing receipts, support replies).
  • Monitor errors and performance, prevent fraud and abuse, and enforce our Terms of Service.
  • Respond to support inquiries and comply with legal obligations.

We do not sell personal information, and we do not use the data described in this Policy for cross-context behavioural advertising.

Google API User Data — Limited Use Disclosure

Full Engage requests the following Google OAuth scopes:

  • email and profile — to identify you when you sign in and to display your name and avatar in the app.
  • openid — standard identifier for OAuth authentication.
  • https://www.googleapis.com/auth/calendar — only when you explicitly connect Google Calendar, so that we can read, create, and update events in the calendars you choose to sync.

Full Engage's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

  • We do not use Google user data — including Google Calendar data — to serve advertisements.
  • We do not sell or transfer Google user data to third parties for advertising, marketing, or any other secondary purpose.
  • We do not train any AI or machine-learning models, including generalized or third-party models, on Google user data.
  • We do not allow humans to read Google user data, except: (a) with the user's explicit consent for specific, identified messages or events; (b) when strictly necessary to investigate and resolve a security incident, abuse, or fraud, or to comply with law; or (c) for internal operations where the data has been aggregated and anonymized.

You can review and revoke Full Engage's access to your Google account at any time at myaccount.google.com/permissions.

How We Share Information

We share information with the following categories of recipients, only as needed to provide the Service:

  • Google — for user authentication (email, profile, openid scopes) and, if you connect it, the Google Calendar API.
  • Stripe — for payment processing, subscription management, and tax handling.
  • Resend — to deliver transactional and confirmation emails.
  • OpenAI — to power the AI assistant. Prompts may include workspace context that you choose to make available; outputs are returned to your conversation in-product.
  • AWS S3 / Cloudflare R2 — for encrypted object storage of files you upload.
  • Sentry — for error monitoring and performance tracking. Error reports may incidentally include user identifiers (such as a user or organization ID) in the error context.
  • Vercel — for hosting and infrastructure analytics.
  • Umami — for privacy-friendly marketing-site analytics.
  • Cloudflare Turnstile — for bot protection on our public forms.
  • Featurebase — for the in-product support and feedback widget, where enabled.

We may also share information when required by law, in connection with a corporate transaction (such as a merger, acquisition, or asset sale, in which case we will notify you), or with your direction or consent.

We do not sell personal information to data brokers or advertisers.

Data Retention and Deletion

We retain your data while your account is active and as needed to provide the Service.

  • Account closure: when you delete your account or your organization is deleted, we delete the associated personal data and workspace data from our production systems within 30 days. Encrypted backups are rotated on a schedule and any residual copies are purged on that rotation.
  • Billing records: invoices and payment records are retained as required by applicable tax and accounting laws (typically six to seven years in Canada).
  • Audit and security logs: retained for a limited period to support security investigations and to comply with legal obligations, then deleted.
  • Calendar data: when you disconnect Google Calendar from Full Engage, we revoke our tokens, stop syncing, and delete the cached calendar events associated with that connection.

You can request deletion at any time by emailing info@fullengage.ai.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, or export the personal information we hold about you, to restrict or object to certain processing, and to withdraw consent. Specifically:

  • Canada (PIPEDA): you may request access to and correction of your personal information. If you have a concern about how we have handled your information, you may also contact the Office of the Privacy Commissioner of Canada.
  • European Economic Area / United Kingdom (GDPR / UK GDPR): you have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority.
  • California (CCPA / CPRA): you have the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. We do not sell or "share" personal information as defined by the CCPA.

To exercise any of these rights, email info@fullengage.ai from the address associated with your account. We will respond within the timeframes required by applicable law.

Security

We take reasonable technical and organizational measures to protect personal information, including:

  • Encryption in transit (TLS) for all traffic to the Service.
  • Encryption at rest for OAuth tokens and other sensitive credentials.
  • Role-based access controls inside organizations.
  • Audit logging of mutating actions.
  • Optional two-factor authentication for accounts.

No system can be made perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

International Data Transfers

Full Engage is operated from Canada, and several of our sub-processors are located in the United States and Europe. Where personal information is transferred outside your country of residence, we rely on contractual safeguards with our sub-processors and on applicable legal mechanisms (such as the EU Standard Contractual Clauses, where relevant).

Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in-product or by email. Continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your information, contact us at:

Email: info@fullengage.ai

Mail: PROCEDO SOFTWARE SOLUTIONS Inc., 2967 Dundas St. W. #849, Toronto, ON M6P 1Z2, Canada