Privacy Policy

The data controller for personal data processed through Enter is:

We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Danish data protection legislation.

We collect the following categories of personal data:

Account Information

• Name, email address, and profile information
• Organization name and team role
• Authentication credentials (securely hashed)

Usage Data

• Feature usage patterns and interaction data
• Device information, browser type, and IP address
• Log data and error reports

Workspace Content

• Projects, tasks, documents, and files you create
• Client and contact records stored in your CRM
• Time entries, invoices, and financial records
• Messages and communications within your workspace

Payment Information

• Billing address and payment method details (processed and stored by Stripe — we do not store full card numbers)
• Transaction history and subscription status

We process your personal data for the following purposes:

• Service delivery: To provide, maintain, and improve the Enter workspace
• Account management: To create and manage your account, authenticate access, and provide support
• Product improvement: To understand usage patterns and improve the Service (using aggregated, anonymized data)
• Communication: To send service-related notifications, updates, and respond to inquiries
• Legal obligations: To comply with applicable laws, including tax and accounting requirements
• Security: To detect, prevent, and address fraud, abuse, and security issues

Under the GDPR, we rely on the following legal bases:

• Performance of contract (Art. 6(1)(b)): Processing necessary to provide the Service you signed up for
• Legitimate interest (Art. 6(1)(f)): Product improvement, security, and fraud prevention, where our interests do not override your rights
• Consent (Art. 6(1)(a)): For optional analytics cookies and marketing communications, which you can withdraw at any time
• Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and other legal requirements

Your data is hosted on servers located within the European Union. All data is encrypted at rest and in transit using industry-standard encryption protocols (AES-256 and TLS 1.2+).

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including regular security audits, access controls, and backup procedures.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: Retained while your account is active, and for up to 30 days after deletion to allow recovery
• Workspace content: Retained while your account is active. Exported or deleted upon account termination
• Financial records: Retained for 5 years after the relevant transaction, as required by Danish bookkeeping law
• Usage logs: Retained for up to 12 months for security and troubleshooting purposes

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to restrict processing: Request that we limit how we use your data
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at hello@enter.dk. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

We use the following third-party processors, all of which operate within the EU or under adequate data protection safeguards:

• Supabase: Database hosting, authentication, and backend infrastructure (EU-hosted)
• Vercel: Website and application hosting, edge functions
• Stripe: Payment processing (PCI DSS Level 1 certified)

Each processor is bound by a Data Processing Agreement (DPA) and is required to process your data only as instructed by us. We do not sell your personal data to third parties.

Our website uses cookies to provide essential functionality and improve your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Enter includes AI-powered features that process your workspace data to provide intelligent assistance, automation, and insights. Important points about how AI interacts with your data:

• Your workspace data is used for AI features within your workspace only
• Your data is never used to train AI models
• AI processing occurs using secure, privacy-preserving infrastructure
• Your data is not shared with other customers or used to improve models for other users

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date above. For significant changes, we will also notify you via email.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

A Data Protection Officer (DPO) is available on request.