Privacy Policy
Last updated: 22 May 2026
Enterwise provides an AI-native platform for business analysis and organizational change. We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, and share information when you visit enterwise.aior use our products and services (the "Services").
Early Access Notice
Enterwise is currently in early access. Features and availability may change. These policies are provided for transparency and may be updated as we prepare for commercial launch. Continued use of the Services after updates constitutes acceptance of the revised documentation.
Quick summary
- We collect only what we need to run the Service: your account, your workspace content, and basic technical data.
- We do not sell your data, run ads, or use customer content to train third-party AI models.
- Most data stays in the EU. Some subprocessors are in the US under Standard Contractual Clauses.
- We use a small set of named subprocessors (database, hosting, email, AI providers). The full list is at enterwise.ai/trust#subprocessors.
- You have full rights over your data. Email privacy@enterwise.ai and we will respond within one month.
1. Who we are
Enterwise B.V. is a Dutch private limited company registered with the Dutch Chamber of Commerce under KVK number 42053993, VAT (BTW) number NL869496578B01. Privacy contact: privacy@enterwise.ai.
Enterwise wears two hats depending on the data:
- As controller, for personal data we collect for our own purposes (your account, billing, support, marketing, the waitlist, website visits). This policy describes what we do with that data.
- As processor, for personal data your organisation puts into the product (people directory entries, project content, meeting transcripts, anything that mentions third parties). Your organisation is the controller of that data; we process it on their instructions under our Data Processing Agreement.
If you are an end-user of an Enterwise customer (your employer or someone else uses Enterwise to hold information about you), please contact that organisation first. We will assist them under our DPA.
2. What we collect
We group personal data into four buckets:
- Account and profile. Email, name, password (hashed) or Google sign-in identifiers, organisation membership, role, and in-app preferences.
- Workspace content. Anything you or your organisation puts into the product: people directory entries, projects, meeting recordings and transcripts, document uploads, AI prompts and outputs, comments, and approvals. This may include personal data about people who are not Enterwise users (typically provided by your organisation).
- Usage and technical data. Authentication sessions, IP address and request metadata in hosting logs, audit metadata (who created or changed content and when), and AI usage telemetry (tokens, model, cost, errors).
- Communications. Emails you send us (contact@enterwise.ai, privacy@enterwise.ai), waitlist submissions, and support correspondence.
Most of this data comes directly from you or from a user in your organisation. Some comes from your sign-in provider (Google OAuth, if you use it). Some is generated automatically by our infrastructure (logs, timestamps). We do not buy personal data from data brokers and do not enrich profiles from public sources.
We do not use third-party product analytics, advertising, retargeting, or social-media tracking.
3. How we use it
We use personal data to:
- Provide the Service (lawful basis: performance of a contract). Authentication, running the workspace, transcribing audio, running AI features, supporting billing.
- Operate, secure, and improve the Service (legitimate interests). Hosting, logs, audit trails, debugging, anti-abuse, internal product analytics derived from usage patterns.
- Communicate with you (legitimate interests for service emails; consent for marketing). Account notifications, support replies, and optional product updates you can opt out of at any time.
- Comply with legal obligations (legal obligation). Tax and accounting records, responses to lawful requests.
- Defend legal claims (legitimate interests) where needed.
Customer content is not used to train third-party AI models. Our AI subprocessors are contractually bound to the same.
4. Who we share with
We use a small set of subprocessors to run the Service, such as our cloud provider, hosting platform, email delivery, and AI inference providers. Each is bound by a Data Processing Agreement and a duty of confidentiality.
The current list, with each subprocessor's service category and region, is published at enterwise.ai/trust#subprocessors. We give customers at least 30 days' advance notice before adding or replacing a subprocessor.
Customer content is not used to train third-party AI models. Our AI subprocessors are contractually bound to the same.
If your account is part of an organisation workspace, other authorised members of that organisation may access content you create according to workspace settings.
We may also disclose personal data to comply with law or court orders, or to protect the rights, property, or safety of Enterwise, our users, or the public. In a merger, acquisition, or similar transaction, your personal data may transfer as part of that deal, subject to continued protections consistent with this policy.
We do not sell or rent your personal data. We do not engage in cross-context behavioural advertising.
5. International transfers
Most data stays in the European Union. Where data is transferred to the United States by certain subprocessors, we rely on the European Commission's Standard Contractual Clauses and the UK IDTA / Addendum for UK data, together with the supplementary measures published by each subprocessor (encryption in transit and at rest, access controls, regional storage where offered). The current list of subprocessors and their regions is at enterwise.ai/trust#subprocessors.
6. How long we keep it
We keep personal data only as long as needed to provide the Service, meet legal obligations, and resolve disputes. In practice:
- Account and workspace data: deleted within 30 days of the end of your subscription, or earlier on request.
- Audio recordings: deleted promptly after successful transcription. If transcription fails, audio is retained for up to seven (7) days from the last failed attempt so you can retry, then automatically deleted. Audio is never retained indefinitely.
- AI prompt and output logs: 90 days, retained solely for reliability, abuse prevention, debugging, and cost monitoring.
- Hosting logs: per our hosting provider's retention (typically 30 days for analytics, longer for security audit).
- Billing and accounting records: 7 years from the end of the relevant financial year (Dutch tax law).
- Records of privacy requests: kept indefinitely for accountability.
- Records of Terms and Privacy Policy acceptance: kept indefinitely for accountability.
Backups are overwritten on the standard rotation. Where the law requires longer retention, that retention applies.
7. Security
We protect personal data with encryption in transit (TLS) and at rest, access controls based on least privilege, Row-Level Security at the database, multi-factor authentication on critical accounts, infrastructure logging, and personnel confidentiality obligations. A more detailed summary is available on request and is part of our DPA. While no system can guarantee absolute security, we continuously work to protect personal data and improve our safeguards. If we learn of a personal data breach affecting your data, we will notify you and the relevant supervisory authority where required.
8. Your rights
If you are in the EU/EEA or the UK, you have the right to:
- access your personal data and receive a copy
- correct inaccurate data
- request deletion
- restrict or object to processing
- portability in a structured, commonly used, machine-readable format
- withdraw consent at any time, where consent is the lawful basis
To exercise these rights, email privacy@enterwise.ai. We will respond within one month (extendable to three months for complex requests, with notice). You may also lodge a complaint with your supervisory authority: for the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl); for the UK, the ICO (ico.org.uk); or your local authority elsewhere.
If your data is held in the workspace of an Enterwise customer, please contact that customer first; we will assist them under our DPA.
9. US state residents
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or another US state with a comprehensive consumer privacy law, you have substantially similar rights to those in Section 8: to know, access, delete, correct, and port your personal information, and to opt out of sale or sharing, targeted advertising, and certain profiling.
Enterwise does not sell or share personal information, does not engage in targeted advertising, and does not perform profiling that produces legal or similarly significant effects.
To exercise your rights, email privacy@enterwise.ai. We honour authorised-agent requests with appropriate verification. Because we do not sell or share personal information, run targeted advertising, or otherwise process data subject to an opt-out under these laws, no opt-out mechanism is required today; the Global Privacy Control (GPC) signal is honoured by default.
10. Cookies
We use the minimum cookies needed to run the Service: authentication cookies set by Supabase for sign-in and session management. We do not use analytics, advertising, or social-media tracking cookies. Because we do not use non-essential cookies, we do not show a cookie consent banner today; if we introduce any in the future (for example, product analytics), we will request your consent before they are placed. Full details, including browser storage items, are in our Cookie Policy at enterwise.ai/cookies.
11. Automated decisions
We do not make automated decisions with legal or similarly significant effects about you. AI features that generate text, transcripts, or summaries from your content are not decisions about you in this sense.
12. Children's privacy
The Services are a B2B product not directed at users under 16. We do not knowingly collect personal data from children under 16. If you believe we have, email privacy@enterwise.ai and we will delete it.
13. Changes
We may update this policy. Material changes are communicated through the Service or by email with reasonable advance notice. The "Last updated" date at the top reflects the current version; previous versions are archived internally and available on request.
14. Contact
Privacy questions, complaints, and data subject requests: privacy@enterwise.ai.