Privacy Policy

Effective date: March 1, 2026 · Last updated: March 1, 2026

EnterSolutions d.o.o. ("EnterSolutions", "we", "our", or "us") operates EnterCRM, a customer relationship management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Data Sharing and Disclosure
  4. Data Retention
  5. Your Rights
  6. International Data Transfers
  7. Children's Privacy
  8. Security Measures
  9. Changes to This Policy
  10. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

  • Account registration details: name, company name, email address, password (hashed)
  • Billing and payment information processed by our payment provider
  • Communications you send us, including support requests and feedback
  • Profile and workspace configuration settings

1.2 Customer Data You Import or Collect Through Our Platform

When you use EnterCRM to manage your customers, you may upload or generate data about your own end-customers. This may include:

  • Names, email addresses, phone numbers and postal addresses
  • Purchase history, transaction values, and order counts
  • Behavioural data collected via the EnterCRM JavaScript tracking snippet
  • Segmentation tags, RFM scores, and CLV estimates generated by our analytics engine
  • Custom attributes and notes added by your team

With respect to this data, you act as the data controller and EnterSolutions acts as the data processor. Our Data Processing Agreement governs such processing.

1.3 Usage and Technical Data

  • Log data: IP address, browser type and version, pages visited, time and date of visits, time spent on pages
  • Device information: operating system, device identifiers
  • Feature usage patterns and API call volumes
  • Session identifiers and authentication tokens

1.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve our service. Please refer to our Cookie Policy for full details on the cookies we deploy, their purpose, and how to manage your preferences.

2. How We Use Your Information

We process your personal data only where we have a lawful basis to do so. Our purposes and corresponding legal bases are:

  • Providing the Service: To create and manage your account, deliver EnterCRM features, process payments, and provide technical support. Legal basis: performance of a contract.
  • Analytics and Service Improvement: To understand how users interact with EnterCRM, diagnose technical issues, and develop new features. Legal basis: legitimate interests.
  • Communications: To send transactional emails (account confirmations, invoices, security alerts) and, where you have opted in, product updates and newsletters. Legal basis: contract performance and/or consent.
  • Security and Fraud Prevention: To detect, investigate and prevent fraudulent transactions, unauthorized access, and other illegal activities. Legal basis: legitimate interests and legal obligation.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests. Legal basis: legal obligation.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We may share your data in the following limited circumstances:

  • Service Providers (Sub-processors): We engage trusted third-party companies to perform services on our behalf, including cloud hosting (Google Cloud), email delivery, payment processing, and error monitoring. These providers are contractually bound to process data only on our instructions and in accordance with applicable data protection law.
  • Business Transfers: If EnterSolutions is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
  • Protection of Rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to safety.

4. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account data is retained for the duration of your active subscription and for 90 days after account closure to allow for reactivation.
  • Customer data you have processed through EnterCRM will be permanently deleted or returned to you within 30 days of contract termination upon your written request.
  • Financial and billing records are retained for 11 years in accordance with Croatian tax and accounting law.
  • Log data for security and fraud detection purposes is retained for up to 12 months.
  • Backup copies may persist for up to 60 days after deletion from live systems.

5. Your Rights

Under the General Data Protection Regulation (GDPR) and applicable Croatian law, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16 GDPR): You may ask us to correct inaccurate or incomplete data.
  • Right to Erasure (Art. 17 GDPR): You may request the deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to Restriction (Art. 18 GDPR): You may request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20 GDPR): You may receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@entersolutions.io. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr.

6. International Data Transfers

EnterSolutions is headquartered in Zagreb, Croatia, an EU member state. Your data is primarily stored and processed within the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an adequacy decision from the European Commission
  • Binding Corporate Rules where applicable

You may request details of the specific safeguards applied to any international transfer by contacting us at privacy@entersolutions.io.

7. Children's Privacy

EnterCRM is a business-to-business service not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such information as promptly as possible. If you believe we may have collected data from a child, please contact us at privacy@entersolutions.io.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our measures include, but are not limited to:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256
  • Password hashing using bcrypt with appropriate cost factor
  • Role-based access controls and principle of least privilege
  • Regular security assessments and penetration testing
  • Multi-tenant data isolation ensuring no cross-tenant data access
  • Secure API keys with SHA-256 hashed secrets

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (using the address associated with your account) and/or by posting a prominent notice on our website at least 30 days before the changes take effect. The updated policy will be identified by a revised effective date at the top of the page.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

EnterSolutions d.o.o.

Zagreb, Croatia

Privacy enquiries: privacy@entersolutions.io