Privacy Policy

Privacy Policy

This privacy policy explains how we handle any information
collected when you use this Framer template.

Privacy Policy

Last updated: 11 January 2025

This Privacy Policy explains how Enterflow (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you:

  • visit our website at https://enterflow.ai/ (the “Website”),

  • contact us, request a demo, or engage us for services,

  • receive custom AI software development services from us, including OCR, document processing, extraction, classification, and workflow automation (the “Services”).

If you are a customer and we process personal data on your behalf as part of the Services, you (the customer) typically act as the data controller and we act as the data processor. Where applicable, processing terms are governed by our contract and any Data Processing Agreement (“DPA”).

1) Who we are

Controller (for Website and business administration):
Enterflow
Email: info@enterflow.ai

If you have any questions about this Privacy Policy or our data practices, contact us at info@enterflow.ai.

2) Scope

This Privacy Policy applies to:

  • Website visitors

  • Prospective customers and partners

  • Customer representatives (e.g., employees and contractors of our customers)

  • Vendors and subcontractors

  • End users or data subjects whose data may appear in documents provided by customers, where we process that data on the customer’s instructions

3) Personal data we collect

A. Data you provide directly

We may collect:

  • Contact information (name, business email, phone, company, job title)

  • Communications (messages submitted via forms, email, or calls)

  • Sales/contract information (signatory details, billing contacts, invoicing details)

  • Support information (tickets, requested features, troubleshooting details)

B. Data we collect automatically (Website)

We may collect:

  • Device and usage data (IP address, browser type, pages viewed, timestamps, referring URLs)

  • Cookie/identifier data if you consent to non-essential cookies (see Section 6)

C. Data processed in the course of Services (customer-provided content)

Depending on the project, customers may provide or enable us to process:

  • Documents and files (PDFs, scans, images, emails, attachments)

  • Extracted/derived data (e.g., names, addresses, identifiers, invoice details, payment-related references, line items)

  • Metadata and logs (document types, workflow events, timestamps, user actions, error logs)

This data may include personal data and, depending on the use case, special categories of data (e.g., health data) or other sensitive data. Customers should avoid providing sensitive data unless necessary and contractually agreed with appropriate safeguards.

4) How we use personal data (purposes)

We use personal data for the following purposes:

  1. Provide and operate the Website

  2. Respond to inquiries and provide quotes, demos, and information

  3. Deliver Services, including custom OCR/document AI development, implementation, testing, and support

  4. Project and account administration (account management, invoicing, contract management)

  5. Security (fraud prevention, access control, monitoring, incident response)

  6. Improve our offerings (service quality, performance, usability)

  7. Legal and compliance (recordkeeping, dispute handling, enforcing rights)

5) Legal bases (EEA/UK GDPR)

Where the GDPR applies, our legal bases include:

  • Contract: to perform a contract with you or take steps at your request before entering into a contract

  • Legitimate interests: to operate our business, maintain security, and improve services (balanced against your rights)

  • Consent: for non-essential cookies and marketing where required by law

  • Legal obligation: to comply with applicable laws (e.g., tax and accounting)

Customer data processed under Services: when we process personal data on behalf of a customer, the customer determines the legal basis and we process the data under the customer’s instructions as a processor.

6) Cookies and similar technologies

We may use cookies and similar technologies to operate and improve the Website.

  • Strictly necessary cookies: required for core Website functionality (no consent required).

  • Analytics cookies: used to understand Website performance and improve content (consent may be required depending on your jurisdiction).

  • Marketing cookies: used to measure campaigns and deliver relevant advertising (consent required where applicable).

Cookie choices: You can manage preferences through [insert cookie banner/preferences link if used] or your browser settings.

7) How we share personal data

We may share personal data with:

  • Service providers / processors that support our operations (e.g., hosting, email, analytics, CRM, support tools)

  • Professional advisors (legal, accounting, auditors)

  • Authorities where required by law or to protect rights and safety

  • Business transfers (e.g., merger, acquisition, restructuring, or asset sale) subject to appropriate protections

We do not sell personal data.

Subprocessors for customer data

For Services, we may use subprocessors (e.g., cloud hosting providers) to process customer data. Where required, subprocessors are bound by contractual obligations and appropriate security measures. A current list may be provided in our DPA or on request at info@enterflow.ai.

8) International data transfers

If personal data is transferred outside the EEA/UK/Switzerland, we use appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs) (and UK addendum where relevant),

  • adequacy decisions, or

  • other lawful transfer mechanisms.

Details are available on request at info@enterflow.ai.

9) Data retention

We retain personal data only as long as necessary for the purposes described above:

  • Inquiries and lead communications: typically up to 24 months after last contact

  • Contract and billing records: as required by applicable law 7 years

  • Customer data in Services: retained according to the contract/DPA and customer instructions; we can delete or return data upon request/contract termination subject to legal requirements and agreed timelines

Where feasible, we de-identify or aggregate data for longer-term analytics.

10) Security

We implement appropriate technical and organizational measures to protect personal data, which may include:

  • access controls (least privilege) and multi-factor authentication where available

  • encryption in transit and at rest where appropriate

  • audit logging and monitoring

  • secure development practices

  • vendor risk management

  • incident response procedures

No method of transmission or storage is 100% secure; however, we maintain safeguards proportionate to the risk.

11) AI, model training, and automated decision-making

Custom AI development and OCR

Our Services may include building, configuring, or integrating AI models for OCR, extraction, classification, and document workflow automation.

Training on customer data

Unless expressly agreed in writing:

  • we do not use customer-provided documents to train general-purpose models for other customers, and

  • we process customer data only to deliver the Services.

If a project requires model tuning, evaluation, or prompt/workflow optimization using customer data, the scope, safeguards, retention, and access controls will be defined in the contract/DPA.

Automated decisions

We do not knowingly use Website data to make decisions that produce legal or similarly significant effects about individuals. For customer deployments, automated decision-making (if any) is determined by the customer and should be disclosed to their end users as required by law.

12) Your rights (EEA/UK and similar jurisdictions)

Depending on your location, you may have rights to:

  • access your personal data

  • correct inaccurate data

  • delete data (“right to be forgotten”)

  • restrict or object to certain processing

  • data portability

  • withdraw consent (where processing is based on consent)

  • lodge a complaint with a supervisory authority

If you are an end user whose data is contained in customer-provided documents, please direct requests to the relevant customer (controller). We will assist the customer as required by our DPA.

To exercise rights for data we control, contact info@enterflow.ai

13) Children’s privacy

Our Website and Services are not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at info@enterflow.ai so we can take appropriate action.

14) Third-party links

The Website may contain links to third-party sites. We are not responsible for their privacy practices. Please review the privacy policies of those third parties.

15) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we may provide additional notice where required.

16) Contact

For privacy-related questions, requests, or complaints:

Enterflow
Email: info@enterflow.ai

Contact us

info@enterflow.ai

EnterFlow AI empowers you to unlock your business potential with AI OCR models

Vienna, Austria

Contact us

Contact us

info@enterflow.ai

EnterFlow AI empowers you to unlock your business potential with AI OCR models

Vienna, Austria

Contact us

Contact us

info@enterflow.ai

EnterFlow AI empowers you to unlock your business potential with AI OCR models

Vienna, Austria

Contact us

EnterFlowAI

Product

Blog

About us

Company

Privacy Policy

Terms of use

EnterFlowAI. All right reserved. © 2025

EnterFlowAI

Product

Blog

About us

Company

Privacy Policy

Terms of use

EnterFlowAI. All right reserved. © 2025

EnterFlowAI

Product

Blog

About us

Company

Privacy Policy

Terms of use

EnterFlowAI. All right reserved. © 2025