This Privacy Policy explains how Entual B.V. ("Entual", "we", "us") processes personal data in connection with the Entual platform, website, communications, sales activity, and intelligence services. It is drafted to comply with the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG).
Entual B.V. is a private limited company registered in the Netherlands under KVK number 99552833, with its registered office at Bercylaan 617, 1031 KP Amsterdam, the Netherlands.
Entual provides an intelligence operating system for external-relations teams, supporting signal monitoring, stakeholder mapping, reputation tracking, AI visibility benchmarking, foresight, and intelligence-grounded content generation.
General enquiries: info@entual.io. Privacy and data-protection requests: legal@entual.io.
Entual may act as a controller, processor, or independent controller depending on the context.
Entual acts as controller for personal data processed for account administration, billing, sales and prospecting, website operation, customer communications, security and abuse prevention, product analytics, legal compliance, and public-source intelligence data where Entual determines the purposes and means of processing.
Entual acts as processor where it processes personal data on behalf of a Customer within that Customer's configured client profile, subject to a Data Processing Agreement where required by applicable law.
Customers are independent controllers and are responsible for ensuring their use of Entual complies with applicable privacy, employment, public-sector, and data-protection laws. Customers must ensure they have the necessary legal basis, notices, permissions, and rights for any personal data they submit to or process through the Service.
Account and authentication data: name, business email, organisation, role, workspace identifiers, login credentials, authentication metadata, and session information.
Billing and commercial data: company name, billing contact, billing address, VAT number, invoice history, plan information, and contract information. Payment card or bank details are processed by payment providers; Entual does not store full payment credentials.
Usage and diagnostic data: log data, IP address, device information, browser information, feature usage, event metadata, error reports, and performance information.
Communications data: emails, support requests, sales communications, scheduling metadata, feedback, and other correspondence with Entual.
Website and cookie data: cookie identifiers, page visits, referral information, consent preferences, and analytics events.
Customer Data: content, prompts, documents, configurations, source lists, stakeholder inputs, custom instructions, integrations, and other data submitted by or on behalf of Customers.
Public-source intelligence data: Entual processes information from public and professional sources as part of its intelligence pipeline. This may include personal data about individuals in public or professional contexts — such as executives, founders, politicians, civil servants, regulators, journalists, academics, analysts, public commentators, campaigners, lobbyists, and other publicly active figures. Categories may include name, role, affiliation, public statements, public appearances, published works, and professional relationships where publicly available.
Entual does not seek to process special categories of personal data unless such information is manifestly made public, contextually relevant, and legally permissible. Where special-category data appears incidentally in public sources, Entual seeks to minimise its use and avoids using it as the basis for harmful or discriminatory profiling. Automated pipelines are configured to filter and discard data that is irrelevant to the intelligence purpose.
Entual may collect personal data from: (a) you directly, when you register, contact us, or use the Service; (b) your organisation, where it manages your account; (c) automated systems such as logs, cookies, diagnostics, and security tools; (d) public sources such as media, government records, parliamentary records, regulatory bodies, company registries, and public databases; (e) third-party providers such as search providers, news APIs, AI model providers, analytics providers, payment providers, and infrastructure providers; and (f) customer-connected integrations where a Customer authorises the integration.
Providing the Service (GDPR Art. 6(1)(b) — contract, and Art. 6(1)(f) — legitimate interests where acting as processor): creating and administering accounts, configuring client profiles, delivering intelligence output, operating workspaces, providing support, managing billing, and delivering the Service.
Operating the intelligence pipeline (GDPR Art. 6(1)(f) — legitimate interests): ingesting, indexing, extracting, scoring, and analysing public sources, including information about publicly active figures. Entual's legitimate interest is to provide professional intelligence tools for external-relations teams. Entual maintains a documented Legitimate Interests Assessment (LIA) for this processing, available to data subjects and supervisory authorities on request. This interest is balanced against individual rights by focusing on public and professional contexts, minimising special-category data, applying security measures, and supporting objection and erasure rights where applicable.
Security and abuse prevention (GDPR Art. 6(1)(f)): log retention, rate limiting, fraud detection, and investigating suspected misuse.
Billing, accounting, and compliance (GDPR Art. 6(1)(b) and Art. 6(1)(c)): processing billing, invoice, tax, and accounting records to comply with legal obligations and manage customer contracts.
Marketing and business development (GDPR Art. 6(1)(a) — consent, or Art. 6(1)(f) — legitimate interests for existing-customer soft opt-in): product updates, newsletters, invitations, and commercial communications. Every marketing communication includes an unsubscribe option.
Improving the Service (GDPR Art. 6(1)(f)): analysing aggregated or de-identified usage data to improve product performance, usability, and reliability. Entual does not use Customer Data to train third-party foundation models where no-training or zero-retention configurations are available and applicable.
Entual uses AI and automated systems to support monitoring, summarisation, classification, scoring, clustering, drafting, and recommendation workflows.
The Service is designed to support human decision-making, not replace it. Entual does not intend the Service to make autonomous decisions that produce legal or similarly significant effects on individuals within the meaning of GDPR Article 22.
AI-generated output is labelled as such and accompanied by source citations where material claims are made. Customers are responsible for reviewing AI-generated output and ensuring their use of the Service is lawful, fair, and appropriate.
Entual may share personal data with: (a) authorised Entual personnel on a need-to-know basis; (b) sub-processors and service providers that help operate the Service; (c) professional advisors such as lawyers, accountants, auditors, and insurers; (d) regulators, authorities, courts, or law-enforcement bodies where required by law; and (e) an acquirer, investor, or successor in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate protections.
Entual does not sell personal data.
Entual uses sub-processors to provide the Service, including providers for database, authentication, and storage; application hosting; AI model inference; web and news search; parliamentary and institutional data access; source control; transactional email; analytics; payment processing; and security and monitoring.
An up-to-date list of sub-processors is maintained in Entual's standard Data Processing Agreement and is available at entual.io/subprocessors. Where Entual acts as processor, sub-processor terms and material-change notification procedures are handled under the applicable DPA.
Entual primarily aims to process platform data within the European Economic Area where reasonably practicable. Some sub-processors and providers may process personal data outside the EEA, including in the United States.
Where personal data is transferred outside the EEA, Entual relies on appropriate safeguards, which may include European Commission adequacy decisions, Standard Contractual Clauses, transfer impact assessments, pseudonymisation, access controls, and other supplementary measures.
Account and authentication data: for the duration of the account and a reasonable period thereafter for administration, legal, and security purposes.
Billing and accounting data: up to seven (7) years where required by Dutch tax and accounting obligations.
Usage and log data: typically up to twelve (12) months, unless a longer period is needed for security, abuse investigation, or legal compliance.
Customer Data: for the duration of the customer relationship. Following termination, Customer Data is retained for thirty (30) days to permit data export, after which it is permanently deleted subject to backup retention and legal obligations.
Intelligence pipeline data: for as long as relevant to active client profiles, historical analysis, source integrity, and legitimate intelligence purposes, subject to applicable data-subject rights and legal restrictions.
Marketing data: until you unsubscribe, withdraw consent, or object, plus a limited suppression period to honour opt-out requests.
Under the GDPR, you may have the right to access, rectify, erase, restrict processing of, and object to the processing of your personal data, and the right to data portability. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise your rights, contact legal@entual.io. Entual will respond within one month, extendable by two further months for complex requests in accordance with the GDPR. If Entual processes your personal data on behalf of a Customer as processor, Entual may refer your request to the relevant Customer or handle it in accordance with the applicable DPA.
You may lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl.
Where Entual processes personal data about publicly active individuals on the basis of legitimate interests, those individuals may object to the processing on grounds relating to their particular situation. Entual will assess each objection on its merits and will stop processing unless it demonstrates compelling legitimate grounds that override the individual's interests, rights, and freedoms, or the processing is necessary for legal claims.
Requests can be submitted to legal@entual.io. Initial acknowledgement within five (5) business days; substantive response within thirty (30) days.
Entual implements technical and organisational measures designed to protect personal data, including encryption in transit and at rest, row-level access controls, authentication controls, environment segregation, backup and recovery procedures, secret management, dependency monitoring, logging and monitoring, and incident-response procedures.
Entual is not yet SOC 2 or ISO 27001 certified; these are active workstreams. Current certification status is available on request via legal@entual.io.
Where required, Entual will notify affected Customers and the competent supervisory authority of personal data breaches within 72 hours of becoming aware, consistent with GDPR Article 33. A DPIA template is available to Customers that require one.
The Entual website and Service use strictly necessary cookies to operate, secure, and authenticate the platform. Analytics, preference, or marketing cookies are used only where permitted by law and, where required, with consent. You can control cookies through browser settings; disabling necessary cookies may affect the operation of the Service.
The Service is intended for professional and business use and is not directed to children under 16. Entual does not knowingly collect personal data from children.
Entual may update this Privacy Policy from time to time. Material changes will be notified by email, website notice, or in-product notice at least thirty (30) days before they take effect. The updated Policy will state its effective date.
Entual B.V. · Bercylaan 617, 1031 KP Amsterdam, the Netherlands · KVK 99552833
General: info@entual.io · Legal / privacy: legal@entual.io · entual.io
Entual B.V. · Amsterdam, the Netherlands · KVK 99552833
For privacy or DPA enquiries, contact info@entual.io.