Last updated: March 6, 2026
The data controller for personal data processed through Entity Enricher ("Service") is TOT Concept SAS, a company registered in Nantes, France, founded in 2006, within the meaning of the EU General Data Protection Regulation (GDPR).
For any privacy-related inquiries, please contact us at:
We collect only the minimum personal data necessary to provide the Service:
We do not use analytics cookies, tracking pixels, browser fingerprinting, or any third-party analytics services. We do not collect IP addresses beyond what is transiently logged by our infrastructure for security purposes.
In addition to personal data, the Service processes entity data that you provide for enrichment (e.g., company names, product data, organizational information). This data is typically non-personal and is processed solely to deliver the enrichment results you request.
If you submit personal data about individuals as entity data for enrichment, you are responsible for ensuring you have a valid legal basis to do so under applicable data protection laws.
We process your personal data on the following legal bases under the GDPR:
Your personal data is used exclusively to:
We do not use your personal data for marketing, profiling, automated decision-making, or any purpose unrelated to the Service.
We do not sell, rent, or trade your personal data to third parties.
Data is shared with the following categories of processors:
When using Bring Your Own Key (BYOK) mode, your LLM API calls are made directly with the provider under your own account and their respective privacy policies apply.
All data is stored on servers located in Germany (EU), hosted by Hetzner Online GmbH, a GDPR-compliant European hosting provider. No personal data is transferred outside the European Economic Area (EEA) by us.
We implement the following security measures:
Account data is retained for as long as your account is active. You may delete your data through the Service or request deletion by contacting us.
Enrichment records are retained until you choose to delete them. Upon account or organization deletion, enrichment records and schemas are detached from your organization.
Backups may contain your data for up to 90 days after deletion before being permanently removed through our automated backup rotation.
As a data subject under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at . We will respond within 30 days as required by the GDPR.
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority.
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr
The Service uses only strictly necessary browser storage for authentication and user preferences:
We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive.
The Service is not intended for individuals under 16 years of age, in accordance with the GDPR. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
Continued use of the Service after the effective date of any changes constitutes your acknowledgment of the updated policy.
For any questions or concerns about this Privacy Policy or our data practices, please contact us at:
For general inquiries about the Service, see our Terms of Service.