Privacy Policy

Effective Date: February 1, 2025

This Privacy Policy describes how Enalitica ("Company", "we", "us", "our") collects, uses, and shares information when you use our e-commerce analytics platform ("Service"). We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

The data controller for your personal data is Tilen Ledic s.p., Zupanciceva 2.a, 8250 Brezice, Slovenia.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, and contact details when you register for an account
  • Payment Information: Billing address and payment details (processed by our payment providers)
  • Communications: Information you provide when contacting us for support or inquiries
  • Integration Credentials: API keys and access tokens for connecting third-party services

1.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our Service, including features used and actions taken
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Server logs including access times, pages viewed, and referring URLs

1.3 Customer Data

Through integrations with your e-commerce platforms and marketing tools, we process data on your behalf, including:

  • Order and transaction data from your online stores
  • Analytics data from Google Analytics 4 and Google Search Console
  • Advertising data from Google Ads and Meta Ads
  • ERP data from connected systems like VASCO

For Customer Data, you are the data controller and we act as a data processor on your behalf.

2. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our analytics platform
  • Account Management: To create and manage your account, process payments, and provide customer support
  • Communication: To send service-related notifications, updates, and marketing communications (with your consent)
  • Analytics: To understand how our Service is used and improve user experience
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with legal obligations and protect our rights

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you have requested
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our Service and ensuring security
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: Processing required to comply with applicable laws

4. Data Sharing and Disclosure

We may share your information with:

4.1 Sub-processors

We engage trusted third-party service providers to help deliver our Service:

  • OpenAI / Anthropic: AI functionality for analytics and insights
  • Hetzner / AWS: Cloud infrastructure and data hosting within the EU
  • Google (Analytics, Ads): Website analytics and advertising measurement
  • Meta: Advertising measurement and conversion tracking

4.2 Other Disclosures

We may also disclose information:

  • To comply with legal obligations or valid legal requests
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets
  • With your consent or at your direction

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active and for a reasonable period thereafter
  • Customer Data: Retained according to your subscription terms and deleted upon request or account termination
  • Log Data: Typically retained for up to 12 months for security and troubleshooting purposes

We may retain certain data longer if required by law or for legitimate business purposes such as resolving disputes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Data hosting within the European Union

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

7. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies to operate our Service and improve your experience. These include:

  • Essential Cookies: Required for the Service to function (always active)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Marketing Cookies: Used to deliver relevant advertisements

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect Service functionality.

9. International Data Transfers

Our primary data processing occurs within the European Union. When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, contact us:

Enalitica
Tilen Ledic s.p.
Zupanciceva 2.a
8250 Brezice, Slovenia
Email: [email protected]
Website: enalitica.com

13. Supervisory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with a supervisory authority. In Slovenia, this is:

Information Commissioner of the Republic of Slovenia
Dunajska cesta 22
1000 Ljubljana, Slovenia
Website: www.ip-rs.si

Last updated: February 1, 2025