Privacy Policy

This Privacy Policy explains how Ender Turing UAB ("Ender Turing", "we", "us") collects, uses, and protects personal information when you visit our website, use our products, or interact with our team.

We're a B2B software company. Our customers are businesses; the personal data we handle falls into two distinct categories — (1) data about visitors and prospects on our website, and (2) data inside our customers' contact-center deployments. These two categories are governed differently. Most of this policy is about category 1.

For data inside customer deployments, we act as a data processor — the customer is the controller. See our Data Security page for the technical details and the standard DPA we sign with every Enterprise customer.

We collect personal data only when there's a clear business reason to. Specifically:

• Contact form & demo requests: name, business email, company name, role, contact-center size, message content. Submitted voluntarily when you fill in our forms.
• Newsletter subscriptions: email address. Submitted voluntarily.
• Calendar bookings: name, email, meeting time, optional notes. Submitted via our scheduling tool (Zcal).
• Customer accounts: name, email, role, employer, billing details (for paying customers). Required to operate your account.
• Website analytics: aggregated, pseudonymous data about how visitors use our site — pages visited, time on page, referrer, device type. Collected via privacy-respecting analytics tools.
• Cookies: a minimal set of strictly-necessary cookies plus optional analytics cookies you can decline. See Cookies below.

We do not collect: race, ethnicity, religion, political views, sexual orientation, health data, biometric data, or government IDs from website visitors. If a customer chooses to upload such data into their contact-center deployment, our role is governed by the DPA — not this policy.

We use personal data only for the purposes you'd expect, with explicit lawful basis under GDPR:

• Responding to inquiries — to answer the message you sent us, schedule the demo, or process the application. (Lawful basis: legitimate interests / contract.)
• Operating customer accounts — billing, support, and product delivery. (Lawful basis: contract.)
• Sending transactional email — order confirmations, security alerts, service updates. (Lawful basis: contract.)
• Sending marketing email — only with your explicit opt-in, and never more than once per month. Unsubscribe with one click. (Lawful basis: consent.)
• Improving the website — aggregated analytics to understand which content helps and which doesn't. (Lawful basis: legitimate interests.)
• Compliance & security — fraud prevention, legal obligations, audit trails. (Lawful basis: legal obligation / legitimate interests.)

We do not sell personal data, run behavioural ad networks, or share data with brokers.

We share personal data with vendors only when necessary to operate the service. Each is bound by a Data Processing Agreement and EU Standard Contractual Clauses where applicable.

Current sub-processors:

• AWS (cloud hosting, EU regions: Frankfurt, Warsaw)
• GCP (cloud hosting, EU regions: Frankfurt — for select workloads)
• Webflow (website CMS & analytics)
• Google Workspace (email, docs)
• HubSpot (CRM, marketing email)
• Zcal (demo scheduling)
• Stripe (payment processing)

The full sub-processor list with descriptions is maintained on the Data Security page. We notify Enterprise customers in advance of any new sub-processor we add to the list that handles their data.

Our cookie footprint is small and split into two clear categories:

• Strictly necessary — session cookies, authentication, CSRF tokens. Required for the site to function. Set without consent.
• Analytics & preferences — used to understand site traffic and remember choices like language. Optional, opt-in only. Decline at any time via the cookie banner.

We do not use third-party advertising cookies, retargeting pixels, or social-media trackers (no Facebook Pixel, no Google Ads pixel, no LinkedIn Insight Tag) unless you've explicitly opted in via a clearly labelled checkbox.

If you're in the EU/EEA, UK, or California (and similar jurisdictions), you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase data ("right to be forgotten") in most cases
• Restrict or object to processing
• Receive a portable copy of your data
• Withdraw consent for marketing at any time
• Lodge a complaint with your local data-protection authority

To exercise any of these, email privacy@enderturing.com. We respond within 30 days, faster in most cases. We may ask for proof of identity to protect against fraudulent requests.

We keep personal data only as long as necessary for the purpose it was collected — and no longer. Concretely:

• Inquiry messages — 24 months after last contact, then deleted
• Newsletter subscribers — until you unsubscribe, then 30 days for audit, then deleted
• Customer-account data — duration of contract + 6 years for tax / legal compliance
• Conversation data inside customer deployments — controlled by the customer's retention settings, governed by the DPA
• Website analytics — aggregated only, no individual records retained beyond 14 months

By default, all personal data we process stays in the European Union (Frankfurt or Warsaw regions). For Enterprise customers, region selection is contractual.

If we ever need to transfer data outside the EU/EEA — for example, to a US-based sub-processor — we use European Commission Standard Contractual Clauses (SCCs) plus appropriate supplementary measures. We don't transfer customer-conversation data outside the EU without explicit written authorization.

Ender Turing is a B2B product. Our website and services are not directed to anyone under 16. We don't knowingly collect personal data from children. If you believe a child's data has reached us, contact privacy@enderturing.com and we'll delete it.

If we make material changes, we'll notify customers in advance via email and post a prominent banner on the website at least 30 days before the change takes effect. Minor clarifications and typo fixes don't trigger notifications — they're tracked in the version history below.

Questions about this policy? Want to exercise a right above? Want a copy of our DPA?

Our Data Protection Officer:

• Email: privacy@enderturing.com
• Postal: Ender Turing UAB, Saltoniškių g. 7, LT-08105 Vilnius, Lithuania

If you're not satisfied with our response, you can lodge a complaint with the Lithuanian State Data Protection Inspectorate (or your local supervisory authority in the EU).