Privacy Policy

Ensight DMS – Web App & Mobile App – As of: May 2026

Note: This is an informal English translation for reference only. The German version is legally binding.

§ 1 Controller

The controller within the meaning of the GDPR and other data protection laws is:

Entropy Software & Consulting
Bastian Entrup
Mühlenstieg 19
37181 Hardegsen
Germany
Email: info@entropy-zero.de

For privacy-related inquiries, please contact us by email at the address above.


§ 2 Scope

This Privacy Policy applies to the use of Ensight DMS in all its forms:

Ensight DMS is a cloud-based document management system for automated capture, analysis, archiving, and search of business documents, aimed exclusively at businesses (B2B).


§ 3 Data Collected and Processing Purposes

3.1 Account Access Data

Data: Email address, company name (tenant name)

Purpose: Setup and management of the user account, authentication, communication regarding the contractual relationship (e.g. invoices, status messages)

Legal basis: Art. 6(1)(b) GDPR (performance of contract)

Retention: For the duration of the contractual relationship; deletion within 30 days of contract termination

3.2 Uploaded Documents

Data: Invoices, receipts, and other business documents transmitted via the app or email import, plus automatically extracted metadata (merchant name, address, amount, date, IBAN, line items)

Purpose: Provision of the core service — archiving, AI-assisted data extraction, full-text search

Legal basis: Art. 6(1)(b) GDPR (performance of contract). The customer is responsible for the lawfulness of the personal data of third parties (e.g. business partners, employees) contained in documents.

Retention: For the duration of the contractual relationship; deletion of database, document storage, and search index within 30 days of contract termination. Backups are automatically deleted after 90 days.

3.3 Access and Log Data

Data: IP address, timestamp, accessed endpoints, HTTP status codes, device and operating system used (user agent)

Purpose: Operation, security, and error analysis of the service; prevention of abuse

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in system security)

Retention: Up to 30 days, then automatic deletion

3.4 Payment Data

Payment processing is handled exclusively by Stripe Payments Europe, Ltd. Credit card data and other payment information is processed and stored by Stripe — we do not receive or store complete payment data. Stripe's privacy policy applies (stripe.com/de/privacy).

3.5 Mobile App – Device Permissions

The mobile app for Android and iOS requires the following permissions:

The app transmits camera and file content exclusively upon your explicit action (upload action). No automatic, continuous monitoring or transfer of device data takes place.


§ 4 Recipients and Processors

We use the following service providers as data processors, with whom data processing agreements pursuant to Art. 28 GDPR have been concluded:

Provider Purpose Location
Hetzner Online GmbH Server infrastructure, hosting, backup storage Germany (EU)
Anthropic, Inc. AI-assisted document analysis (optional, only when AI feature is enabled) USA ¹
Stripe Payments Europe, Ltd. Payment processing (subscription) Ireland (EU)

¹ Third-country transfer (Anthropic): Transfer to the USA is based on EU Standard Contractual Clauses (SCCs) pursuant to Implementing Decision (EU) 2021/914. Anthropic does not use transmitted document content for training AI models (per Anthropic's API usage policy). The AI feature is optional and can be disabled in settings.

No disclosure of personal data to other third parties takes place, unless we are legally required to do so.


§ 5 Data Security

We implement technical and organizational measures to protect your data against unauthorized access, loss, or manipulation:


§ 6 Your Rights

As a data subject, you have the following rights against the controller:

To exercise your rights, please contact: info@entropy-zero.de


§ 7 Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority. The supervisory authority responsible for us is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
www.lfd.niedersachsen.de


§ 8 Changes to this Privacy Policy

We reserve the right to update this Privacy Policy when the service or legal requirements change. The current version is always available at entropy-zero.de/en/ensight/datenschutz.html. Registered users will be informed by email of material changes.