This document is intended to provide information about Enterpret’s (‘us,’ ‘our’) privacy practices with regard to its processing of ‘Customer Data,’ defined as the data that our customers (‘you’) transfer to us as part of the services we provide to them, pursuant to a business agreement. The primary audience for this statement is business customers that use our service and are looking to understand how we comply with the applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (‘GDPR’), the California Consumer Privacy Act (‘CCPA’), the California Privacy Rights Act (CPRA), Swiss Federal Data Protection Act and the United Kingdom Data Protection Act (‘UK GDPR’).
Enterpret is a feedback analytics platform that enables companies to get actionable insights from product feedback. Enterpret’s machine learning-driven solutions aim to provide our business customers with a smarter way to collect and analyze feedback from their end users. The intelligence gathered can further help our customers draw up their future roadmap, gauge the response to their recent offerings, and determine what new features they can experiment with in the future.
Enterpret’s customers are primarily companies. Through our contract with our customers, we primarily act as a data processor as we collect and process data on their behalf and at their request. Our customers act as data controllers for the Customer Data transmitted to us.
Enterpret streamlines the feedback analysis of its customers' end users by seamlessly integrating with over 25 feedback sources, and for custom data sources, Enterpret offers File Upload and Webhook integration features.
Enterpret takes data privacy seriously. Customers decide the data sources to be ingested during the onboarding process. All data ingested is then converted into a uniform structure and scanned for any personally identifiable information (PII), which is removed to ensure data privacy. In addition, our customers can further customize their data ingestion by configuring Ingestion Blockers and Scrubbing rules to prevent specific types of feedback from entering Enterpret or to scrub particular feedback segments.
Enterpret takes great pride in our respect for customer privacy and has a team dedicated to ensuring that our platform and service are GDPR and CCPA compliant, and that we protect the privacy of our customers and their end users whose data is transferred to us as part of our services.
The following section describes some of the ways in which we protect the security and privacy of Customer Data transferred to us and enable our customers to meet their regulatory privacy requirements.
Section 1) Product Privacy Functionality to Reduce Data Risk
Section 2) No Selling/Renting/Sharing of Customer Data
We do not sell, rent, share or otherwise disclose (as such terms are defined within the CCPA, CPRA and other US state privacy laws) Customer Data to any third party in the ordinary course of business.
Section 3) International Transfers
In order to ensure that all cross-border transfers of Customer Data to Enterpret are made under a compliant data transfer mechanism, we will sign a Data Processing Addendum (DPA) with you that incorporates the legally allowed transfer mechanisms, depending upon the requirements of specific jurisdictions (such as the Standard Contractual Clauses as the transfer mechanism for Customer Data from the United Kingdom, EU and EEA to our US-based AWS environment). If you haven’t yet signed a DPA with us and believe you need one, you can request a copy from your sales representative.
Enterpret’s platform runs on Amazon Web Services (AWS) within the United States. As our primary subprocessor, Enterpret has signed a DPA with AWS that reflects the required GDPR and CCPA contractual commitments. As our subprocessor, any data sent to AWS is subject to equal enforcement of the terms of the DPA we sign with our customers.
Section 4) Data Deletion
Commencing 30 days after the effective date of termination of our agreement with customers, Enterpret will initiate a process on customer’s written request that deletes Customer Data retained in production within a time period of 3-4 weeks.
Section 5) Data Subject Rights
Customer Data that Enterpret processes on behalf of our customers is owned by the customers as data controllers, and Enterpret does not maintain any control over such data. Our access to such data is also time limited as we do not persist or store any identifiable data; Customer Data is scrubbed or masked prior to it being persisted within the platform. Because our customers maintain access control to their data within their systems, as data controllers, they can respond to and act on requests from their data subjects (i.e. their users). If Enterpret receives a request from a data subject in relation to the transferred customer data, Enterpret will advise the data subject to submit their request to the customer, and the customer will be responsible for responding to any such request. We will provide customers with such assistance, where feasible and reasonably required to comply with their obligations under Applicable Data Protection Laws, subject to our contractual obligations, as laid down in our agreement with customers.
Section 6) Safeguards
The below section provides information regarding Enterpret’s technical and organizational safeguards to support the confidentiality, integrity, and availability of Customer Data: