Legal & Trust Center

Your data.
Our responsibility.

Everything you need to know about how we collect, process, and protect your data — and how we meet our legal obligations as a European B2B SaaS.

GDPR Compliant

CCPA Compliant

Made in France

CNIL Registered

EU AI Act

Privacy Policy

How we collect, use, and protect your personal data — what we keep, for how long, and your rights under GDPR.

Read

Terms of Service

The rules governing your use of Enrich-CRM — acceptable use, subscriptions, SLA, and limitations of liability.

Read

Data Processing Agreement

Our GDPR-compliant DPA covers how we act as data processor for your organization, including sub-processors and SCCs.

Read

Cookie Policy

What cookies and trackers we use on our website, why, and how to manage your preferences.

Read

Enrichment Policy

Fair use rules for free and premium enrichment — volume limits, prohibited uses, API rate limits, and suspension conditions.

Read

EU AI Act

How our AI enrichment systems are classified, what we do and don’t do, and your rights regarding AI-inferred data.

Read

Sub-processors

The third-party services that may process personal data on our behalf — with details on what data each one accesses.

Google SERP APIAWS EuropePostHogSegmentGoogle WorkspaceHubSpotChargebeeStripeIntercom
View all

Security

How we protect your data — encryption at rest and in transit, access controls, and incident response.

  • TLS 1.3 in transit
  • AES-256 at rest
  • API keys hashed
  • No data sold or resold
  • EU data residency

A legal or privacy question?

Our DPO (Data Protection Officer) is reachable directly. We typically respond within 48 business hours.

Contact DPO

Built for GDPR from day one.

As a French company, GDPR is not an afterthought — it’s built into every enrichment pipeline we run.

EU Data Residency

All personal data is stored and processed within the European Union.

No Profile Selling

We never sell, share, or license the data we process on your behalf.

Right to Erasure

Submit a deletion request and we remove your data within 30 days.

Data Portability

Request a full export of your data at any time, in machine-readable format.

Frequently asked questions

Is Enrich-CRM GDPR compliant?
Yes. Enrich-CRM is 100% EU-native: all data processing and storage occurs exclusively on AWS eu-west-3 (Paris, France). No data is transferred outside the European Union. Enrich-CRM only processes publicly available professional information. A signed DPA is available for all customers, and a full sub-processor list is published at enrich-crm.com/en/sub-processors.
Where is Enrich-CRM data stored?
All data processed by Enrich-CRM — enrichment requests, results, and customer account data — is stored exclusively on AWS eu-west-3 (Paris, France). No US infrastructure is used. This eliminates Schrems II transfer risk and ensures data residency compliance for EU customers subject to GDPR.
Does Enrich-CRM have a Data Processing Agreement (DPA)?
Yes. Enrich-CRM provides a standard DPA available for signature directly from the Trust Center. The DPA covers: the nature and purpose of processing, categories of personal data, data subject rights, security measures, and sub-processor obligations. Custom DPAs are available on request for Enterprise customers.
What is Enrich-CRM’s data retention policy?
Enrichment results are cached for up to 30 days to optimize credit usage on unchanged records. No personal data is retained beyond the enrichment cache window without explicit consent. Customer account data is retained for the subscription duration plus 90 days. All data can be deleted on request via the Trust Center.

We use cookies

We use essential cookies for the site to work, and optional analytics cookies to improve your experience. See our Cookie Policy.

Cookie preferences

Choose which cookies you allow. Your preference is stored for 6 months and can be changed at any time. Read our Cookie Policy for full details.

Essential cookies

Always active

Required for the site to function. Cannot be disabled. Includes session cookies, consent storage, and routing cookies (Cloudflare).

intercom-id-* intercom-sessions-* cookieconsent_status cfmrk_cic

Analytics cookies

Help us improve the site

Used to measure traffic and understand how visitors use the site (Google Analytics, Hotjar, Segment, HubSpot). No advertising use.

_ga _gid _hjid ajs_anonymous_id __hstc hubspotutk _gac_*