Navigation
Quick access
Steering
Workspaces
Packages
Orientation
Privacy
The protection of personal data is an important concern. Processing is carried out exclusively within the framework of the applicable legal requirements, especially the GDPR.
This notice describes the current public website, the protected portal areas, and the product-related processing in a deliberately practical and transparent way. Analytics is limited to explicitly approved public pages; protected product areas remain free of analytics tracking.
The protection of your personal data is important to us. Processing is carried out exclusively within the framework of the legal provisions, especially the General Data Protection Regulation (GDPR).
This website is operated by a natural person.
This website is operated on servers in Germany.
Processing is carried out in the interest of secure and stable website operation pursuant to Article 6(1)(f) GDPR.
Direct physical access to the servers by users or third parties is not intended.
When this website is accessed, data is collected automatically.
This data serves exclusively the technical provision of the website and its security.
It is not merged with other data.
Legal basis: Article 6(1)(f) GDPR.
This website provides functions of a software-as-a-service platform.
Within the scope of its use, personal data may be processed where this is technically required.
Processing takes place exclusively to provide the functions and within the scope of use by the respective user.
Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
For registration, sign-in, and access to protected portal areas, a technically required session cookie is used.
This cookie is used exclusively for authentication, session continuity, security, and sign-out.
Without this cookie, protected areas such as dashboard, support, or portal functions cannot be used.
The session cookie is not used for marketing or tracking purposes.
Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
On first use, a cookie preferences dialog is shown. It distinguishes between technically required cookies and optional services.
Google Tag Manager and Google Analytics 4 are implemented centrally in the application code in a consent-aware and privacy-friendly way. Tracking is limited to the public website and is not used in the customer portal, dashboard, login, integration management, support portal, or other protected SaaS areas.
Without explicit consent, analytics storage remains denied and analytics cookies should not be set. No separate marketing or advertising tracking category is currently active on en4ce.net.
Only aggregated public website events such as public page views, visibility of selected landing page sections, CTA interactions, public form starts/submissions, downloads, or external-link clicks are intended to be measured. No API keys, tokens, email contents, form free-text contents, protected portal interactions, or connected source-system payloads are intentionally transmitted to Google for analytics purposes.
Consent can be changed later at any time through the cookie settings in the footer. If analytics is disabled again, existing analytics cookies are removed as far as technically possible on this domain.
Legal basis for the optional analytics processing: Article 6(1)(a) GDPR.
New registrations are only activated after the email address has been confirmed via a confirmation link.
Before confirmation, only a pending registration record is processed. The account is not yet fully active.
If a registered interested account is not converted into a customer account, the account may be deleted automatically after a short period unless the user explicitly confirms that it should be retained for a longer period.
If longer retention is confirmed, the account can remain stored for a limited period and may receive a reminder before deletion.
On the login page, users can optionally choose to sign in via GitHub, Google, or Microsoft in addition to the standard email-and-password flow.
This only occurs after the user actively selects the respective sign-in method or, in the case of Google One Tap, when the Google sign-in component is loaded on the login page.
For this purpose, technical data such as the provider account identifier, the verified email address, profile name, profile image URL, and the fact that the login page was used can be processed by the respective provider and by en4ce.net.
Google ID tokens are verified on the server side before a portal session is created. Microsoft sign-in uses a server-side OAuth/OpenID Connect callback flow. Productive customer accounts continue to use the standard sign-in flow with password and second factor.
Legal basis: Article 6(1)(b) GDPR for the requested sign-in and Article 6(1)(f) GDPR for protecting the login flow against misuse.
The platform may process data from existing systems, especially from areas such as:
Processing takes place exclusively on the basis of the data provided or connected by the user.
There is no independent access to external systems outside the respective usage context.
Microsoft Azure services may be used to provide certain functions, especially AI-supported evaluations.
This may involve processing of data by Microsoft.
Processing takes place on the basis of Microsoft's privacy provisions:
Use only takes place to the extent required for the respective function.
Legal basis: Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
Before embeddings or AI-supported evaluations are created, content may be minimized, filtered, pseudonymized, or redacted where technically and contractually intended.
The goal is to transfer only the context required for the respective function.
If retrieval or vector-based search components are used, they are intended to be kept tenant-isolated and separated from the primary operational data layer.
Vector data serves retrieval and context preparation and does not replace the primary record of the operational source data.
Where technically available, regional or EU data zone deployment variants are preferred over global deployment types.
When external services are used, transfers to third countries may occur.
This only takes place in compliance with the legal requirements under Articles 44 et seq. GDPR, especially by using appropriate safeguards.
Personal data is stored only for as long as this is necessary for the respective purposes.
You have the right to lodge a complaint with a data protection supervisory authority.
Appropriate technical and organizational measures are taken to protect data against loss, misuse, or unauthorized access.
This privacy notice may be updated.
The following operating principles describe how privacy and data security are intended to be built into the product design.
Guiding principle: "The data belongs to the customer."
