Enydea
Sign In

Privacy Notice

Last updated: March 11, 2026

1. Introduction

XBMS B.V. ("we," "our," or "Enydea") respects your privacy and is committed to protecting your personal data. This privacy notice explains how we collect, use, and protect your information when you use our services.

2. Data We Collect

2.1 Account Information

  • Name and email address
  • Company information
  • Billing and payment information
  • Profile photo (optional)

2.2 Usage Data

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Feature usage and analytics
  • Generated content (images, videos, leads)

2.3 Communications

  • Support tickets and correspondence
  • Email campaign data
  • Feedback and surveys

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide and maintain Enydea services
  • Communication: To send updates, notifications, and support responses
  • Improvement: To analyze usage patterns and improve our platform
  • Security: To protect against fraud and unauthorized access
  • Legal Compliance: To comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Cloud hosting (AWS/Google Cloud), payment processors, analytics tools
  • AI Services: OpenAI, Stability AI, and other AI providers for content generation
  • Legal Requirements: When required by law or to protect our rights

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain data for 90 days for recovery purposes, then permanently delete it (except where required by law).

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured format
  • Objection: Object to processing of your data
  • Restriction: Restrict processing in certain situations

To exercise these rights, contact us at: [email protected]

7. Cookies and Tracking

We use cookies and similar technologies for:

  • Necessary Cookies: Authentication and security (always enabled)
  • Preference Cookies: Saved settings and UI preferences
  • Analytics Cookies: Google Analytics for performance monitoring
  • Marketing Cookies: Facebook Pixel and LinkedIn Insight Tag for targeted advertising

You can control cookies through our consent banner or your browser settings. We respect your choices and only load tracking scripts if you give consent.

8. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest
  • Regular security audits
  • Access controls and authentication
  • Employee training on data protection

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Public Authority & Law Enforcement Data Requests

We have established formal policies and processes regarding requests from public authorities (including law enforcement and government agencies) for the personal data or personal information of our users:

  • Legality Review: Every request from a public authority is reviewed for legal validity before any data is disclosed. We verify the requesting authority's jurisdiction, the cited legal basis, and conformity with applicable data protection regulations (GDPR, CCPA, and other relevant laws).
  • Challenge Provisions: Where a request is assessed as unlawful, overbroad, or lacking a valid legal basis, we challenge it through available legal channels. Where not legally prohibited, we inform the affected user(s) of the request.
  • Data Minimization: We only disclose the minimum personal data strictly necessary to comply with a lawful request. We never provide bulk or unrelated data beyond what is legally required.
  • Documentation: We maintain a secure log of all public authority requests, including: the requesting entity, legal basis, date, scope of request, internal review decision, data disclosed (if any), and response date. These records are retained for regulatory audit purposes.

If you believe your data has been subject to a public authority request, contact us at: [email protected]

11. Children's Privacy

Enydea is not intended for users under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Notice

We may update this privacy notice from time to time. We will notify you of material changes via email or platform notification.

13. Contact Us

For privacy-related questions or concerns:

XBMS B.V.
Email: [email protected]
Address: Amsterdam, Netherlands
KvK: 82869022

Data Protection Officer:[email protected]