← Back

Privacy Policy

Last updated: 2026-05-24

1. Who we are

Entri is an accounting-automation service operated from Cyprus. We process invoices and bookkeeping data on behalf of accounting firms and their clients. For any data-protection questions, reach us at info@entri.cy.

2. What data we collect

  • Account data — your name, email, profile photo (when you sign in via Google), the firm you belong to, and your role inside that firm.
  • Document data — invoices, receipts and supporting PDFs you (or your suppliers) upload or forward to your firm's inbox. We extract structured fields from these (supplier, dates, VAT, line items) using an AI extraction service.
  • Operational data — sign-in timestamps, IP addresses on authentication, audit logs of who approved which auto-entry.

3. Legal basis (GDPR Article 6)

We process personal data on the legal bases of (a) contract — to provide the service you (or your firm) signed up for; (b) legitimate interests — to keep audit trails and prevent fraud; and (c) legal obligation — to retain accounting records for the period required by Cyprus tax law (currently 7 years per §13 of the Cyprus Income Tax Law).

4. Who we share data with

  • Anthropic (anthropic.com) — invoice PDFs and extracted text are sent to Anthropic's Claude API for extraction. Anthropic processes the data under its own DPA; no training-on-customer-data per Anthropic's commercial terms.
  • Google — sign-in identity (email + name + profile picture) is verified against Google when you choose to sign in with Google.
  • Cloud infrastructure — application and database run on EU-based servers (Cyprus / Germany region) operated by DonkeyHost on our behalf.

We do not sell personal data and we do not share it with advertisers.

5. Retention

Account data is kept while the firm has an active subscription, then deleted within 30 days of termination unless retention is mandated by law. Accounting documents and associated audit trails are retained for 7 years from the end of the fiscal year they belong to, in accordance with Cyprus tax law, and then permanently deleted.

6. Your rights under GDPR

You have the right to access, correct, delete, restrict or port the personal data we hold about you, and to object to processing or withdraw consent at any time. Where data is processed by your accounting firm (which is the data controller of its clients' invoices), please direct requests through your firm; for data we hold about you as a signed-in user, write to info@entri.cy. You also have the right to lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to named staff under two-factor authentication. Bridge endpoints used to push data into ProAudit on-premise installations are bidirectionally HMAC-signed.

8. Contact

Questions, deletion requests, or to exercise any of the rights above: info@entri.cy.

Privacy Policy — Entri