Skip to content
EntryBit
Contact sales Sign in

Privacy Policy

עודכן לאחרונה:

1. Introduction

EntryBit. (“EntryBit”, “we”, “us”) operates an enterprise access-control platform. This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it.

2. Data We Collect

  • Account data: name, email, phone, company, role.
  • Authentication data: password hashes (Argon2id), 2FA secrets, session tokens.
  • Access events: entry/exit logs, device identifiers, timestamps, encrypted biometric templates.
  • Usage telemetry: pages visited, features used, error reports.
  • Marketing site analytics: when you visit our marketing site (entrybit.net), we collect page views, scroll depth, button interactions, browser type, operating system, screen resolution, and approximate city-level location via Google Analytics 4 (GA4). No personal data is included in analytics events. Analytics cookies are only set after you provide explicit consent through our cookie banner — see our Cookie Policy for details.
  • Integration data: when you connect Microsoft Entra ID, Google Calendar, Slack, or similar services.

3. How We Use Data

We use personal data only to operate the EntryBit service: authenticate users, record access events, deliver notifications, support integrations, bill customers, and comply with legal obligations.

Contract performance, legitimate interest (platform security and fraud prevention), consent (for optional features like biometrics and marketing), and legal obligation.

5. Data Sharing

We share data only with sub-processors required to run the service (hosting, email delivery, payment processing, customer support tooling). For our marketing site, Google LLC processes analytics data on our behalf under Google Analytics 4 — see Section 3 of our Cookie Policy for specifics. A full list of sub-processors is maintained in our DPA. We never sell personal data.

6. International Transfers

Data is processed in EU and US regions. Transfers outside the EEA rely on Standard Contractual Clauses and supplementary technical measures (end-to-end encryption, pseudonymization).

7. Retention

Access events are retained for the period configured by your organization’s administrator (default 365 days). Account data is retained while your account is active and for 30 days after deletion. Marketing site analytics data is retained for 14 months in Google Analytics, after which user-level and event-level data is automatically deleted.

8. Your Rights

Access, rectification, erasure, portability, restriction, objection, and withdrawal of consent. Contact privacy@entrybit.net to exercise any of these.

9. Security

TLS 1.2+ in transit, AES-GCM + ChaCha20-Poly1305 dual-layer encryption at rest, Argon2id password hashing, and hardware-backed key storage.

10. Children

EntryBit is not directed at children under 16. We do not knowingly collect data from minors.

11. Changes

We will notify you of material changes at least 30 days before they take effect.

12. Contact

privacy@entrybit.net · EntryBit, Tel Aviv, Israel