Legal & Privacy

1. Imprint

2. Privacy Policy

This privacy policy applies to data processing by ILM Growth ("we", "us") when you visit our website at https://entry-labs.com and use the Entry Labs platform ("Entry Agents").

Entry Agents is a SaaS platform that automatically extracts structured CRM fields from meeting notes in Attio using AI.

We process your personal data in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). If we make material changes to this policy, we will notify you by email.

2.1 Controller

ILM Growth
Reichenberger Str. 116, 10999 Berlin, Germany
Email: nacho@5050growth.com

2.2 Data we collect

Website visits. When you access our website, our hosting provider (Render) automatically collects server log files: IP address, browser type, referring URL, pages visited, date and time of access.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure website operation). Retention: 30 days.

Account registration. When you sign up, we collect: email address and, if you use Google sign-in, your Google account name.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Platform usage. When you use Entry Agents, we process:

• Attio OAuth access tokens (encrypted at rest) to read and write CRM data on your behalf
• Meeting note content received via Attio webhooks (processed in memory, not stored long-term)
• Field configuration and extraction history (what fields were extracted, confidence scores)
• Feedback you submit on extraction accuracy

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Billing. Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank details. Stripe may collect billing name, address, and payment method details under their own privacy policy.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

Emails. We send transactional emails (magic link sign-in, extraction notifications) via Resend. We store your email address and email notification preference.

Legal basis: Art. 6(1)(b) GDPR (contract performance). You can opt out of non-essential emails in your account settings.

2.3 Third-party processors

We use the following third-party services to operate Entry Labs:

• Render (San Francisco, USA) — hosting, database, background workers
• Anthropic (San Francisco, USA) — AI extraction via Claude API
• Stripe (San Francisco, USA) — payment processing
• Resend (San Francisco, USA) — transactional email delivery
• Sentry (San Francisco, USA) — error monitoring
• Attio (London, UK) — CRM platform (your data, accessed via OAuth)

Where data is transferred outside the EEA (to US-based processors), this is done on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR) and appropriate technical and organizational measures.

2.4 Cookies

We use a single strictly necessary cookie (af_session) for authentication. This cookie is required for the platform to function and cannot be disabled. We do not use analytics, advertising, or tracking cookies.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a functional service).

2.5 Data retention

• Server logs: 30 days
• Account data: for the duration of your account; deleted within 30 days of account deletion
• Extraction history: for the duration of your account
• Billing records: up to 10 years per German tax law (HGB, AO)

2.6 Data security

We implement technical and organizational measures including:

• TLS/HTTPS encryption for all data in transit
• Fernet encryption for stored OAuth tokens and webhook secrets
• HMAC verification for all incoming webhooks
• Non-root container execution in production
• Regular automated backups

2.7 Your rights

Under GDPR, you have the right to:

• Access (Art. 15) — request what data we hold about you
• Rectification (Art. 16) — correct inaccurate data
• Erasure (Art. 17) — request deletion of your data
• Restriction (Art. 18) — restrict processing while a dispute is resolved
• Portability (Art. 20) — receive your data in a machine-readable format
• Objection (Art. 21) — object to processing based on legitimate interest
• Withdraw consent (Art. 7(3)) — withdraw any given consent at any time

To exercise your rights, email: nacho@5050growth.com

2.8 Supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin
Email: mailbox@datenschutz-berlin.de

2.9 Automated decisions

Our AI extraction pipeline processes meeting notes automatically, but all extracted data is written to your CRM under your configured rules. This does not constitute automated individual decision-making within the meaning of Art. 22 GDPR, as it does not produce legal effects or similarly significant effects on natural persons.

3. Terms of Service

By using Entry Labs ("the Service"), you agree to the following terms. The Service is operated by ILM Growth, Reichenberger Str. 116, 10999 Berlin, Germany.

3.1 Service description

Entry Labs provides an AI-powered SaaS platform ("Entry Agents") that automatically extracts structured data from meeting notes in Attio CRM and writes high-confidence fields back to your Attio workspace.

3.2 Account and access

You must provide a valid email address to create an account. You connect your Attio workspace via OAuth. You are responsible for maintaining the security of your account and Attio workspace credentials. You must not share your account or allow unauthorized access.

3.3 Acceptable use

You agree not to:

• Use the Service for any unlawful purpose
• Attempt to reverse-engineer, decompile, or extract source code from the Service
• Interfere with or disrupt the Service infrastructure
• Exceed rate limits or abuse API access
• Resell or redistribute the Service without written permission

3.4 Data and privacy

Your CRM data remains yours. We access it only to provide the Service via the Attio OAuth permissions you grant. Meeting note content is processed in memory for extraction and is not stored beyond the extraction event log. See our Privacy Policy for full details.

3.5 Billing and subscriptions

Paid plans are billed monthly via Stripe. You can cancel at any time from your account settings; access continues until the end of the billing period. We do not offer refunds for partial months. We reserve the right to change pricing with 30 days' notice by email.

3.6 AI and accuracy

Entry Agents uses AI (Claude by Anthropic) to extract data from meeting notes. While we apply confidence thresholds and quality controls, AI extraction may occasionally produce inaccurate results. You are responsible for reviewing data written to your CRM. We do not guarantee the accuracy of AI-extracted fields.

3.7 Availability

We aim for high availability but do not guarantee uninterrupted service. The Service depends on third-party providers (Attio, Anthropic, Render) whose availability is outside our control. We are not liable for downtime caused by third-party outages.

3.8 Limitation of liability

To the maximum extent permitted by law, ILM Growth is not liable for any indirect, incidental, or consequential damages arising from your use of the Service. Our total liability is limited to the amount you paid for the Service in the 12 months preceding the claim.

3.9 Termination

Either party may terminate at any time. You can delete your account by contacting us at nacho@5050growth.com. We may suspend or terminate accounts that violate these terms. On termination, we delete your data within 30 days, except where retention is required by law.

3.10 Changes to these terms

We may update these terms from time to time. Material changes will be communicated by email at least 14 days before taking effect. Continued use after that date constitutes acceptance.

3.11 Governing law

These terms are governed by the laws of Germany. The courts of Berlin have exclusive jurisdiction.