Did you really read it?
Causality Engine B.V.
Last Updated: November 6, 2025
Effective Date: November 6, 2025
Causality Engine B.V. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch implementation of the ePrivacy Directive 2002/58/EC.
As stated in GDPR Article 13(1), we are required to provide you with transparent information about how we process your personal data:
"Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: (a) the identity and the contact details of the controller..."
This Privacy Policy fulfills that obligation and provides you with comprehensive information about your rights and our data processing practices.
Causality Engine B.V.
Registered in the Netherlands
Chamber of Commerce (KVK): 92226892
VAT: NL865944039B01
Email: privacy@causalityengine.ai
Website: https://causalityengine.ai
For questions about this Privacy Policy or your personal data, please contact us at privacy@causalityengine.ai.
You have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), the independent supervisory authority responsible for data protection in the Netherlands.
Contact Information:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
The Netherlands
Phone: +31 70 888 85 00
Email: info@autoriteitpersoonsgegevens.nl
Website: https://www.autoriteitpersoonsgegevens.nl/en
We collect and process the following categories of personal data:
Note: We process this data on behalf of our clients (as a data processor). Our clients remain the data controllers for their customers' personal data.
Under GDPR Article 6(1), we process your personal data based on the following lawful bases:
"Processing is lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes..."
We rely on your consent for:
- Marketing communications (newsletters, promotional emails)
- Non-essential cookies and tracking technologies
- Optional data collection for product improvements
You may withdraw your consent at any time by contacting us at privacy@causalityengine.ai or using the unsubscribe link in our emails.
"(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract..."
We process your data to:
- Provide our attribution analytics software
- Manage your account and subscription
- Deliver customer support
- Process payments and billing
"(c) processing is necessary for compliance with a legal obligation to which the controller is subject..."
We process your data to comply with:
- Tax and accounting regulations
- Anti-money laundering requirements
- Legal requests from authorities
"(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject..."
We rely on legitimate interests for:
- Website security: Protecting against fraud, abuse, and security threats
- Service improvement: Analyzing usage patterns to enhance our software
- Business operations: Internal administration, record-keeping, and quality assurance
We have conducted a Legitimate Interest Assessment (LIA) in accordance with EDPB Guidelines 1/2024 to ensure our processing does not override your rights and freedoms.
We use cookies and similar technologies in accordance with Article 5(3) of the ePrivacy Directive:
"The storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent..."
You can manage your cookie preferences through:
- Our cookie consent banner (first visit)
- Your browser settings (block/delete cookies)
- Our Cookie Policy page: https://causalityengine.ai/cookie-policy
For more information about cookies, visit https://www.aboutcookies.org.
We process your personal data for the following purposes:
We share your personal data with the following categories of recipients, as permitted under GDPR Article 13(1)(e):
We work with trusted third-party service providers who process data on our behalf:
All processors are bound by Data Processing Agreements (DPAs) in accordance with GDPR Article 28.
We may disclose your data to:
- Law enforcement agencies (when legally required)
- Tax authorities (for compliance purposes)
- Courts and tribunals (in legal proceedings)
Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:
For more information about our data transfers, contact privacy@causalityengine.ai.
In accordance with GDPR Article 13(2)(a), we retain your personal data for the following periods:
"The controller shall provide the data subject with the following further information necessary to ensure fair and transparent processing: (a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period..."
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account data | Duration of contract + 7 years | Tax and accounting obligations |
| Analytics data | 26 months | GDPR recital 65 (reasonable period) |
| Marketing data | Until consent withdrawn + 30 days | Consent withdrawal processing |
| Support tickets | 3 years after resolution | Legitimate interest (quality assurance) |
| Financial records | 7 years | Dutch tax law requirements |
| Cookie data | See Cookie Policy | ePrivacy Directive |
After the retention period expires, we securely delete or anonymize your personal data in accordance with GDPR Article 17 (Right to erasure).
Under Chapter 3 of the GDPR, you have the following rights:
You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data.
GDPR Article 15(1): "The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data..."
How to exercise: Email privacy@causalityengine.ai with subject "Data Access Request"
You have the right to correct inaccurate or incomplete personal data.
GDPR Article 16: "The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her..."
How to exercise: Update your account settings or contact privacy@causalityengine.ai
You have the right to request deletion of your personal data in certain circumstances.
GDPR Article 17(1): "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay..."
How to exercise: Email privacy@causalityengine.ai with subject "Deletion Request"
Note: This right is not absolute. We may retain data if required by law or for legitimate purposes (e.g., tax obligations).
You have the right to restrict processing of your personal data in certain circumstances.
GDPR Article 18(1): "The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies..."
How to exercise: Email privacy@causalityengine.ai with subject "Restriction Request"
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
GDPR Article 20(1): "The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format..."
How to exercise: Email privacy@causalityengine.ai with subject "Data Portability Request"
Format: We provide data in JSON or CSV format.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
GDPR Article 21(1): "The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her..."
How to exercise: Email privacy@causalityengine.ai or use the unsubscribe link in marketing emails.
Where processing is based on consent, you have the right to withdraw that consent at any time.
GDPR Article 7(3): "The data subject shall have the right to withdraw his or her consent at any time..."
How to exercise: Email privacy@causalityengine.ai or update your preferences in your account settings.
You have the right to lodge a complaint with the Autoriteit Persoonsgegevens (see Section 3).
GDPR Article 77(1): "Every data subject shall have the right to lodge a complaint with a supervisory authority..."
We will respond to your requests within one month of receipt, as required by GDPR Article 12(3). In complex cases, we may extend this by two additional months and will inform you of the extension.
We implement appropriate technical and organizational measures to protect your personal data, as required by GDPR Article 32:
"The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk..."
In the event of a personal data breach, we will comply with GDPR Article 33 and Article 34:
Article 33(1): "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority..."
Article 34(1): "When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay."
We will:
1. Notify the Autoriteit Persoonsgegevens within 72 hours (if required)
2. Notify affected individuals without undue delay (if high risk)
3. Document all breaches in our internal breach register
4. Take measures to mitigate the breach and prevent recurrence
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@causalityengine.ai.
This complies with GDPR Article 8 regarding the conditions for children's consent in relation to information society services.
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined in GDPR Article 22.
Our attribution analytics software provides insights and recommendations, but all business decisions are made by human users of our platform.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will:
We encourage you to review this Privacy Policy periodically.
For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Data Protection Contact:
Causality Engine B.V.
Email: privacy@causalityengine.ai
Website: https://causalityengine.ai
Supervisory Authority:
Autoriteit Persoonsgegevens
Website: https://www.autoriteitpersoonsgegevens.nl/en
Email: info@autoriteitpersoonsgegevens.nl
Phone: +31 70 888 85 00
This Privacy Policy is based on and complies with:
For the full text of these regulations, please visit the linked resources.
Last Updated: November 6, 2025
Version: 1.0
© 2025 Causality Engine B.V. All rights reserved.
© 2025 Casuality Engine. All rights reserved.
