Skip to content

Legal

Privacy Policy

Last updated: 13 April 2026

1. Introduction

Causality Engine B.V. ("we," "our," or "us") is a private limited company registered in Utrecht, Netherlands. We are the data controller under the General Data Protection Regulation (GDPR) for the personal data processed through our marketing attribution and analytics platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. By accessing or using Causality Engine, you acknowledge that you have read and understood this policy.

2. Information We Collect

We collect the following categories of information:

  • Account data — name, email address, and company details provided during registration
  • Marketing data you integrate — data from Google Analytics 4, Shopify, ad platforms, and other sources you connect to the platform for attribution analysis
  • Payment information — processed by our payment provider Polar Software Inc. We do not store credit card details on our servers
  • Usage data — platform interactions, feature usage, session information, and technical logs
  • Communications — messages and correspondence with our support team
  • Cookie and consent data — your cookie preferences and consent records as described in our Cookie Policy

3. How We Use Your Data

We use the information we collect for the following purposes:

  • Service delivery — to provide, maintain, and operate the Causality Engine platform
  • Attribution analysis — to process your marketing data and generate causal attribution insights
  • AI processing — your data may be sent to OpenAI, Anthropic, Google, and PublicAI (a Swiss AI provider) for real-time inference only. These providers do not train their models on your data
  • Product development — to improve and develop new features based on usage patterns and feedback
  • Anonymised benchmarking — to create aggregate, anonymised benchmarks as permitted under our Terms of Use (Section 7.7)
  • Fraud prevention and security — to detect, prevent, and address technical issues, abuse, and unauthorised access

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

  • Contract performance — processing necessary to deliver the services you have subscribed to, including attribution analysis and platform access
  • Legitimate interests — security monitoring, usage analytics, product improvement, and fraud prevention, where these interests are not overridden by your rights
  • Consent — marketing communications and non-essential cookies, which you may withdraw at any time
  • Legal obligation — where processing is required to comply with applicable law, including tax records and fraud prevention obligations

5. Data Sharing and Sub-processors

We do not sell your personal data. We share data with the following categories of sub-processors to operate our services:

  • Hosting and infrastructure — Vercel (EU/US), Microsoft Azure (Netherlands), Supabase (EU), Railway (EU)
  • AI inference providers — OpenAI, Anthropic, Google, and PublicAI. Data is sent for real-time inference only; no provider trains models on customer data
  • Payment processing — Polar Software Inc.
  • Email — Migadu (Switzerland)
  • Analytics and monitoring — PostHog (EU), Sentry (EU), Google Analytics via Stape server-side proxy (EU), HubSpot (EU)
  • Security — Tirreno Technologies
  • Other — Brandfetch (logo retrieval)

6. International Transfers

We maintain EU data residency for our primary infrastructure. Where sub-processors operate outside the European Union, data transfers are protected by EU Standard Contractual Clauses (SCCs) or European Commission adequacy decisions, in accordance with GDPR Chapter V.

7. Data Retention

We retain your data according to the following schedule:

  • Pay-per-use (PPU) analyses — source data retained for 40 days from the date of analysis
  • Pro subscription data — retained for the duration of your active subscription
  • Anonymised derivatives — retained indefinitely for benchmarking purposes as permitted under our Terms of Use (Section 7.7)
  • Account deletion — you may request deletion of your account and associated data via support@causalityengine.ai or through your account settings. Deletion requests are processed within 30 days

8. Your Rights

Under GDPR Articles 15 through 22, you have the following rights regarding your personal data:

  • Right of access — obtain confirmation of whether we process your data and request a copy
  • Right to rectification — request correction of inaccurate or incomplete personal data
  • Right to erasure — request deletion of your personal data where there is no compelling reason for continued processing
  • Right to restrict processing — request that we limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format
  • Right to object — object to processing based on legitimate interests, including profiling
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
  • Right to lodge a complaint — file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority

To exercise any of these rights, contact us at legal@causalityengine.ai.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data. These include encryption at rest and in transit, Supabase Auth with HTTP-only cookies for session management, NaCl sealed-box encryption for stored credentials, role-based access controls, and regular security assessments.

10. Children

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 14 days advance notice via email to the address associated with your account. The updated policy will be posted on this page with a revised "last updated" date.

12. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at legal@causalityengine.ai.

Causality Engine B.V.
Utrecht, Netherlands

Terms & Conditions →Cookie Policy →
Causality Engine logo

Product

PricingCompare PlansIntegrationsCase StudiesResourcesAttribution GuideDTC PlaybookAd Spend Calculator

Solutions

For Beauty BrandsFor Fashion BrandsFor Supplements BrandsFor Wellness BrandsFor Skincare BrandsFor Home & LivingFor Pet BrandsEnterprise

Comparisons

vs Triple Whalevs Northbeamvs Rockerboxvs Hyrosvs Wicked ReportsBest Tools 2026

Developers

Developer PortalAPI ReferenceSDKsAPI Status

Account

Sign inBook a DemoStart at €99Partner Program

Glossary

All TermsAttributionE-commerceAnalytics

Have an idea?

Privacy PolicyTerms & ConditionsCookie Policy

© Copyright 2026, Causality Engine

Based in the Netherlands

KVK: 92226892

VAT: NL865944039B01

Checking Status
Start Your €99 Analysis