GNTC Inc. (“GNTC,” “we,” “us,” or “our”) provides EntryDesk, an enterprise AI agent platform that connects to and automates workflows across third-party software-as-a-service systems used by our customers. This Privacy Policy (this “Policy”) explains the nature, purpose, use, and sharing of any in Personal Data in connection with the services of EntryDesk.
EntryDesk is a business product. It is purchased by an organization (the “Client”) for use by that organization’s personnel (the “Authorized Users”). This Policy describes how GNTC handles Personal Data in connection with EntryDesk for Authorized Users and for Clients evaluating or using EntryDesk.
This Privacy Policy applies to personal information we process in connection with:
This Policy does not apply to:
To keep this Policy readable, we use consistent terms. Capitalized terms not defined below have the meanings given in the EntryDesk Terms of Service (the “Terms”).
“Authorized User” means an individual (typically an employee, contractor, or invited collaborator of the Client) who is granted access to a Workspace by the Client.
“Client” means the organization or individual that has entered into the Terms with GNTC and within whose Workspace Authorized Users operate.
“Client Data” means content that a Client or its Authorized User submits to EntryDesk, or that EntryDesk retrieves on the Client’s instruction from a third-party system connected by the Client. Examples: prompts, commands, query history, uploaded files, calendar entries, chat messages, AI outputs, and API responses ingested through authorized integrations. Client Data includes any Personal Data of third parties contained in such content.
“Service Data” means information we generate, collect, or infer through the operation of the Services that is not Client Data. Examples: Client and Authorized User account registration details, billing records, authentication metadata, usage and telemetry data, product analytics, security logs, support tickets, and cookie or device data.
“Personal Data” means information relating to an identified or identifiable natural person, as defined under applicable laws.
“Workspace” means a logically isolated tenant within EntryDesk that holds a single Client’s configuration, Authorized User list, and Client Data.
“Sub-processor” means a third party engaged by GNTC to process Client Data on GNTC’s behalf in furtherance of the Services (for example, cloud infrastructure and large language model providers).
EntryDesk handles two very different kinds of information, and GNTC plays a different role for each. Understanding the distinction is the key to this Policy.
| Data Category | What it is | Our Role |
|---|---|---|
| Client Data | Prompts, commands, files, calendar entries, chat messages, API responses, and other content that a Client or its Authorized Users input into EntryDesk or that EntryDesk retrieves from connected third-party systems on the Client’s instruction. | Primarily Processor: we process Client Data on behalf of, and per the documented instructions of, the Client. Controller for the limited purposes of product analytics, service diagnostics, security and abuse prevention, and improvement of GNTC’s features and models. See §6.1. |
| Service Data | Account registration data, billing data, service telemetry, product usage metrics, security logs, support communications, cookie and device data. | Controller: we determine the purpose and means of processing for the operation of our business. |
What this means in practice:
Where a data subject wishes to exercise rights over Client Data about themselves (for example, to correct a record), the request must be made to the Client — not GNTC — because the Client is the controller. See Section 11 below.
EntryDesk processes whatever content a Client or Authorized User chooses to submit or have the AI agent retrieve. Depending on the Client’s configuration, Client Data may include:
Client Data is determined entirely by the Client, and that it may include Personal Data of the Client’s employees, customers, partners, vendors, or other third parties. The Client is responsible for the legal basis for submitting such Personal Data into EntryDesk and for providing data subjects with sufficient information regarding such submission, including, without limitation, the relevant provisions set out in this Policy.
In the ordinary course of operating EntryDesk, we collect the following categories of Service Data:
For clarity, we do not use Client Data for marketing.
We process Client Data for the following purposes based on the Client’s instructions and/or the agreement between the Client and us:
We do not sell Client Data. We do not use Client Data for advertising or third-party marketing. We do not share Client Data with third-party foundational AI model providers (e.g., OpenAI, Anthropic, Google) for the purpose of training or improving those providers’ general-purpose models; contractual “no-training” or equivalent terms are in place with such providers (see §7.1). Where reasonably practicable, we use de-identified or aggregated Client Data for analytics and improvement purposes.
We process Service Data for the following purposes:
Specifically, we use Service Data to:
GNTC engages sub-processors to operate EntryDesk. These sub-processors process Client Data and, in some cases, Service Data, strictly under written agreements that require the sub-processor to provide the same or an equivalent standard of data protection as the obligations GNTC owes to its Clients under this Policy and under applicable law, including commitments regarding confidentiality, security, use limitations, onward transfer, incident notification, and deletion or return of data.
Categories of sub-processors we use include:
To generate AI responses and perform agent workflows, EntryDesk transmits Client Data — including the content of Prompts and, in some cases, retrieved context and generated Outputs — to third-party large language model (LLM) and inference providers. As of the Effective Date, these providers are: OpenAI, L.L.C. (United States); Anthropic PBC (United States); and Google LLC (United States, via Vertex AI or the Gemini API). GNTC will update this Policy and revise the Effective Date as providers are added or replaced.
For each LLM or inference provider, GNTC configures the commercial relationship so that Client Data transmitted for inference is not used by the provider to train or improve that provider’s general-purpose models. This is accomplished through “no-training” or equivalent contractual terms, which we confirm before engagement and monitor on an ongoing basis.
Where EntryDesk is accessed through the Apple iOS application, and consistent with Apple App Review Guideline 5.1.2(i), the application presents each Authorized User with a separate in-app disclosure and consent screen identifying the then-current third-party AI providers before the application first transmits Client Data to any such provider. That in-app consent operates independently of any acceptance of this Policy or the Terms by a Workspace Administrator; an Authorized User may withdraw the in-app consent at any time through the application settings, in which case certain features of EntryDesk may no longer be available on the iOS application for that Authorized User.
EntryDesk is designed to work with third-party systems (the “External Systems”) that the Client or its Authorized Users choose to connect, such as Google Workspace, Microsoft 365, Slack, Notion, and similar platforms. When the Client authorizes such an integration:
The External System is an independent controller (or independent processor of its own customers). GNTC is not responsible for an External System’s handling of data once the data is transmitted to that External System in accordance with the Client’s authorized configuration.
If a Client connects a Google Workspace account, EntryDesk’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
The Limited Use requirements above are more restrictive than the general use authorizations for Client Data set forth in Section 6.1 (including the analytics and fine-tuning uses described in that section). For data received from Google APIs specifically, the restrictions in this Section 7.2.1 control and supersede Section 6.1 to the extent of any conflict. In particular, Google user data is not used by GNTC for product analytics performed through third-party analytics sub-processors or for fine-tuning of GNTC’s own models, except as permitted by the Limited Use requirements.
We may disclose Personal Data, including Client Data, where we have a good-faith belief that disclosure is necessary to:
Where the legal process targets Client Data, and unless legally prohibited or in an emergency, we will notify the Client before disclosure so the Client has an opportunity to seek a protective order or take other action.
If GNTC is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, Personal Data may be transferred as part of that transaction, subject to the receiving party being bound by commitments that are no less protective than this Policy.
We may share Personal Data for other purposes when the Authorized User gives us explicit consent, or when the Client directs us to do so in its configuration of the Services.
We may create and share aggregated or de-identified information that cannot reasonably be used to identify any individual, for any business purpose. Such information is not Personal Data.
GNTC operates a cloud service with infrastructure and personnel in multiple jurisdictions. As a result, Personal Data may be transferred to, stored in, or processed in countries outside the jurisdiction in which the data was collected, including Taiwan, the United States, Japan, and other locations where our sub-processors operate.
Whenever we transfer your Personal Data to a third country (i.e., a country outside [the United States] or another jurisdiction that lacks an adequacy decision under applicable law), we ensure that such transfer is conducted in full compliance with applicable data protection legislation.
Where GNTC is subject to the Taiwan Personal Data Protection Act (個人資料保護法; the “PDPA”), any international transfer of Personal Data will comply with PDPA §21 and any applicable transfer restrictions issued by the relevant Taiwanese competent authority. Where such restrictions apply, GNTC will implement reasonable safeguards, which may include:
Client Data is retained for as long as the Client’s Workspace is active, subject to the retention rules the Client configures in the admin console. Specifically:
Upon termination or expiry of the Client’s subscription, and following any grace period specified in the Terms (by default, thirty (30) days after termination), GNTC will delete or return Client Data in accordance with the Terms.
Client Data processed through product-analytics and observability Sub-processors (see §7.1) is subject to retention rules GNTC configures with each such Sub-processor. GNTC targets a maximum retention of twenty-four (24) months in such systems for identifiable records, after which records are deleted or aggregated/de-identified. De-identified or aggregated derivatives created for analytics or model-improvement purposes may be retained indefinitely.
We retain Service Data for as long as necessary for the purposes described in Section 6.2, consistent with the following general periods:
We may retain information for longer where a legal obligation, legitimate dispute, litigation hold, or law-enforcement request requires us to do so.
We implement technical and organizational measures designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction, including:
No security measures are perfect. Clients are responsible for (i) securing their internal access credentials; (ii) configuring integration scopes appropriately; (iii) applying least-privilege principles when granting Authorized User access; and (iv) notifying GNTC at [email protected] of any suspected compromise of Client accounts.
Subject to applicable data protection laws, data subjects have a number of rights regarding their Personal Data. These rights may vary depending on the location and the legal basis for our processing of the Personal Data, but generally include the rights to query or access, make a copy of, supplement or correct, stop the collection/processing/use of, and delete the Personal Data that a controller holds about a data subject. Depending on the category of data at issue, the table below set forth where each request should be directed.
| Right | For Client Data (we are Processor) | For Service Data (we are Controller) |
|---|---|---|
| Query / access | Submit request to the Client; the Client controls the data. | Submit request to [email protected]. |
| Make a copy | Submit request to the Client. | Submit request to [email protected]. |
| Supplement / correct | Submit request to the Client. | Submit request to [email protected]. |
| Stop collection / processing / use | Submit request to the Client. | Submit request to [email protected]. |
| Delete | Submit request to the Client. Client-initiated deletion flows through EntryDesk’s admin console. | Submit request to [email protected]; we may retain records as required by law or legitimate business purpose. |
For requests addressed to GNTC as controller, we will acknowledge receipt within a reasonable period and respond within the statutory period, subject to verification of the requesting data subject’s identity. We may refuse or limit a request where an exception under applicable laws applies (for example, where complying would be impossible or disproportionate, or where retention is required by law).
The Authorized User may also submit a request to us to withdraw consent to any processing that is based on consent, at any time, without affecting the lawfulness of processing performed before withdrawal.
Please note that a data subject’s request to cease the collection, processing, or use of Personal Data may affect the availability and functionality of EntryDesk.
Where EntryDesk is accessed through the Apple iOS or Android mobile application, an Authorized User may additionally initiate deletion of their individual user account from within the application itself, in accordance with Section 12.5 of the Terms of Service. Individual in-app deletion removes that Authorized User’s access and personal settings associated with the mobile application but does not by itself delete the Workspace, delete other Authorized Users’ data, or constitute deletion of Client Data held at the Client level; Workspace-level and Client Data deletion remain subject to Section 9.1 above and the corresponding provisions of the Terms of Service.
EntryDesk is a business product and is not directed to individuals under eighteen (18) years of age (or such age at which they are unable to lawfully provide valid consent under applicable data protection laws, where applicable). Clients shall not permit any individual under such age to access the Services as an Authorized User. If we learn that we have processed Personal Data of a minor in violation of this paragraph, we will delete that data and, where appropriate, notify the Client.
The GNTC website and the EntryDesk web application use cookies and similar technologies for the following purposes:
We do not use cookies for advertising on the EntryDesk application. The Authorized User can control cookies through their browser settings. Note that blocking strictly-necessary cookies will prevent the Services from functioning.
The services of EntryDesk may contain links to other sites or platform owned by the third parties. If the Authorized User clicks a third party’s link, the Authorized User shall be directed to the relevant site or platform. Please note that such external sites or platforms are not operated by GNTC. Therefore, GNTC strongly suggests that the Authorized User reviews the site’s or platform’s privacy notice in advance. GNTC has no absolute control of, and is not responsible for, the content, privacy notice, or practices of any site, platform or services of any third party whatsoever.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make a material change, we will revise the “Effective Date” at the top of the Policy and notify Clients through the EntryDesk admin console or by email to the administrator contact on file. Non-material changes (for example, clarifications) take effect upon posting. The Authorized User’s continued use of the Services after the effective date of a change constitutes acceptance of the revised Policy.
If you have questions about this Policy or our handling of your Personal Data, please contact us:
Email: [email protected]
If you are an Authorized User, you may also contact the Client’s administrator to exercise your rights over Client Data.
You also have the right to lodge a complaint with the competent data-protection authority in your jurisdiction.
Our team is happy to discuss how EntryDesk handles and protects your data.
Contact Us