EngageRx
← Back to home
§L1Privacy Policy

Privacy Policy

Last updated · 2026-05-24

1. Introduction

EngageRx ApS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal data when you visit engagerx.io or contact us through our website. It is written to comply with the EU General Data Protection Regulation (Regulation 2016/679 - "GDPR") and the Danish Data Protection Act.

Company details (Data Controller):
EngageRx ApS
CVR: 45934039
Danneskiold-Samsøes Allé 41
1434 Copenhagen, Denmark
Email: contact@engagerx.io

2. Categories of Data Subjects

This policy applies to business contacts who interact with our public website - typically employees of pharmaceutical or life-sciences companies (e.g. commercial, medical, field, market access or insight teams) who request a demo, get in touch or otherwise correspond with us. We collect personal data directly from you when you submit a form or send us an email.

3. Information We Collect

We collect only the following categories of personal data:

  • Contact & enquiry data - name, work email address, company name, role, and the free-text message you submit through the "Book a demo" or "Get in touch" forms.
  • Correspondence data - the content of any emails you send us and our replies, together with delivery metadata (message ID, send status, bounce or complaint flags) recorded by our email infrastructure.
  • Aggregate usage data - anonymous, aggregated statistics about visits to engagerx.io collected through Plausible Analytics (see Section 6). This data does not identify you personally.
  • Server log data - standard technical logs (IP address, user agent, request path, response status) generated by our hosting infrastructure for security, abuse prevention and rate-limiting. These logs are retained for a short period and are not used to build user profiles.

We do not collect phone numbers, payment details, health data, special category data, or any data from individuals under 16 through this website.

4. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to demo requests, contact-form enquiries and other correspondence
  • To send transactional emails confirming your submission and our follow-up
  • To maintain a suppression list so we honour unsubscribe and bounce events
  • To improve our website and content using aggregate, anonymous analytics
  • To detect, prevent and respond to abuse, fraud and security incidents
  • To comply with legal, accounting and regulatory obligations under Danish law

We do not use your personal data for advertising, profiling, automated decision-making, or for sale to third parties.

5. Legal Basis for Processing (GDPR Art. 6)

  • Art. 6(1)(b) - Pre-contractual steps: responding to demo and contact requests you have actively submitted to us.
  • Art. 6(1)(f) - Legitimate interests: maintaining the security of our website, preventing abuse, and improving our service through aggregate analytics. Our assessment is that these interests do not override your rights and freedoms because the processing is minimal, transparent and uses privacy-friendly tooling.
  • Art. 6(1)(c) - Legal obligation: retaining records where required by Danish bookkeeping, tax or other applicable law.

6. Data Sharing and Sub-Processors

We share personal data only with the sub-processors listed below, all of whom host their processing of EngageRx personal data within the European Union.

  • Lovable Cloud (built on Supabase, EU region) - provides our website hosting, application backend, PostgreSQL database and transactional email delivery (sender domain notify.engagerx.io). Submitted form data (name, email, company, role, message) is stored here, along with email send logs, suppression records and one-click unsubscribe tokens. See lovable.dev/privacy.
  • Plausible Analytics (Plausible Insights OÜ, EU) - provides our privacy-friendly website analytics. Plausible uses no cookies, sets no identifiers, and does not track users across websites. All data is aggregated, anonymous and stored on EU servers. See plausible.io/privacy.

We may also disclose personal data where required by law, court order or competent public authority, or in connection with a merger, acquisition or sale of assets - in which case we will give you reasonable notice. We do not sell your personal data.

7. International Data Transfers

All sub-processors listed in Section 6 store EngageRx personal data exclusively within the European Union. We do not currently transfer personal data outside the EEA. If this ever changes, we will update this Policy and ensure transfers are covered by an appropriate GDPR safeguard (adequacy decision or Standard Contractual Clauses).

8. Data Retention

We retain personal data only for as long as needed for the purposes above:

  • Demo and contact form submissions: up to 24 months from your last contact with us, then deleted or anonymised - unless you become a customer, in which case retention follows our customer agreement.
  • Email send logs & correspondence metadata: up to 12 months, then deleted.
  • Suppression list (unsubscribes, bounces, complaints): kept indefinitely, because we need a permanent record to honour your request not to be contacted again. The only data stored is the email address.
  • Server & security logs: short-term (typically up to 30 days) unless an incident requires longer retention.
  • Plausible Analytics: retained per Plausible's own retention policy; no personal identifiers are involved.

9. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

  • Right of access (Art. 15) - request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) - ask us to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) - ask us to delete your personal data where one of the legal grounds applies.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object (Art. 21) - including to processing based on legitimate interests.
  • Right to lodge a complaint with a supervisory authority (see Section 13).

To exercise any of these rights, email contact@engagerx.io. We will respond within one month, as required by GDPR Art. 12.

10. Data Security

We apply appropriate technical and organisational measures to protect your personal data, including TLS encryption in transit, EU-region encrypted storage at rest, signed webhook verification for email events, application-level rate-limiting on public form endpoints, and least-privilege access controls within our backend. No system is 100% secure; we commit to notifying the supervisory authority and, where required, affected individuals of any personal data breach in accordance with GDPR Art. 33–34.

11. Cookies

engagerx.io does not currently set any non-essential cookies and does not display a cookie banner because there is nothing for you to consent to. For full details see our Cookie Policy.

12. Children's Privacy

Our website is a B2B service directed to professionals in the pharmaceutical industry and is not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will delete it.

13. Supervisory Authority

If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Danish Data Protection Agency:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be flagged on this page; please review periodically.

15. Contact

For any question about this Policy or to exercise your rights, contact us at contact@engagerx.io or by post at the address in Section 1.