First-party
No third-party trackers.
EU-only
Data resides in the EU.
Per-request
Subject requests honoured.
What we process
Account details (name, work email, firm, role), access logs, document downloads and first-party usage events within invest.attesto.eu. We use only first-party Attesto infrastructure where possible.
Why
- Enable and control personal investor access.
- Protect investor materials from abuse and unauthorised re-distribution.
- Understand interest in materials, transparently and at account level.
- Security logging (legitimate interest).
IP addresses and identifiers
IP addresses and similar online identifiers are personal data. Where possible we pseudonymise (HMAC-hashed with a rotating secret), but pseudonymised data remains in scope of the GDPR.
Retention
We retain data no longer than necessary for the purpose collected, and review retention periodically. Typical periods: security logs 90 days; raw edge IPs 7 days; analytics events 90 days; meeting requests 12 months after last contact; invites and access grants 24 months.
Contact
For questions or data-subject requests: privacy@attesto.eu.