[LEGAL] before launch.Privacy Policy
Last updated: [LEGAL: insert date before launch]
1. Who we are
Gylder is a personal net worth tracking service. It is operated by [LEGAL: insert legal entity name, address, KvK number, and VAT number].
Data controller contact: privacy@gylder.com.
[LEGAL: Confirm the correct legal entity. If Gylder is not yet incorporated, confirm whether personal data processing can lawfully start before incorporation. Dutch DPA (AP) requires a natural person or legal entity as the identified controller.]
2. What data we collect and why
| Data | Legal basis | Purpose | Retention |
|---|---|---|---|
| Email address | Contract performance (Art. 6(1)(b)) | Account login, notifications | Until account deletion |
| Name (optional) | Contract performance | Personalisation | Until account deletion |
| Financial data (balances, positions, transactions) | Contract performance | Core product — net worth calculation | Until account deletion. Crypto-shredded on deletion. |
| Provider credentials (OAuth tokens, API keys) | Contract performance | Syncing financial accounts | Until provider disconnected or account deleted |
| IP address, device info | Legitimate interest | Security, fraud prevention | [LEGAL: define retention — 30 days recommended] |
| Anonymous usage analytics | Legitimate interest | Product improvement | [LEGAL: confirm anonymisation method meets GDPR standard] |
| Marketing email opt-in | Consent (Art. 6(1)(a)) | Product updates | Until withdrawn |
[LEGAL: Verify all legal bases. Confirm that "contract performance" is appropriate for each data type — the AP and EDPB have guidance on when legitimate interest vs. contract performance applies. Confirm retention periods comply with your obligations under Dutch tax law (7-year bookkeeping obligation may be relevant if Gylder stores invoice data).]
3. How we protect your data
All financial data is encrypted end-to-end using AES-256-GCM envelope encryption. Each user has a unique Data Encryption Key (DEK), which is itself encrypted by an AWS KMS master key. Gylder employees cannot read your financial balances, positions, or credentials. Data is stored exclusively in AWS data centres in Frankfurt, Germany (eu-central-1).
Bank connections use PSD2-regulated Open Banking APIs. Gylder has read-only access — we can never initiate transfers or modify your bank accounts.
4. Who we share data with
We use the following sub-processors. We do not sell your data to third parties, ever.
| Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure, database, encryption, email | EU (Frankfurt, Germany) |
| Stripe | Payment processing, subscription management | EU / US (SCCs in place) |
| TrueLayer | Open Banking — bank account linking | UK / EU |
| Vercel | Frontend hosting (Next.js) | EU edge nodes + US (SCCs in place) |
[LEGAL: Verify SCCs (Standard Contractual Clauses) are in place for all non-EU processors. Confirm Vercel's DPA covers EU data adequately. Check whether TrueLayer UK → EU data transfers require additional safeguards post-Brexit. Update this table as processors are added or removed.]
5. Your rights
Under GDPR, you have the following rights. To exercise any of them, email privacy@gylder.com. We will respond within 30 days.
- Access (Art. 15) — Request a copy of all personal data we hold about you. You can also download it directly from Settings → Data.
- Rectification (Art. 16) — Correct inaccurate personal data.
- Erasure (Art. 17) — Request deletion of your account and all data. Initiated from Settings → Data → Delete Account. Financial data is crypto-shredded (your encryption key is deleted, making all data permanently unreadable).
- Portability (Art. 20) — Download your data in machine-readable JSON format from Settings → Data.
- Restriction (Art. 18) — Request that we stop processing your data in certain ways.
- Objection (Art. 21) — Object to processing based on legitimate interest.
- Withdraw consent — For processing based on consent (e.g., marketing emails), withdraw at any time without affecting prior processing.
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.
6. Cookies
Gylder uses a minimal set of cookies:
- Session cookies (essential) — Required for login. Set on authentication, expire on logout or after 30 days of inactivity. No consent required.
- CSRF token (essential) — Security. No consent required.
- Analytics cookies — Only set if you accept analytics in the cookie banner. Used to understand usage patterns. No personally identifiable data.
We do not use advertising cookies. We do not share cookie data with advertisers.
[LEGAL: If using Plausible (cookieless analytics), remove the analytics cookie row above — Plausible does not set cookies and does not require consent. If using Google Analytics, verify it is configured in consent mode and confirm additional GDPR requirements. The AP has issued rulings against standard GA4 setups without proper consent configuration.]
7. Changes to this policy
We will notify you by email of any material changes to this privacy policy at least 30 days before they take effect. The current version is always available at gylder.com/privacy.
8. Contact
For any privacy-related questions or to exercise your rights: privacy@gylder.com
[LEGAL: insert full postal address of data controller]