Privacy Policy
Last updated: [LEGAL REVIEW: insert date on publication]
1. Who we are
Gylder is a personal net worth tracking service. Gylder is a trademark of cdum B.V., a company registered under Dutch law.
- Registered address: Boxmeerstraat 129, 5043ZC Tilburg, the Netherlands
- KvK: 93033613
- VAT: NL866254572B01
cdum B.V. is the data controller for all personal data processed through Gylder. For any privacy-related questions: support@gylder.nl.
2. What data we collect and why
| Data | Legal basis | Purpose | Retention |
|---|---|---|---|
| Email address | Contract performance (Art. 6(1)(b)) | Account login, notifications | Until account deletion |
| Name (optional) | Contract performance | Personalisation (e.g. sidebar greeting) | Until account deletion |
| Financial data (balances, positions, transactions) | Contract performance | Core product — net worth calculation | Until account deletion. Crypto-shredded on deletion. |
| Provider credentials (OAuth tokens, API keys) | Contract performance | Syncing connected financial accounts | Until provider disconnected or account deleted |
| Payment information | Contract performance | Subscription billing | Managed by Stripe. Invoices retained 7 years (Dutch tax law). |
| Marketing email preference | Consent (Art. 6(1)(a)) | Product updates and tips | Until withdrawn |
We do not collect IP addresses, device fingerprints, or usage analytics. We do not use advertising trackers. We do not sell your data to third parties, ever.
[LEGAL REVIEW: Verify that "contract performance" is the correct legal basis for each data type. Confirm the 7-year invoice retention period aligns with the Dutch fiscal retention obligation (AWR Art. 52).]
3. How we protect your data
All financial data is encrypted at rest using AES-256-GCM envelope encryption. Each user has a unique Data Encryption Key (DEK), which is itself encrypted by an AWS KMS master key. Neither cdum B.V. employees nor our hosting provider can read your financial balances, positions, or credentials in storage.
All data is stored exclusively in AWS data centres in Frankfurt, Germany (eu-central-1), operated by Amazon Web Services EMEA SARL, a Luxembourg-based entity. Data never leaves the European Union.
Bank connections use PSD2-regulated Open Banking APIs via TrueLayer. Gylder has read-only access — we can never initiate payments, transfers, or modifications to your bank accounts.
All connections to Gylder are encrypted in transit using TLS 1.2 or higher. Two-factor authentication (TOTP) is mandatory for all accounts.
4. Who we share data with
We use the following sub-processors to operate Gylder. We have Data Processing Agreements (DPAs) in place with each processor. We do not sell or share your data with third parties for marketing or advertising purposes.
| Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services EMEA SARL | Infrastructure, database, encryption key management, authentication | EU (Frankfurt, Germany) |
| Stripe | Payment processing, subscription management | EU / US (SCCs in place) |
| TrueLayer | Open Banking — bank account linking (PSD2) | UK / EU (UK adequacy decision in place) |
| Vercel | Frontend hosting | EU edge network (US origin, SCCs in place) |
| Resend | Transactional email delivery (notifications, alerts) | EU (Ireland) |
[LEGAL REVIEW: This sub-processor list is not final. TrueLayer will be phased out before launch and replaced by a different Open Banking provider — update this table when the replacement is confirmed. Additional providers (e.g. wealthAPI.eu, IBKR) may be added post-launch. Verify that SCCs are in place for Stripe and Vercel for any US data processing. Confirm Resend DPA covers EU data. Verify whether the AWS GDPR DPA (automatically incorporated into AWS EMEA SARL Service Terms) is sufficient or whether a separately signed DPA is needed.]
5. International data transfers
Your financial data is stored exclusively in AWS eu-central-1 (Frankfurt, Germany) and never leaves the EU. The contracting AWS entity is Amazon Web Services EMEA SARL, based in Luxembourg.
Some sub-processors (Stripe, Vercel) may process limited data in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, and where applicable, supplementary technical measures (encryption in transit and at rest).
AWS is a subsidiary of Amazon.com, Inc., a US-based company. Under the US CLOUD Act, US law enforcement could theoretically request data from AWS. However, all financial data stored in Gylder is encrypted with per-user keys managed through AWS KMS — meaning AWS infrastructure access alone cannot reveal your financial information. The encryption keys are only accessible within our application at request time.
[LEGAL REVIEW: Confirm that the CLOUD Act disclosure is appropriately worded. Verify that envelope encryption is a sufficient supplementary measure under the Schrems II framework for the specific data types processed. Consider whether this section should reference the EU-US Data Privacy Framework.]
6. Your rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. To exercise any of them, email support@gylder.nl. We will respond within 30 days.
- Access (Art. 15) — Request a copy of all personal data we hold about you. You can also download it directly from Settings → Data → Export my data (JSON format).
- Rectification (Art. 16) — Correct inaccurate personal data. You can update your name and email in Settings → Profile. Financial data is sourced from your connected providers — corrections should be made at the provider level.
- Erasure (Art. 17) — Request deletion of your account and all data. You can initiate this from Settings → Data → Delete Account. Your encryption key is destroyed, making all financial data permanently and irreversibly unreadable (crypto-shredding).
- Portability (Art. 20) — Download your data in a structured, machine-readable JSON format from Settings → Data.
- Restriction (Art. 18) — Request that we stop processing your data in certain ways. You can disconnect individual providers at any time to stop data syncing for that account.
- Objection (Art. 21) — Object to processing based on legitimate interest.
- Withdraw consent — For processing based on consent (e.g., marketing emails), you can withdraw at any time from Settings → Alerts & Notifications, without affecting the lawfulness of prior processing.
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.
7. Data retention
| Data | Retention period | Basis |
|---|---|---|
| User financial data (balances, positions, snapshots) | Until account deletion | Contract performance |
| Provider credentials (OAuth tokens, API keys) | Until provider disconnected or account deleted | Contract performance |
| Stripe invoices and payment records | 7 years after creation | Dutch fiscal retention obligation (AWR Art. 52) |
| Application logs (no PII) | 90 days | Operational / security |
| Account deletion audit record (anonymised) | 30 days | Legitimate interest (fraud prevention) |
When you delete your account, all encrypted financial data is permanently destroyed via crypto-shredding — your personal encryption key is deleted, making all associated data mathematically irrecoverable. This is a legally recognised GDPR deletion strategy.
9. Changes to this policy
We will notify you by email of any material changes to this privacy policy at least 30 days before they take effect. The current version is always available at gylder.nl/privacy.
10. Contact
For any privacy-related questions, data access requests, or to exercise your rights: support@gylder.nl
cdum B.V.
Boxmeerstraat 129
5043ZC Tilburg
The Netherlands