Priqid

Privacy Policy

Last updated: April 2026

1. Introduction

This privacy policy explains how Priqid ("we", "our", "us") collects, uses, and protects your personal data when you use our PRIIPs KID generation platform (the "Service"). It is issued in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR").

2. Data Controller

The data controller for personal data processed about you in connection with our website and your use of the Service as a registered user is:

[Priqid legal entity name, e.g. Priqid ApS]
[Registered address]
CVR: [CVR number]
Email: privacy@priqid.com

When customers (e.g. fund managers) upload fund and investor data into the Service, the customer is the controller of that data and Priqid acts as a processor under a separate Data Processing Agreement.

3. Data We Collect

We collect the following categories of personal data:

  • Account information: name, work email address, organisation name, role, hashed password, two-factor authentication secrets.
  • Fund and customer data: fund parameters, cost structures, benchmark data, and any personal data that customers choose to include in fund records or KIDs.
  • Usage data: log-in timestamps, IP addresses, browser/device information, pages visited, features used, and audit-trail entries.
  • Communications: the content of emails and support requests you send to us.

4. Purposes and Legal Basis

We process your personal data for the following purposes and on the following legal bases under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)): to create and manage your account, deliver the Service, generate KIDs, and provide support.
  • Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent fraud and abuse, monitor performance, improve our product, and pursue or defend legal claims.
  • Legal obligation (Art. 6(1)(c)): to comply with bookkeeping, tax, anti-money-laundering, and other regulatory obligations.
  • Consent (Art. 6(1)(a)): for non-essential cookies and any optional marketing communications. You may withdraw consent at any time without affecting prior processing.

5. Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Account data: for the duration of your account, plus up to 12 months after closure to handle reactivation requests and disputes.
  • Fund data and generated KIDs: retained while your subscription is active; deleted or returned to the customer within 30 days of contract termination, unless retention is required by law.
  • Audit logs and security logs: up to 24 months.
  • Accounting records: 5 years from the end of the relevant financial year, in accordance with the Danish Bookkeeping Act.

6. Sub-Processors and Recipients

We do not sell your personal data. We share data only with carefully selected sub-processors that help us deliver the Service, each bound by a written data processing agreement. Current categories include:

  • Cloud hosting and database: Railway Corp. (United States) — application hosting and managed PostgreSQL.
  • AI processing: Anthropic, PBC (United States) — used for KID PDF parsing and document analysis.
  • Transactional email: Mailjet SAS (France) — account, security and notification emails.

An up-to-date list of sub-processors is maintained in our Data Processing Agreement.

7. International Transfers

Your personal data is primarily stored on infrastructure located within the European Union. Some sub-processors (notably Railway and Anthropic) are established in the United States. Where personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) and, where appropriate, supplementary technical and organisational measures. A copy of the safeguards used is available on request.

8. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS) and at rest, role-based access control, two-factor authentication for administrators, audit logging, and regular backups. No system is perfectly secure, and we cannot guarantee absolute security, but we work continuously to reduce risk.

9. Cookies

We use cookies and similar technologies to operate the Service and to understand how it is used. Strictly necessary cookies are set automatically; non-essential cookies are only set with your consent via our cookie banner. For details on the categories of cookies we use and how to manage them, see our Cookie Policy.

10. Your Rights

Subject to the conditions in the GDPR, you have the right to:

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Request deletion of your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please contact us at privacy@priqid.com. We will respond within one month, in accordance with Article 12 GDPR.

You also have the right to lodge a complaint with a supervisory authority. In Denmark, this is Datatilsynet.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated by email or through the Service. The "Last updated" date at the top of this page indicates when it was most recently revised.

12. Contact

For any questions about this privacy policy or our data practices, please contact us at privacy@priqid.com.

Get in touch →