arrow_back Home

Privacy Policy

Last updated: March 2026

1. Overview

Entity Ledger ("we", "us", or "our") operates a compliance and counterparty intelligence platform. This Privacy Policy explains how we collect, use, store, and disclose information when you use our Service. We are committed to processing data in accordance with the General Data Protection Regulation (GDPR) and applicable Cypriot data protection legislation.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily submit, including when you contact us by email or register for access. This may include your name, email address, organisation, and the nature of your enquiry.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical data, including:

  • IP address and approximate geolocation;
  • Browser type, version, and operating system;
  • Pages visited, search queries, and timestamps;
  • Referring URLs.

This information is collected for security, abuse prevention, and service improvement purposes and is not used to identify individual users beyond what is necessary for these purposes.

2.3 Entity Data

The Service displays information about legal entities and individuals sourced from public registries and databases. This information is collected and processed on the basis of legitimate interest — specifically, the public interest in transparency, compliance, and fraud prevention — as recognised under GDPR Article 6(1)(f) and Recital 47.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Legitimate interest — for compliance, fraud prevention, and counterparty transparency research;
  • Legal obligation — where processing is required to comply with applicable law;
  • Consent — where you have explicitly provided consent, which may be withdrawn at any time.

4. How We Use Information

We use collected information to:

  • Operate and improve the Service;
  • Detect and prevent abuse, fraud, and unauthorised access;
  • Respond to enquiries and support requests;
  • Comply with legal obligations;
  • Conduct internal analytics to understand how the Service is used.

We do not sell personal data to third parties. We do not use personal data for automated profiling or decision-making that produces legal or similarly significant effects.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Server logs are retained for up to 90 days. Entity data sourced from public registries is retained for as long as it remains relevant to compliance use cases and is periodically reviewed for accuracy.

6. Your Rights

Under GDPR, you have the following rights with respect to personal data we hold about you:

  • Right of access — to obtain a copy of your personal data;
  • Right to rectification — to correct inaccurate data;
  • Right to erasure — to request deletion where there is no legitimate basis for continued processing;
  • Right to restriction — to limit how we use your data;
  • Right to object — to object to processing based on legitimate interest;
  • Right to portability — to receive your data in a structured, machine-readable format.

Note that the right to erasure may be limited where data originates from public registries and where processing is justified by public interest or legal obligation. To exercise any of these rights, contact us at privacy@entityledger.io.

7. Cookies

We use only technically necessary session cookies required for the Service to function. We do not use tracking cookies, advertising cookies, or third-party analytics that identify individual users. No cookie consent banner is presented because no non-essential cookies are set.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include encrypted connections (TLS), access controls, and rate limiting. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

9. International Transfers

The Service is operated from within the European Union. If data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact and Supervisory Authority

For privacy-related enquiries, contact us at privacy@entityledger.io.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy).