Privacy Policy and Data Protection Framework – Investormatch

Version 3.2 – Last updated: April 9, 2026

Article 1: Identification of the Data Controller

This Privacy Policy defines the strict data processing protocols used by Investormatch ("the Platform", "we", "us" or "our'), located at WTC Amsterdam, Strawinskylaan 4117, 1077 ZX Amsterdam, Netherlands. We act as the data controller within the meaning of the General Data Protection Regulation (AVG/GDPR).

Given the advanced nature of our AI systems, we have appointed a Data Protection Officer (DPO), reachable via [email protected].

Article 2: Categories of Personal Data Processed

To ensure an institutional degree of security and precision in our matching algorithms, we collect the following data:

Identity Data

Full legal name, date of birth, nationality, and official identification documents for legal Know Your Customer (KYC) verification.

Contact Information

Verified email address, active mobile phone number, and officially registered residential address.

Financial Telemetry

Information on source of wealth, wallet addresses, transaction history, and detailed investor risk profiles.

Digital Footprint

IP addresses, device specifications, geographical routing data, and granular logs of your interactions with our AI-driven analytical interfaces.

Article 3: Legal Basis and Purposes of Processing

In accordance with Article 6 of the GDPR, we process data based on:

  • Contractual necessity: For managing your account and providing our core analytical matching services.
  • Legal obligations: Compliance with the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft).
  • Legitimate interest: For fraud prevention, network security, and the optimization of our AI models through anonymized datasets.
  • Explicit consent: For sending personalized AI market reports and the use of non-essential analytical cookies.

Article 4: Advanced Security and Encryption

Investormatch applies enterprise-grade security standards:

  • AES-256 Encryption

    All data at rest is stored with military-grade encryption.

  • TLS 1.3 Protocols

    All data transfer between the user and our servers is fully encrypted.

  • Sovereign Hosting

    Data is exclusively stored on redundant, secure servers within the European Economic Area (EEA) with strict logical access controls.

Article 5: Retention Periods and Archiving

We do not retain your data longer than strictly necessary for the stated purposes:

  • Active Data: For the duration of the contractual relationship.
  • Legal Archives: Personal data and financial records are retained for a period of seven (7) years after termination of the relationship, in accordance with Dutch tax and anti-money laundering legislation.

Article 6: Your Rights under the GDPR

The GDPR grants you full control over your information: right to access, rectification, erasure ("right to be forgotten'), restriction of processing, data portability, and right to object.

You can exercise these rights via [email protected]. You also have the right to lodge a complaint with the Dutch Data Protection Authority (AP).

🇬🇧 English
🇳🇱 Dutch 🇫🇷 French 🇩🇪 German