Privacy Policy
Last updated: May 27, 2026
Introduction
This Privacy Policy describes how Ardessa ("we", "our", or "us") collects, uses, and shares information about you when you use our AI-powered fundraising intelligence platform and related services (collectively, the "Services"). Ardessa provides technology solutions for private markets professionals, including General Partners, fund managers, and fundraising teams.
By using our Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy.Information We Collect
Information You ProvideWe collect information you provide directly to us, including:
Account Information: Name, email address, company name, job title, and login credentials when you create an account
Professional Information: Details about your firm, fund strategies, investment focus, and fundraising activities
Communications: Information you provide when you contact us for support, submit feedback, or otherwise communicate with us
Payment Information: Billing details and payment information processed through our secure payment providers
Information We Collect Automatically
When you use our Services, we automatically collect certain information, including:
Usage Data: Information about how you interact with our platform, including features used, searches performed, and time spent on various functions
Device Information: Browser type, operating system, device identifiers, and IP address
Log Data: Access times, pages viewed, and referring URLs
Information from Third-Party Sources
With your authorisation, we may collect information from third-party sources to enhance our Services, including:
Publicly available information about Limited Partners, institutional investors, and market participants
Data from integrated platforms and services you connect to your Ardessa account
Information from data providers to enrich investor profiles and market intelligence
Information about Third Parties Processed on Our Platform
Ardessa is an investment research platform. As part of providing our services to customers, we process professional information about individuals (such as fund managers, executives, board members, and other professionals named in public business contexts). This information is gathered from publicly available professional sources, including business websites, news sources, and licensed third-party data providers.
The categories of data processed in this way are: name, job title, firm affiliation, professional history, business email address (where publicly available), and professional public mentions in news or commentary.
Our lawful basis for this processing is legitimate interest (GDPR Article 6(1)(f)). This basis enables our customers (investment professionals) to conduct B2B research on professional individuals operating in their public business capacity. We have completed a Legitimate Interests Assessment for this processing.
Individuals whose information appears on our platform may exercise their data subject rights, including access, correction, deletion, and objection, by emailing info@ardessa.com.
How We Use Your Information
We use the information we collect to:
Provide, maintain, and improve our Services
Generate AI-powered insights, recommendations, and research for your fundraising activities
Personalise your experience and deliver relevant content
Process transactions and send related information
Send technical notices, updates, security alerts, and administrative messages
Respond to your enquiries and provide customer support
Monitor and analyse trends, usage, and activities in connection with our Services
Detect, investigate, and prevent fraudulent transactions and other illegal activities
Comply with legal obligations and enforce our terms of service
Legal Bases for Processing
We rely on the following GDPR Article 6 lawful bases for our processing activities:
Authenticating you and managing your account: Article 6(1)(b), performance of contract
Delivering research and prospecting outputs to you: Article 6(1)(f), legitimate interest
Using third-party AI providers to generate research outputs: Article 6(1)(f), legitimate interest
Processing employee data: Article 6(1)(b) and 6(1)(c), employment contract and legal obligation
B2B marketing outreach to prospective customers: Article 6(1)(f), legitimate interest
Responding to enquiries from customers and prospects: Article 6(1)(b), contract or pre-contractual steps
Application monitoring and security logging: Article 6(1)(f), legitimate interest
Statutory record-keeping (tax, employment, audit): Article 6(1)(c), legal obligation
Where we rely on legitimate interest, we have documented a Legitimate Interests Assessment balancing our interest against your rights and reasonable expectations. You can object to legitimate-interest processing at any time by contacting info@ardessa.com.
Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
Service Providers: With third-party vendors, consultants, and service providers who need access to such information to perform services on our behalf. Each is bound by a Data Processing Agreement and, where applicable, EU Standard Contractual Clauses (2021) for transfers outside the European Economic Area, together with the UK International Data Transfer Addendum where data originates in the United Kingdom. A current list of sub-processors is available on request from info@ardessa.com
Compliance and Safety: When we believe disclosure is necessary to comply with applicable law, regulation, or legal process, or to protect the rights, property, or safety of Ardessa, our users, or others
Business Transfers: In connection with any merger, acquisition, or sale of company assets, your information may be transferred as a business asset
With Your Consent: When you direct us to share information with third parties
Data Security
We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure.Data Retention
We retain your information only for as long as necessary to fulfil the purposes described in this policy and to comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are:User account data: retained for the active life of your account. On account deletion request, data is purged across our systems within 30 days where technically feasible.
Research outputs and prospect intelligence generated for you: retained for the active life of your account; purged on request within 90 days where technically feasible.
Customer support correspondence: 3 years from ticket closure.
Marketing prospect records: 3 years from last interaction; opt-out suppression lists retained indefinitely to honour objections.
Application and security/audit logs: 12 months.
Employee data: active employment plus 6 years (Irish statutory retention).
Where we cannot delete certain records due to legal obligations (for example, tax records) or operational necessity (security logs), we will explain the basis on request.
Requesting deletion of your personal information
You can request deletion of your personal information at any time by emailing info@ardessa.com with the subject line "Data Deletion Request." Please include the email address or account associated with your data so we can locate it. We may take reasonable steps to verify your identity before processing the request, to protect against unauthorised deletion.
Once verified, we will delete your personal information from our production systems and instruct our subprocessors to do the same, except where we are required to retain certain information to comply with legal, regulatory, tax, accounting, or security obligations, or to resolve disputes and enforce our agreements. Where data cannot be fully deleted (for example in time-limited backups), we will isolate it from further processing and delete it on the normal backup expiry cycle.
Timeframe (our SLA)
We will acknowledge your deletion request within five (5) business days and complete it within thirty (30) days of verifying your identity. If the request is complex or we need more time, we will tell you within that period and explain the reason, consistent with our obligations under the GDPR (Right to Erasure) and the CCPA (Right to Delete).
Your Rights
Depending on your location, you may have certain rights regarding your personal information, including the right to:
Access the personal information we hold about you
Correct inaccurate or incomplete information
Request deletion of your personal information
Object to or restrict certain processing activities
Data portability
Withdraw consent where processing is based on consent
To exercise these rights, please contact us using the details below.
8. Google User Data
If you connect your Google account to Ardessa, we may access certain Google user data (such as your name, email address, and calendar or drive data you authorise) solely to provide our Services. We do not sell this data, and we only share it with service providers necessary to operate our platform.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Ardessa
Email: info@ardessa.com