Privacy Policy
Last Updated: February 2025
At Pephron, we take your privacy seriously. This policy explains how we collect, use, protect, and handle your personal information when you interact with our services.
We operate under Ireland's Data Protection Acts and the EU General Data Protection Regulation (GDPR). Your data belongs to you, and we're committed to keeping it safe while being transparent about our practices.
Questions about your data? Contact us at [email protected] or call +353 42 966 5544
Information We Collect
Account Information
When you register, we collect your name, email address, phone number, and create a secure password for your account.
Financial Data
Investment preferences, portfolio information, and transaction history related to your emotional investing strategies.
Technical Data
IP address, browser type, device information, and how you interact with our platform to improve your experience.
Communication Records
Messages you send us through support channels, feedback forms, and any correspondence about your account.
How We Collect This Information
Most information comes directly from you when you sign up, update your profile, or use our services. We also collect some data automatically through cookies and similar technologies that track how you navigate our platform.
If you contact our support team, we keep records of those conversations to provide better service and resolve issues faster.
How We Use Your Information
We use your personal data for specific purposes that help us provide and improve our services:
- Service Delivery: Process your transactions, maintain your account, and provide the emotional investing tools you signed up for
- Communication: Send important updates about your account, respond to your questions, and notify you about changes to our services
- Platform Improvement: Analyze how people use our services to make them better and develop new features
- Security: Protect your account from unauthorized access and detect potential fraud or misuse
- Legal Compliance: Meet our regulatory obligations under Irish and EU financial services laws
We never sell your personal information to third parties. Your data is used solely to provide you with our services and improve your experience on our platform.
Your Rights Under GDPR
Right to Access
You can request a copy of all personal data we hold about you. We'll provide this in a commonly used electronic format within 30 days.
Right to Rectification
If any information we hold is incorrect or incomplete, you have the right to have it corrected. You can update most details directly in your account settings.
Right to Erasure
Also known as the "right to be forgotten," you can request that we delete your personal data. Some information may need to be retained for legal or regulatory reasons.
Right to Restriction
You can ask us to limit how we use your data while we investigate a concern you've raised about its accuracy or our use of it.
Right to Data Portability
Request your data in a machine-readable format so you can transfer it to another service provider if you choose.
Right to Object
You can object to certain types of processing, including direct marketing communications. We'll stop unless we have compelling legitimate grounds to continue.
How to Exercise Your Rights
To exercise any of these rights, email us at [email protected] with your request. We'll need to verify your identity before proceeding, which usually involves confirming details from your account.
We aim to respond within one month, though complex requests might take up to three months. If there's a delay, we'll let you know why and when you can expect a response.
Data Sharing and Third Parties
We share your information only when necessary and only with trusted partners who help us run our services:
- Payment Processors: Secure third-party services that handle financial transactions on our behalf
- Cloud Storage Providers: Companies that host our data infrastructure with strict security protocols
- Analytics Services: Tools that help us understand how our platform is used so we can improve it
- Customer Support Tools: Systems that help us manage and respond to your inquiries efficiently
All third parties are contractually required to protect your data and can only use it for the specific services they provide to us.
Legal Disclosures
Sometimes we're required by law to share information with regulatory authorities, law enforcement, or courts. This happens only when legally obligated, such as responding to a valid court order or complying with financial regulations.
If Pephron were ever involved in a merger, acquisition, or sale of assets, your information might be transferred to the new owners. You'd be notified beforehand and given options about your data.
Data Security Measures
Protecting your information is a top priority. Here's what we do to keep it secure:
- All data transmitted between your device and our servers is encrypted using industry-standard TLS protocols
- Passwords are hashed and salted before storage, so even we can't see your actual password
- Our servers are hosted in secure facilities with physical access controls and 24/7 monitoring
- We conduct regular security audits and vulnerability assessments to identify and fix potential risks
- Access to personal data is restricted to authorized staff who need it for their work
- We maintain detailed logs of who accesses what data and when
While we implement strong security measures, no system is completely foolproof. If you notice anything suspicious with your account, contact us immediately at [email protected]
Data Retention and Deletion
We keep your information only as long as necessary to provide our services and meet legal requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 7 years | Financial regulations and tax purposes |
| Transaction Records | 7 years from transaction date | Legal and regulatory compliance |
| Communication Records | 3 years | Customer service and dispute resolution |
| Technical Logs | 12 months | Security monitoring and troubleshooting |
| Marketing Preferences | Until you opt out or 2 years of inactivity | Communication management |
Account Deletion Process
If you close your account, we'll delete or anonymize most of your personal data within 30 days. Some information must be retained longer due to financial regulations that apply to services like ours.
After the required retention period expires, we permanently delete all remaining personal data from our systems and backups.
Cookies and Tracking Technologies
What Cookies We Use
Our platform uses cookies and similar technologies to function properly and improve your experience:
Essential Cookies
+These cookies are necessary for the platform to work. They enable basic functions like page navigation, secure area access, and form submissions. The platform won't function properly without them.
Examples: Session authentication, security tokens, load balancing.
Performance Cookies
+These help us understand how visitors interact with our platform by collecting anonymous information about which pages are visited most, where errors occur, and how long people spend on different sections.
All data is aggregated and anonymized. We use this to identify problems and improve the platform.
Functional Cookies
+These remember your preferences and choices to provide enhanced, personalized features. For example, remembering your dashboard layout preferences or language settings.
Without these cookies, some features you've requested won't be available.
Managing Cookie Preferences
You can control and delete cookies through your browser settings. Most browsers let you refuse cookies or alert you when cookies are being sent. Keep in mind that disabling certain cookies might affect how the platform works.
To opt out of performance cookies specifically, adjust your preferences in your account settings under Privacy Controls.
International Data Transfers
Your data is primarily stored on servers located within the European Economic Area. However, some of our service providers are based outside the EEA, which means your information might occasionally be transferred internationally.
When this happens, we ensure appropriate safeguards are in place:
- Transfers to countries with adequacy decisions from the EU Commission
- Standard Contractual Clauses approved by the EU Commission
- Binding Corporate Rules for multinational service providers
- Additional security measures where transfers involve higher risk
You can request information about the specific safeguards applied to your data by contacting our Data Protection Officer at [email protected]
Children's Privacy
Our services are not intended for anyone under 18 years of age. We don't knowingly collect personal information from children.
If you're a parent or guardian and believe your child has provided us with personal information, contact us immediately. We'll delete such information from our systems promptly.
Changes to This Policy
We update this privacy policy occasionally to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we'll notify you by email or through a prominent notice on our platform.
The "Last Updated" date at the top shows when the most recent changes were made. We encourage you to review this policy periodically to stay informed about how we protect your information.
Continuing to use our services after changes take effect means you accept the updated policy.
Complaints and Regulatory Authority
If you're unhappy with how we've handled your personal data, please contact us first so we can try to resolve your concern.
You also have the right to lodge a complaint with the Data Protection Commission in Ireland:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Phone: +353 57 868 4800
Email: [email protected]
Website: www.dataprotection.ie