Privacy Policy

Last updated: March 30, 2026

1. Who we are

Gylder is a personal net worth tracking service. Gylder is a trademark of cdum B.V., a company registered under Dutch law.

Registered address: Boxmeerstraat 129, 5043ZC Tilburg, The Netherlands
Gylder is registered at the Dutch Chamber of Commerce under number 93033613

cdum B.V. is the data controller for all personal data processed through Gylder. For any privacy-related questions, send an email with your question to legal@gylder.nl or contact us via post on the registered address.

2. What data we collect and why

Data	Legal basis	Purpose	Retention
Email address	Contract performance	Account login, notifications	Until account deletion
Name (optional)	Contract performance	Personalisation (e.g. sidebar greeting)	Until account deletion
Financial data (balances, positions, transactions)	Contract performance	Core product — net worth calculation	Until account deletion. Crypto-shredded on deletion.
Provider credentials (OAuth tokens, API keys)	Contract performance	Syncing connected financial accounts	Until provider disconnected or account deleted
Payment information	Contract performance	Subscription billing	Managed by Stripe. Invoices retained 7 years.
Marketing email preference	Consent	Product updates and tips	Until withdrawn

We do not collect IP addresses, device fingerprints, or usage analytics. We do not use advertising trackers. We do not sell your data to third parties, ever.

3. How we protect your data

All financial data is encrypted at rest using AES-256-GCM envelope encryption. Each user has a unique Data Encryption Key (DEK), which is itself encrypted by an AWS KMS master key. Neither cdum B.V. employees nor our hosting provider can read your financial balances, positions, or credentials in storage.

All data is stored exclusively in AWS data centres in Frankfurt, Germany (eu-central-1), operated by Amazon Web Services EMEA SARL, a Luxembourg-based entity. Data never leaves the European Union.

Bank connections use PSD2-regulated Open Banking APIs via TrueLayer. Gylder has read-only access — we can never initiate payments, transfers, or modifications to your bank accounts.

All connections to Gylder are encrypted in transit using TLS 1.2 or higher. Two-factor authentication (TOTP) is mandatory for all accounts.

4. Who we share data with

We use the following sub-processors to operate Gylder. We have Data Processing Agreements (DPAs) in place with each processor. We do not sell or share your data with third parties for marketing or advertising purposes.

Processor	Purpose	Location
Amazon Web Services EMEA SARL	Infrastructure, database, encryption key management, authentication	EU (Frankfurt, Germany)
Stripe	Payment processing, subscription management	EU / US (SCCs in place)
TrueLayer	Open Banking — bank account linking (PSD2)	UK / EU (UK adequacy decision in place)
Vercel	Frontend hosting	EU edge network (US origin, SCCs in place)
Resend	Transactional email delivery (notifications, alerts)	EU (Ireland)

5. International data transfers

Your financial data is stored exclusively in AWS eu-central-1 (Frankfurt, Germany) and never leaves the EU. The contracting AWS entity is Amazon Web Services EMEA SARL, based in Luxembourg.

Some sub-processors (Stripe, Vercel) may process limited data in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, and where applicable, supplementary technical measures (encryption in transit and at rest).

AWS is a subsidiary of Amazon.com, Inc., a US-based company. Under the US CLOUD Act, US law enforcement could theoretically request data from AWS. However, all financial data stored in Gylder is encrypted with per-user keys managed through AWS KMS — meaning AWS infrastructure access alone cannot reveal your financial information. The encryption keys are only accessible within our application at request time.

6. Your rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. To exercise any of them, email legal@gylder.nl. We will respond within 30 days.

Access (Art. 15) — Request a copy of all personal data we hold about you. You can also download it directly from Settings → Data → Export my data (JSON format).
Rectification (Art. 16) — Correct inaccurate personal data. You can update your name and email in Settings → Profile. Financial data is sourced from your connected providers — corrections should be made at the provider level.
Erasure (Art. 17) — Request deletion of your account and all data. You can initiate this from Settings → Data → Delete Account. Your encryption key is destroyed, making all financial data permanently and irreversibly unreadable (crypto-shredding).
Portability (Art. 20) — Download your data in a structured, machine-readable JSON format from Settings → Data.
Restriction (Art. 18) — Request that we stop processing your data in certain ways. You can disconnect individual providers at any time to stop data syncing for that account.
Objection (Art. 21) — Object to processing based on legitimate interest.
Withdraw consent — For processing based on consent (e.g., marketing emails), you can withdraw at any time from Settings → Alerts & Notifications, without affecting the lawfulness of prior processing.

If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

7. Data retention

Data	Retention period	Basis
User financial data (balances, positions, snapshots)	Until account deletion	Contract performance
Provider credentials (OAuth tokens, API keys)	Until provider disconnected or account deleted	Contract performance
Stripe invoices and payment records	7 years after creation	Dutch fiscal retention obligation
Application logs (no PII)	90 days	Operational / security
Account deletion audit record (anonymised)	30 days	Legitimate interest (fraud prevention)

When you delete your account, all encrypted financial data is permanently destroyed via crypto-shredding — your personal encryption key is deleted, making all associated data mathematically irrecoverable. This is a legally recognised GDPR deletion strategy.

8. Cookies

Gylder uses only essential cookies that are strictly necessary for the service to function. We do not use analytics cookies, advertising cookies, or tracking technologies of any kind.

Cookie	Purpose	Duration
gylder_session	Authentication — keeps you logged in	60 minutes
gylder_access	Authentication — session management	60 minutes
gylder_refresh	Authentication — extends your session	30 days
gylder_auth_state / gylder_auth_user	Temporary — two-factor authentication flow	5 minutes
gylder_oauth_reconnect	Temporary — bank reconnection flow	10 minutes

All cookies are HttpOnly (not accessible to JavaScript), use the Secure flag in production (HTTPS only), and are set with SameSite=Lax. Essential cookies do not require consent under GDPR (Recital 32, ePrivacy Directive Art. 5(3)).

9. Changes to this policy

We will notify you by email of any material changes to this privacy policy at least 30 days before they take effect. The current version is always available at gylder.nl/privacy.

10. Contact

For any privacy-related questions, data access requests, or to exercise your rights: legal@gylder.nl

cdum B.V.
Boxmeerstraat 129
5043ZC Tilburg
The Netherlands