Privacy Policy

Last updated: 16 June 2026

This Privacy Policy explains how PRIVIEW LIMITED collects, uses, stores and protects personal data.

PRIVIEW LIMITED is a company incorporated in England and Wales with company number 16566134 and registered office at 1 Lyric Square, London W6 0NB.

In this Privacy Policy, “PRIVIEW”, “we”, “us” and “our” mean PRIVIEW LIMITED.

If you have any questions about this Privacy Policy or how we handle personal data, please contact us at:
Email: contact@priview.com

1. What PRIVIEW does

PRIVIEW provides a software platform and related services for investors in private funds. Our platform helps customers analyse private fund data, including capital account statements, financial reports, investment schedules, exposure data, performance data and other portfolio information.

We also use aggregated and anonymised data to produce benchmarking, analytics and market-insight features, where customers participate in our Collective Data programme.

2. Who this Privacy Policy applies to

This Privacy Policy may apply to you if you are:

  • a visitor to our website;
  • a prospective customer, investor, supplier or business contact;
  • a customer representative or authorised platform user;
  • a signatory to a contract, order form, NDA or other agreement with us;
  • a person whose personal data appears incidentally in documents or data provided to us by a customer;
  • a supplier, contractor, adviser or other person who interacts with us.

Not every section of this Privacy Policy will apply to every person. For example, website visitor data is different from customer platform data.

3. Our role under data-protection law

Depending on the context, we may act as either a controller or processor.

We usually act as a processor where we process customer fund data, portfolio information, uploaded documents or related data on behalf of a customer, investor or other client. In those cases, the customer generally determines the purposes and means of the processing.

We usually act as a controller where we process personal data for our own business purposes, including account administration, website operation, business development, contracts, billing, security, governance, compliance and supplier management.

Where we act as a processor, we process personal data in accordance with our customer’s instructions and any applicable agreement or documented arrangement with that customer.

4. Personal data we collect

We may collect and process the following categories of personal data.

Customer and user information

This may include:

  • names;
  • business email addresses;
  • job titles;
  • employer or organisation;
  • account login details;
  • role and permission information;
  • communications with us;
  • platform usage and support information.

Customer fund and portfolio data

Customers may provide documents and data relating to private fund investments. These may include:

  • capital account statements;
  • financial reports;
  • schedules of investments;
  • fund names;
  • portfolio company names;
  • holdings and exposure data;
  • performance information;
  • investor-related records;
  • other confidential fund or portfolio information.

These documents are primarily commercial and investment-related. They may, however, incidentally contain personal data, such as names, email addresses, signatures, job titles or other personal information included in documents provided to us.

Website and business development data

When you visit our website or communicate with us, we may process:

  • contact details;
  • enquiry content;
  • business development notes;
  • website usage information;
  • technical information such as IP address, browser type, device type and usage logs;
  • cookie or analytics information, where enabled.

Contract, billing and legal records

We may process:

  • contract details;
  • signatory names and job titles;
  • signatures;
  • billing contacts;
  • invoices;
  • accounting records;
  • tax records;
  • legal and compliance correspondence.

Security and audit data

We may process security and audit information, including:

  • login and access logs;
  • security event logs;
  • device and endpoint evidence;
  • administrator records;
  • incident records;
  • access-review records;
  • audit and compliance evidence.

5. How we collect personal data

We collect personal data from:

  • customers and their authorised users;
  • documents and data uploaded or shared with us;
  • customer portals, reporting inboxes or shared folders;
  • our website and enquiry channels;
  • contracts, order forms, NDAs and other business documents;
  • suppliers, service providers and professional advisers;
  • public sources, where relevant for business development, company or manager research, or market context;
  • our own platform, infrastructure, security and monitoring systems.

6. How we use personal data

We use personal data for the following purposes.

Providing our platform and services

We use customer data to provide portfolio analytics, exposure analytics, performance attribution, benchmarking, monitoring, reporting, document processing and related services.

Account and access administration

We use personal data to create accounts, manage access, authenticate users, administer permissions, manage customer folders and provide support.

AI-assisted processing

We may use AI-assisted tools to support document extraction, classification, summarisation, portfolio analysis, customer query responses, enrichment and related platform functionality.

Where we use AI to process customer data, we apply access controls, data minimisation, logging controls and vendor controls. We do not use customer confidential data to train public AI models. We also do not permit staff to input customer confidential data, credentials or secrets into public AI tools.

AI outputs may be reviewed or subject to human oversight depending on the workflow. Users should not treat AI-assisted outputs as a substitute for their own review, professional judgement or verification.

Collective Data programme

Where a customer participates in our Collective Data programme, we may use contributed data to produce anonymised and aggregated benchmarks, analytics, scores, distributions, market insights or similar outputs.

We design Collective Data outputs so that they do not identify any individual investor, customer, fund, position, mark, holding or underlying data point. We apply aggregation thresholds and anonymisation controls before outputs are displayed or used.

Where the creation of Collective Data involves personal data, we rely on legitimate interests, contractual arrangements, documented customer agreement or another applicable lawful basis depending on the context. Our legitimate interest is to improve the usefulness of our platform and provide benchmarking and analytics features to participating investors, while applying safeguards to reduce privacy risk.

Security, monitoring and fraud prevention

We process personal data to protect our platform, systems and customers, including to monitor access, investigate incidents, manage vulnerabilities, maintain logs and prevent unauthorised access.

Contracts, billing and business operations

We process personal data to manage contracts, order forms, NDAs, billing, accounting, tax, insurance, governance and business administration.

Legal and compliance

We process personal data to comply with legal obligations, respond to lawful requests, maintain records, manage disputes and demonstrate compliance with security, privacy and contractual obligations.

Website, marketing and business development

We may use personal data to respond to enquiries, manage business relationships, send relevant business communications and improve our website and services. We do not sell personal data.

7. Lawful bases for processing

Depending on the activity, we rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to enter into or perform a contract.
  • Legitimate interests: where processing is necessary for our business, security, product, analytics or customer-service interests, provided those interests are not overridden by individual rights and freedoms.
  • Legal obligation: where processing is necessary to comply with legal, tax, accounting or regulatory obligations.
  • Consent: where consent is required, such as for certain optional marketing or cookie activities.
  • Processor instructions: where we process personal data on behalf of a customer as processor.

Our legitimate interests may include providing and improving our services, securing our systems, managing customer relationships, producing anonymised and aggregated insights, preventing misuse, administering contracts and operating our business.

8. AI and automated processing

We may use AI-assisted tools as part of our services and internal operations. These tools may help with:

  • extracting information from documents;
  • mapping or classifying data;
  • generating summaries;
  • answering customer queries using customer-scoped data;
  • enriching company or manager information from public sources;
  • supporting internal drafting or research using non-confidential information.

We do not allow customer confidential data to be entered into public AI tools. Where we use AI providers for customer data processing, we use enterprise or controlled service arrangements where customer data is not used to train the provider’s general models.

Some AI processing may take place outside the United Kingdom or European Economic Area, depending on the provider, service and configuration. Where this occurs, we apply appropriate contractual, technical and organisational safeguards.

We do not use AI to make legally binding decisions about individuals.

9. Who we share personal data with

We may share personal data with:

  • our authorised personnel and contractors;
  • hosting, database and infrastructure providers;
  • cloud storage and backup providers;
  • authentication, security and monitoring providers;
  • email and communications providers;
  • electronic signature and document-management providers;
  • accounting, finance and tax providers;
  • professional advisers, insurers and legal advisers;
  • regulators, courts, authorities or other parties where required by law;
  • customers or users where required to provide the services.

Our key technology and operational providers may include providers such as Supabase, AWS, Vercel, Google Workspace, GitHub, 1Password, Adobe, Xero, ZeptoMail and selected search or enrichment providers. The exact providers used may change over time.

Adobe Sign stores our documents in Dublin, Ireland.

We maintain vendor and subprocessor records and can provide further information on relevant subprocessors where appropriate.

10. International transfers

Some of our service providers may process personal data outside the United Kingdom or European Economic Area.

Where personal data is transferred internationally, we take steps designed to ensure that appropriate safeguards are in place. These may include adequacy regulations, Standard Contractual Clauses, the UK International Data Transfer Addendum, the UK International Data Transfer Agreement or other lawful transfer mechanisms.

Some AI, search, enrichment, email or cloud services may involve processing outside the UK or EEA. We assess these providers and apply appropriate contractual, technical and organisational controls.

11. Security

We use technical and organisational measures designed to protect personal data and customer confidential data. These include, where appropriate:

  • access controls and least-privilege permissions;
  • multi-factor authentication;
  • encryption in transit and at rest;
  • endpoint encryption;
  • password-management controls;
  • restricted customer folders and vaults;
  • audit logging and monitoring;
  • backup and recovery controls;
  • vendor due diligence;
  • staff confidentiality obligations;
  • incident-response procedures.

No system can be guaranteed to be completely secure, but we take reasonable steps to protect data against unauthorised access, disclosure, alteration or destruction.

12. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required by law, contract, accounting, tax, insurance, dispute-resolution or governance requirements.

Customer operational data is retained in accordance with the applicable customer arrangement and our retention procedures. Where a customer requests deletion of customer data, we will handle that request in accordance with the relevant agreement, documented arrangement and applicable law.

Some backup copies, logs or archive records may persist for a limited period after deletion from live systems, until they expire under the relevant backup, logging or retention process.

Contract, accounting, legal, insurance and corporate records may be retained for longer where necessary for legal, tax, audit or legitimate business purposes.

13. Cookies and website analytics

Our website may use cookies or similar technologies to operate the site, understand usage and improve our services.

Cookies may include:

  • strictly necessary cookies;
  • preference or functionality cookies;
  • analytics cookies, where enabled;
  • marketing cookies, where enabled.

Where required, we will ask for consent before setting non-essential cookies. You can also control cookies through your browser settings.

14. Your rights

Depending on the circumstances and applicable law, you may have the right to:

  • access your personal data;
  • request correction of inaccurate personal data;
  • request deletion of personal data;
  • restrict processing;
  • object to processing based on legitimate interests;
  • object to direct marketing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • complain to a supervisory authority.

These rights may be subject to legal limits, especially where we process data as a processor on behalf of a customer. If your request relates to personal data contained in customer data, we may need to refer the request to the relevant customer.

To exercise your rights, contact us at contact@priview.com.

15. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office:

Website: www.ico.org.uk

Telephone: 0303 123 1113

If you are based outside the UK, you may also have the right to complain to your local data-protection authority.

16. Children

Our services are intended for business and professional users. They are not directed at children, and we do not knowingly collect personal data from children.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, take steps to notify users or customers.

18. Contact us

For privacy questions, requests or concerns, contact:

PRIVIEW LIMITED

1 Lyric Square

London W6 0NB

United Kingdom

Email: contact@priview.com