Effective date: March 25, 2025
Introduction
EquiRound is operated by Hey Data Pty Ltd (“we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, and protect your information when you use the EquiRound platform and website (equiround.com).
By using EquiRound, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.
- Account information — name, email address, password, company name, and role
- Equity data — cap table records, stakeholder details, share classes, funding rounds, ESOP grants, convertible instruments, and related financial data you enter into the platform
- Billing information — payment method details, billing address, and transaction history (processed by our payment provider)
- Documents — files you upload to the platform, such as equity agreements and grant letters
- Communications — messages you send to us via email or support channels
- Usage data — pages visited, features used, actions taken within the platform, and session duration
- Device information — browser type, operating system, screen resolution, and device identifiers
- Network information — IP address, approximate geographic location, and referring URL
- Cookies and similar technologies — see the Cookies & Tracking section below
If you sign in using a third-party authentication provider (such as Google), we receive your name, email address, and profile information as permitted by your account settings with that provider.
We use your information to:
- Provide the service — manage your account, display your cap table, process equity calculations, and deliver platform features
- Process payments — handle billing, invoices, and subscription management
- Communicate with you — send service-related notifications, respond to support requests, and share important updates about your account
- Improve the platform — analyse usage patterns to improve features, fix issues, and develop new functionality
- Ensure security — detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations — meet regulatory, tax, and legal requirements
We do not use your equity data to train machine learning models, build aggregate datasets, or for any purpose other than providing the service to you.
Legal Basis for Processing
If you are in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:
- Contract performance — processing necessary to provide the service you signed up for
- Legitimate interests — improving our service, ensuring security, and communicating with you, where these interests are not overridden by your rights
- Consent — where you have given explicit consent, such as for optional marketing communications
- Legal obligation — where processing is required to comply with applicable law
Data Sharing and Third Parties
We do not sell, rent, or trade your personal information or equity data. We share data only in the following circumstances:
- Service providers — we use third-party cloud infrastructure providers to host the platform and payment processors to handle billing. These providers process data on our behalf under strict contractual obligations and are prohibited from using your data for their own purposes.
- At your direction — when you invite collaborators (investors, advisors, employees, lawyers, or accountants) to access your cap table, you control what they can see through role-based permissions.
- Legal requirements — if required by law, court order, or government request, we may disclose information to the extent necessary to comply.
- Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.
Data Storage and Security
We take the security of your data seriously, particularly given the sensitive nature of equity and financial information.
- Encryption at rest — all data is encrypted using AES-256 encryption
- Encryption in transit — all data transmitted between your browser and our servers is protected with TLS 1.3
- Access controls — access to production data is restricted to authorized personnel on a need-to-know basis
- Authentication — we support secure authentication methods including multi-factor authentication
- Infrastructure — our platform is hosted on enterprise-grade cloud infrastructure with built-in redundancy and disaster recovery
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Data Retention
- Active accounts — we retain your data for as long as your account is active and as needed to provide the service
- Account deletion — when you delete your account, we will delete your personal data and equity data within 30 days, except where retention is required by law (such as billing records for tax purposes)
- Backups — data may persist in encrypted backups for up to 90 days after deletion before being permanently removed
Your Rights
Depending on your location, you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your personal data
- Portability — receive your data in a structured, machine-readable format (such as CSV export)
- Objection — object to processing based on legitimate interests
- Restriction — request that we restrict processing of your data in certain circumstances
- Withdraw consent — withdraw consent at any time where processing is based on consent
For California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information.
For Australian Residents
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.
To exercise any of these rights, please contact us. We will respond within 30 days.
Cookies and Tracking
We use cookies and similar technologies to:
- Essential cookies — maintain your session, remember your authentication state, and ensure the platform functions correctly. These cannot be disabled.
- Analytics cookies — understand how the platform is used so we can improve it. These are anonymised and do not identify you personally.
You can control cookies through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.
We do not use third-party advertising cookies or tracking pixels.
International Data Transfers
EquiRound operates globally and serves users in multiple countries. Your data may be processed in countries other than your own, including Australia and the United States.
Where we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.
Children’s Privacy
EquiRound is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the platform at least 14 days before the changes take effect.
The “Effective date” at the top of this page indicates when the policy was last updated.
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us.
Data Controller: Hey Data Pty Ltd