Aethelred logo Aethelred
Contact Start Building
Legal

Privacy Policy

How Aethelred Foundation collects, uses, and protects personal data across its digital properties.

Effective 2026-03-05Last updated 2026-04-06

Section 1

Scope and controller

Who this policy applies to

This policy applies to visitors, community participants, institutional contacts, and job candidates who interact with Aethelred Foundation websites, forms, events, and direct communications.

It does not apply to third-party platforms we link to (for example Discord, X, GitHub), which run under their own privacy policies.

Data controller

Aethelred Foundation acts as the data controller for website operations. You can reach the Foundation's privacy contact at privacy@aethelred.org.

Section 2

Personal data we collect

We collect only what is needed to operate the site, respond to requests, and honour consent preferences.

Data you provide directly

  • Contact details submitted via inquiry, newsletter, or investor-access forms: name, email, institution, role, region, and the message body.
  • Consent signals recorded when you accept, reject, or adjust cookie and communication preferences.
  • Correspondence exchanged by email or through diligence channels, including attachments.

Data collected automatically

  • Technical metadata such as browser type, device class, viewport, and language.
  • Security telemetry including IP-derived hashes, rate-limit signals, and request timing used only for abuse detection.
  • Analytics covering page, event, and navigation data — captured only after the Analytics category is explicitly enabled in cookie preferences.
Section 3

How we use data

Operational purposes

  • Respond to investor, partner, developer, and governance inquiries.
  • Maintain site reliability, prevent abuse, and enforce the Terms of Use.
  • Measure aggregate performance (only with Analytics consent).
  • Communicate product, governance, and ecosystem updates to people who opted in.

What we never do

  • Sell personal data to third parties.
  • Use submissions for automated decision-making with legal effect.
  • Ship advertising identifiers or cross-site trackers.
Section 4

Legal bases for processing

Under GDPR and equivalent regimes, each processing activity maps to at least one lawful basis.

  • Consent — analytics cookies, marketing communications, optional form fields.
  • Contract — responding to requests you initiated, including investor diligence.
  • Legitimate interest — security telemetry, abuse prevention, essential site operation.
  • Legal obligation — compliance, tax, and regulatory record keeping.
Section 5

Third-party processors

We rely on a short list of vetted processors who act only on our written instructions.

  • Infrastructure — web hosting, edge CDN, DNS, TLS.
  • Communications — transactional email and ticketing.
  • Analytics — privacy-preserving analytics, activated only with consent.
  • Security — abuse detection and rate-limiting services.

A current list of named sub-processors is available on request from privacy@aethelred.org.

Section 6

Data retention

  • Inquiry and investor-access submissions — up to 24 months after the last interaction, then archived or deleted.
  • Security telemetry — up to 13 months, then aggregated or discarded.
  • Consent records — kept as long as required by law to evidence opt-in or opt-out choices.
  • Correspondence — retained per contract lifecycle plus statutory limits.
Section 7

International transfers

Where personal data moves outside your country of residence, Aethelred Foundation uses contractual safeguards including Standard Contractual Clauses (SCCs), data-processing addenda, and — where available — adequacy decisions.

Transfer records and impact assessments are maintained and available to regulators on lawful request.

Section 8

Your rights

Depending on your jurisdiction, you may exercise any of the rights below. Cookie-specific preferences are managed through the Cookie Policy.

  • Access — a copy of personal data we hold about you.
  • Rectification — correction of inaccurate or incomplete data.
  • Erasure — deletion subject to legal retention requirements.
  • Restriction — pausing processing while a request is evaluated.
  • Objection — opting out of processing based on legitimate interest.
  • Portability — a machine-readable copy of data you provided.
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Lodge a complaint — with a supervisory authority in your jurisdiction.

Send requests to privacy@aethelred.org. We respond within one calendar month.

Section 9

Changes to this policy

We update this policy when our practices change or when required by law. The current version is identified by the effective date at the top of the page. Material changes are announced at least fourteen days in advance via the Aethelred channels listed at the end of this document.

Section 10

Contact

Privacy inquiries

privacy@aethelred.org

General contact

Contact the team