Anduin Transactions, Inc. (“Anduin”, “we,” “us,” or “our”) is committed to protecting the privacy of our users’ information. The following policy (the “Privacy Policy”) describes how we collect, use, and disclose information we receive from users of our website, products and services (collectively, the “Services”) in the European Union (collectively, “you” or “users”). For the purposes of compliance with the EU General Data Protection Regulation (“GDPR”), depending on the information and situation, we may either be the “controller” or the “processor” of any information relating to you that (“Personal Data”) we receive.

Information Collected

We collect different types of information from users through our Services.

Account information. We collect information in order to create your account and to understand your specific needs in order to serve you better. Account information includes but is not limited to login credential, your name, email address, or phone number.

Contact information. You can choose to store your contacts on our Services to make it easier for you to do things like share and collaborate on a matter or invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use as well.

Organization information and activities. You can choose to create or join an organization in order to securely share assets and collaborate with your organization members. We also analyze the activities to (i) improve the Services’ usability and (ii) support users and troubleshoot issues.

Customer Data. In the course of using our Services, you may electronically submit data or information to us (each, the “Customer Data”). This information will be transmitted to our servers solely for the purposes of completing the intended transaction. Anduin does not see, review, share, distribute, or reference any such Customer Data except as explained in accordance with the Anduin Terms of Service (the “TOS”) or as may be required by applicable law. In accordance with the TOS, Anduin may access Customer Data only: (i) to provide the Services, (ii) to prevent or address service or technical problems, (iii) upon an explicit request from you in connection with customer support matters, (iv) for product development, or (v) as may be required by applicable law.

Automated Information Collection

When you access our Services, some information is collected automatically. For example, when you access one of our websites, we automatically collect your browser’s internet protocol (IP) address, your browser type, the type and identifier of the device you are using such as a personal computer or a mobile device, the website(s) you recently visited prior to accessing any web-based Services, the actions you take on our Services, and the content, features, and activities in which you participate on our Services.

The information is collected automatically using technologies such as standard server logs, cookies, and web beacons. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. We use this automatically-collected information to administer, operate, and improve our Services, including more effective and targeted marketing. You can stop certain types of cookies from being downloaded to your device by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting

Third-Party Web Analytics Services

Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices, and other online services. On our Services, we use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email addresses, IP addresses, cookies, and other device identifiers) to evaluate, for example, the use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit

Usage and Disclosure of Information

General Uses and Disclosures. We use and share the information we collect from users for the purposes described below. When necessary, we will obtain your consent before using your data for these purposes. Currently, Anduin’s servers, and therefore your data, are located in the United States. Going forward, Anduin may transfer your data to other countries inside or outside the European Union using appropriate safeguards when appropriate:

  • Provision of Services to Website Users. If you visit our websites, we will use your information to process and respond to your requests, comments, inquiries, and other information you submit through our websites.
  • Provision of Services to Customers. If you are an Anduin customer, we will use your account and organization information to deliver our products and Services to you.
  • Improving our Services. We use your activity and auto-collected information to better understand your preferences and constantly improve our Services.
  • Disclosures to Service Providers. We only share your Personal Data with third-party service providers that are necessary for us to maintain and provide functionality to Anduin’s websites and applications, including email services and payment processing. We share only the minimum amount of Personal Data that these service providers absolutely need to perform their functions.
  • Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other third parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena or other legal process.
  • Protection of Individual’s Vital Interests. In exigent circumstances, we will use or share your Personal Data when doing so is necessary to protect an interest that is essential for an individual’s life.
  • Other Legitimate Interests. We will use and disclose your Personal Data when necessary for Anduin’s legitimate interests as long as such interests are not overridden by your interests, rights, and freedoms with respect to Personal Data.

Withdrawing Your Consent

At any time, you may withdraw your consent to Anduin for using, disclosing, or otherwise processing your Personal Data. You may withdraw your consent by emailing Anduin at, and following the instructions in our communications to you.

Please note that your withdrawal of consent to use certain Personal Data about you: (1) may limit our ability to deliver certain benefits and services to you, and (2) does not affect the legality of our processing activities based on your consent prior to your withdrawal.

Your Rights

Under the GDPR, you have the right to:

  • access the Personal Data we have about you;
  • be provided with information about how we process your Personal Data;
  • object to or restrict how we process your Personal Data;
  • correct any Personal Data we have you believe to be incorrect;
  • require us to erase the Personal Data we have about you; and
  • request the transfer of your Personal Data to a designated third party.

To exercise any of the rights above, please contact us at We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.

Retention of Personal Data

We will retain your Personal Data only as long as necessary to process requests or other submissions, fulfill the terms of our service contract(s) with you and comply with applicable law.

Security of Personal Data

No data transmitted over or accessible through the internet can be fully secure. While we attempt to protect all Personal Data, we cannot ensure or warrant that any Personal Data will be completely secure from misappropriation by hackers or criminal activities, or a failure of computer hardware, software, or a telecommunications network. We will notify you upon becoming aware of a security breach involving your Personal Data stored by or for us as soon as reasonably possible.

Filing a Complaint

You may file a complaint regarding this Privacy Policy or our privacy practices by contacting us. Additionally, you may file a complaint with the EU data protection authorities (the “DPAs”). Please contact us to be directed to the appropriate DPA contact(s).

Data Protection Officer

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. You may reach the Data Protection Officer at

Comments and Questions

If you have a comment, question, or request related to this Privacy Policy, please contact us at

Updates to Privacy Policy

We may periodically revise the Privacy Policy in our sole and absolute discretion to reflect changes in the law or our business practices. If we revise the Privacy Policy, we will post the updated Privacy Policy on our website. Changes to the Privacy Policy will become effective and will apply to the information collected starting on the date we post the revised Privacy Policy.


Last updated April 20, 2020