BuysidersExclusive funds performance reports, for the buysiders memberLearn more
Legal · Buysiders

Privacy Policy

Last updated · May 13, 2026

Buysiders Group (“Buysiders,” “we,” “us,” or “our”) operates the website atbuysidersgroup.com, the Buysiders Workspace product, the Buysiders newsletters, and related editorial, research, and intelligence services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal data when you visit our properties, use our Services, or otherwise interact with us. We are committed to handling personal data fairly and lawfully in accordance with applicable data-protection laws, including the EU General Data Protection Regulation (the “GDPR”) where applicable, the California Consumer Privacy Act / California Privacy Rights Act (collectively, “CCPA”) where applicable, and other privacy and data protection laws of the jurisdictions in which we operate.

§1Who we are and how to contact us

The data controller (the “organisation” or “controller” under applicable data-protection laws) responsible for your personal data is Buysiders Group. You can reach our Data Protection Officer (“DPO”) by writing to privacy@buysidersgroup.com. EU/EEA residents may also contact our designated EU representative at the same address, and California residents may direct CCPA enquiries to the same address.

§2The personal data we collect

We collect personal data in the following categories:

  • Account data. Name, email address, password (stored as a salted hash), professional role, firm, and verification status when you register for a Buysiders account or apply for the Workspace waitlist.
  • Communications data. Newsletter subscriptions, content preferences, the messages you send us, and any feedback you submit through forms or surveys.
  • Usage data. Pages viewed, articles read, searches submitted, features used, session duration, referring URLs, device identifiers, browser type, operating system, IP address, and approximate geo-location derived from IP.
  • Commercial data. Where you subscribe to a paid product, billing name, billing address, tax identifiers, and limited card metadata returned by our payment processors. We do not store full payment card numbers; these are processed by PCI-DSS-compliant providers.
  • Professional data. Where you opt in to the Buysiders directory or networking features, your professional headline, employer, links, and any biographical information you choose to publish.
  • Public-source data. Where you appear in publicly available filings (for example, SEC Form D, EDGAR, Y Combinator’s public company directory, or Wikidata), we may ingest, normalise, and surface such information to our institutional users as part of our market-intelligence database. This processing is grounded in our legitimate interests (Article 6(1)(f) GDPR) in providing accurate market intelligence to a professional audience, balanced against the data subject’s reasonable expectations given the public nature of the source.
  • Cookies and similar technologies. See Section 6 below.

§3How we use personal data

We use personal data for the following purposes, on the lawful bases set out below.

  • To provide the Services. Account creation, authentication, content delivery, personalisation, and customer support. (Contract; consent.)
  • To send transactional and editorial communications. Service notices, security alerts, billing notices, and the newsletters you have subscribed to. You may unsubscribe from non-essential communications at any time. (Contract; legitimate interests; consent.)
  • To improve our products. Analytics, A/B testing, performance monitoring, error tracing, and aggregated usage research. Where feasible, we work with aggregated or pseudonymised data. (Legitimate interests.)
  • To protect the integrity of our Services. Fraud prevention, abuse detection, rate-limiting, and information-security monitoring. (Legitimate interests; legal obligation.)
  • To comply with law. Responding to lawful requests from regulators, law enforcement, and courts, and meeting our obligations under tax, accounting, and financial-services laws. (Legal obligation.)
  • To market our products. Where permitted, we may send you information about new Buysiders products and editorial offerings. You may opt out at any time via the unsubscribe link or by writing to our DPO. (Legitimate interests / consent, depending on jurisdiction.)

§4How we share personal data

We do not sell personal data. We share personal data only with the following recipients and only to the extent necessary for the purposes described above:

  • Service providers. Hosting (Vercel, Supabase), email delivery (e.g. Resend), analytics, customer-support tooling, payment processors (e.g. Stripe), and similar processors that act on our documented instructions under written data-processing agreements.
  • Professional advisers. Lawyers, auditors, accountants, and insurers, where required to obtain advice or to defend legal claims.
  • Authorities. Regulators, courts, and law enforcement where disclosure is required by law, or where we reasonably believe disclosure is necessary to prevent serious harm.
  • Corporate transactions. A prospective buyer, investor, or successor entity in connection with any merger, acquisition, financing, or sale of all or substantially all of our assets, subject to confidentiality and to this Privacy Policy continuing to apply to your personal data.

§5International data transfers

We use service providers in the United States, the European Economic Area, the United Kingdom, and other jurisdictions. Where we transfer personal data across borders, or out of any jurisdiction with cross-border-transfer restrictions, we rely on a recognised transfer mechanism: for EEA/UK transfers, the European Commission’s Standard Contractual Clauses (SCCs) and, where required, supplementary technical and organisational measures; for other restricted transfers, contractual undertakings binding the recipient to a comparable standard of protection. Copies of the relevant transfer mechanisms are available on request from our DPO.

§6Cookies and similar technologies

We use first-party and third-party cookies, local storage, and similar technologies to operate the Services, remember your preferences, measure performance, and (where consented) deliver and measure advertising. We classify these technologies as follows:

  • Strictly necessary. Required for authentication, session management, security, and basic functionality. Cannot be disabled through our consent interface.
  • Functional. Remember your preferences (for example, persona mode, sidebar state, language).
  • Analytics. Aggregated traffic and usage analytics. We use privacy-preserving analytics where feasible and minimise identifiers.
  • Advertising. Where deployed, used to measure campaign performance and, on an opt-in basis where required by law, to personalise advertisements. We do not run ad networks that perform cross-context behavioural advertising on minors.

Where required by law, we display a consent interface that lets you accept, reject, or fine-tune non-strictly-necessary categories. You can also manage cookies through your browser settings; doing so may impair some features of the Services.

§7Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, or reporting requirements. Account data is retained for the life of your account and for a reasonable period thereafter to handle disputes and meet record-keeping obligations. Server logs are typically retained for ninety (90) days. Newsletter records are retained while you remain subscribed and for a period sufficient to demonstrate consent. We may retain de-identified or aggregated data indefinitely.

§8Security

We maintain administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include transport-layer encryption, encrypted credentials at rest, role-based access controls, principle-of-least-privilege for our staff and processors, periodic security reviews, and an incident-response plan. No system is perfectly secure; we cannot guarantee absolute security.

§9Your rights

Subject to applicable law, you have the following rights in relation to personal data we hold about you. We will respond to verified requests within the timelines required by applicable law (generally thirty (30) days under applicable data-protection laws, one (1) month under the GDPR, forty-five (45) days under the CCPA).

  • Access & portability. Request a copy of the personal data we hold about you and, where technically feasible, in a portable format.
  • Correction. Ask us to correct inaccurate or incomplete personal data.
  • Deletion / erasure. Ask us to delete your personal data, subject to legal-retention obligations.
  • Restriction & objection. Ask us to restrict or object to certain processing, including direct marketing.
  • Withdrawal of consent. Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
  • Opt-out of sale / sharing. California residents may direct us not to sell or share personal data. Buysiders does not sell personal data, but you may exercise this right via privacy@buysidersgroup.com.
  • Lodge a complaint. You may complain to the data-protection authority in your jurisdiction, to your local EU data-protection authority, or to the California Privacy Protection Agency.

To exercise any of these rights, email privacy@buysidersgroup.com. We will verify your identity before responding. We do not discriminate against users who exercise their privacy rights.

§10Children

The Services are intended for institutional and professional audiences and are not directed to children under the age of eighteen (18). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact our DPO so we can delete it.

§11Third-party links and content

The Services include links to third-party websites and surface information about third-party companies. We are not responsible for the privacy practices of third parties; their handling of your personal data is governed by their own policies.

§12Compliance program

Buysiders maintains a written information-security and privacy program reviewed at least annually. The program covers data classification, access control, vendor diligence, encryption standards, breach-response procedures, and staff training. Material incidents affecting personal data are notified to affected individuals and to competent authorities within the timelines required by law, including within seventy-two (72) hours for notifiable breaches under applicable data-protection laws, GDPR Article 33 (within seventy-two (72) hours), and any other applicable notification regime.

§13Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make a material change, we will post the updated version with a new “Last updated” date and, where required, provide additional notice (for example, by email or by an in-product banner). Continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy, to the extent permitted by law.

§14Contact us

Questions about this Privacy Policy or about how we handle personal data should be addressed to:

Buysiders Group
Attention: Data Protection Officer
privacy@buysidersgroup.com

Membership

Step inside the buyside.

Apply for Membership

Analyst $99/mo · Investor $2,499/mo · Partner by invitation