Cookies

We'd like to use optional analytics cookies to understand site usage and improve AcquireEU. You can accept or reject them. See our Privacy Notice.

Privacy Notice

Last updated: April 2026

This Privacy Notice explains how AcquireEU collects, uses, and protects your personal information when you use our website and platform.

1. Information we collect about you (The User)

When you register for an account and use our service, we collect:

  • Account data: Your email address and authentication credentials.
  • Usage data: Information about how you interact with our platform (e.g., search queries, filters used, saved companies, alert preferences) to provide and improve the service.
  • Payment data: We use Paddle as our merchant of record. We do not store your full credit card details on our servers. Paddle collects and processes this safely on our behalf.

2. How we use your information

  • To provide, maintain, and secure your account.
  • To send you transactional emails (e.g., login links, billing updates) and requested alerts (e.g., daily digests).
  • To analyze platform usage and improve our product.
  • To process payments via our payment provider (Paddle).

3. Information we aggregate (Public Data)

AcquireEU aggregates data regarding corporate entities from public insolvency registries across Europe. This data may occasionally contain personal data of corporate officers or insolvency practitioners (such as names or professional email addresses) as published by those public registries.

We act as a data controller for the purpose of aggregating and organizing this already-public data under the lawful basis of legitimate interest (providing a B2B search tool). We do not use this data for marketing purposes.

4. Data sharing and third parties

We do not sell your personal data. We use the following third-party sub-processors to run our service:

  • Supabase: Database and authentication hosting (EU region).
  • Paddle: Payment processing and subscription management.
  • Resend: Transactional email delivery.
  • Vercel: Application hosting.
  • Google (Gemini API): AI summarization of public registry filings. Inputs are not used to train Google's models.
  • Google Analytics 4: Optional traffic analytics, loaded only after you accept the cookie banner.

5. Cookies and analytics

We use a consent banner to ask for permission before loading optional analytics. If you accept, Google Analytics may set cookies or similar identifiers to help us understand site traffic and improve the product. If you reject, those analytics tools will not load.

6. International data transfers

Our primary data hosting is in the European Union (Supabase, Ireland — eu-west-1). However, some of our sub-processors operate or route data through servers outside the EEA:

  • Vercel: Hosts the application across a global edge network. Origin compute may run in EU regions; static assets and edge functions may be served from the nearest CDN node, including outside the EEA.
  • Resend: Transactional email delivery infrastructure operates in the United States.
  • Google (Gemini API): AI summarization requests may be processed in the United States.

Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and adequacy decisions where applicable. Sub-processors are bound by data processing agreements that include these safeguards.

7. Data retention

We keep personal data for the periods described below:

  • Account data (email, profile, preferences) — for as long as your account exists. Deleted within 30 days of account closure, except where we are required to retain it for legal or accounting reasons (typically up to 7 years for invoices).
  • Usage events and product analytics — 12 months, then aggregated or deleted.
  • Application error logs — 30 days.
  • Database backups — Supabase Point-In-Time-Recovery snapshots are retained for 7 days; daily backups for 30 days.
  • Aggregated public registry data (insolvency filings, etc.) — retained indefinitely as part of the directory; this data is sourced from public registries and is not covered by the personal-data retention rules above.

8. Your rights

Under the GDPR, you have the right to access, correct, export, or delete your personal data, restrict or object to its processing, and lodge a complaint with a supervisory authority. You can delete your account and all associated personal data from the Account Settings page, or by contacting us.

Enterprise customers may also request a signed Data Processing Agreement (DPA) — see our standard DPA for details.

9. Contact

For any privacy-related requests, please contact us at hello@acquireeu.com.