Aurum / Prism←Home
Legal · Privacy

Privacy Policy

Last updated — 9 May 2026

    Contents
  1. 1. Who we are
  2. 2. What data we collect
  3. 3. Why we collect it
  4. 4. Who we share it with
  5. 5. Cross-border transfers
  6. 6. How long we keep it
  7. 7. Your rights
  8. 8. Cookies & analytics
  9. 9. Security
  10. 10. Contact

1. Who we are

Aurum Prism (“Aurum Prism”, “we”, “us”) operates this institutional deal-flow platform. Aurum Prism is the data controller for personal data processed on the Platform. Our registered office is in Singapore.

2. What data we collect

We collect only what is necessary to operate Prism as an institutional deal-flow platform:

  • Identity — full name, role, firm, jurisdiction, identification documents (passport / certificate of incorporation / beneficial-ownership disclosure) collected during onboarding.
  • Contact — email address, business telephone, and postal correspondence address.
  • Transactional — IOIs, subscriptions, capital calls, distributions, statements, and the audit trail tying each action to an actor.
  • Technical — IP address, browser type, session tokens, device fingerprint, and authentication logs needed to protect the Platform.
  • Optional — language preference, theme preference, and other UX settings you choose to store.

3. Why we collect it

We process personal data to (a) deliver the Platform you have contracted for; (b) comply with legal obligations including the Singapore Personal Data Protection Act 2012 (“PDPA”), the EU General Data Protection Regulation (“GDPR”) where it applies, and anti-money-laundering law; (c) protect the Platform from fraud, sanctions exposure, and unauthorised access; and (d) improve the Platform on the basis of aggregated analytics.

We do not sell your personal data and we do not use it for third-party advertising.

4. Who we share it with

We share personal data only with parties who need it to deliver the Platform — and only under contractual obligation to handle it consistently with this Policy:

  • Counter-parties — issuer counsel, fund administrators, and Aurum Prism operating staff for the specific deals you subscribe to or are invited to review.
  • Service providers — hosting, identity verification, KYC screening, email delivery, and cloud-storage providers under written processor agreements.
  • Regulators & law enforcement — where compelled by law, court order, or a legitimate regulatory request.

Append the live list of sub-processors (Vercel, Upstash, Resend, identity-verification vendor) once contracts are countersigned.

5. Cross-border transfers

Personal data processed by Prism may be transferred outside Singapore — most often to data centres in Asia-Pacific, the United States, or the European Economic Area run by our hosting and email-delivery providers. We rely on contractual safeguards (PDPA-aligned model clauses or GDPR Standard Contractual Clauses, as applicable) to provide a comparable standard of protection in the receiving country.

6. How long we keep it

We retain personal data only as long as necessary for the purposes listed above. Indicative retention windows:

  • KYC and identity records — five (5) years after termination of the relationship, in line with MAS Notice 626 / the AML/CFT framework.
  • Transactional and audit-log records — seven (7) years from the date of the transaction, or longer if required by tax law.
  • Marketing-style contact data — until you withdraw consent or two (2) years of inactivity, whichever is sooner.
  • Server logs and security telemetry — twelve (12) months rolling.

Confirm retention windows with counsel and operations — particularly the AML record-keeping period under the relevant MAS notice.

7. Your rights

Subject to the PDPA and, where applicable, GDPR, you have the right to access your personal data, request correction, request deletion, restrict processing, withdraw consent, and lodge a complaint with the Personal Data Protection Commission of Singapore or your local data- protection authority.

To exercise any of these rights — or to request deletion of your account — write to admin@aurumprism.com. We respond within thirty (30) days of receiving a verifiable request, or sooner where law requires.

8. Cookies & analytics

Prism uses a small number of strictly-necessary cookies (for authentication and theme preference) and limited first-party analytics. See our dedicated Cookie Policy for the full list and opt-out instructions.

9. Security

We protect personal data with industry-standard administrative, technical, and physical controls including TLS in transit, encryption at rest for credential and document stores, role-based access control, audit logging of administrative actions, and regular review of staff access.

10. Contact

For privacy questions, deletion requests, or complaints write to admin@aurumprism.com. For broader questions about the Platform's legal basis see the Terms of Service and Risk Disclosures.

© 2026 Aurum Prism·Confidential
TermsPrivacyRisk DisclosuresCookies