Effective date: March 15, 2026 · Last updated: May 12, 2026
Esta es una traducción de cortesía. El documento legal vinculante es la versión inglesa.
Voldier™ does not sell your personal data. We do not share your financial data with advertisers, data brokers, or any third parties except as described in this policy.
Voldier is a product of VOLDIER LIMITED, an Irish private company limited by shares with registered office in Dublin, Ireland (Companies Registration Office number IE [pending], Irish VAT number IE [pending]). For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), Voldier Limited is the Data Controller of personal data processed through the Service. This Privacy Policy describes how we collect, use, and protect information when you use our Operative Finance platform — accounts receivable automation, payment matching, and Invoice-On-Payment™ orchestration for EU SMBs.
General contact: [email protected] · Data Protection Officer: [email protected]
Lead supervisory authority: Irish Data Protection Commission (DPC) — dataprotection.ie.
When you use our payment reconciliation features, we may collect bank transaction data through licensed Account Information Service Providers (AISPs) authorised under PSD2 (Directive (EU) 2015/2366), process payment notification emails you forward, or ingest bank statement files you upload. We may collect:
We do not initiate transfers (we are not a Payment Initiation Service Provider), store online banking credentials, or access unrelated inbox content. For forwarded emails, we do not retain full inbox contents outside the payment records you intentionally submit.
We do not use your data to train AI/ML models sold to third parties. We may use aggregate, anonymized data to improve our own matching algorithms.
We share your information only in the following circumstances:
We do not sell, rent, or share your personal data with advertisers, data brokers, or marketing firms.
Voldier Limited acts as Data Controller in respect of personal data processed through the Service. Our lawful bases under Article 6 of the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") are:
Where Voldier performs any automated decisioning (for example in reconciliation matching), processing complies with GDPR Art. 22 — you have the right to obtain human intervention, express your point of view, and contest any decision that produces legal or similarly significant effects.
The payment trust mechanism is a Voldier-operated B2B payment-reputation product computed from the Service's reconciliation data. It is not a consumer credit-reference agency under the Consumer Credit Directive 2008/48/EC or the Irish Consumer Credit Act 1995, does not produce consumer credit decisions, and is not used to make adverse-action decisions in the consumer-credit sense. Aggregated, B2B-only reputation signals may be displayed to counterparties at the merchant's direction or with the merchant's consent.
Third-party referrals. Where the Service displays offers from independent third-party providers (accounts-receivable financing partners, working-capital providers, payment processors, accounting platforms), submitting an application transmits your application data to that third party. From that point forward, the third party's privacy policy governs that data. Voldier may receive referral compensation; commercial communications comply with the Unfair Commercial Practices Directive 2005/29/EC (UCPD), transposed in Ireland by the Consumer Protection Act 2007, and disclosure obligations of the ePrivacy Directive 2002/58/EC.
You may opt out of referral surfaces in account settings or by contacting [email protected].
We retain your data for as long as your account is active or as needed to provide the Service. After account termination:
We implement appropriate technical and organisational measures pursuant to GDPR Art. 32, aligned with ISO/IEC 27001 controls and the ICT risk-management requirements of the Digital Operational Resilience Act (Regulation (EU) 2022/2554, "DORA", applicable from 17 January 2025). These include TLS 1.3 for data in transit, AES-256 encryption for sensitive data at rest, bcrypt password hashing, role-based access controls, audit logging, regular penetration testing, and documented incident-response procedures. In the event of a personal data breach likely to result in risk to data subjects, Voldier notifies the Irish Data Protection Commission within 72 hours (GDPR Art. 33) and, where required, notifies affected data subjects (GDPR Art. 34).
As a data subject under the General Data Protection Regulation (Regulation (EU) 2016/679), you have the following rights (Articles 15 to 22):
To exercise these rights, contact our Data Protection Officer at [email protected] or email [email protected] with the subject "GDPR Request — [right you are exercising]". We respond within one month of receipt (GDPR Art. 12(3)); this may be extended by up to two further months for complex requests, with notification.
You may also submit a data deletion request at: Account Settings → Delete Account.
Voldier Limited is established in Ireland; our lead supervisory authority is the Irish Data Protection Commission (DPC) — dataprotection.ie. You also have the right to lodge a complaint with the supervisory authority of the EU/EEA member state in which you reside, work, or where the alleged infringement occurred (GDPR Art. 77).
Cookie use complies with the ePrivacy Directive 2002/58/EC (as amended by 2009/136/EC) and Irish SI No. 336 of 2011 (European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011). Following CJEU C-673/17 (Planet49), pre-ticked consent boxes are not used. We deploy:
We do not use advertising or cross-site tracking cookies and we do not participate in third-party ad networks. You may withdraw or change your cookie consent at any time via the cookie preferences link in the page footer.
Voldier is operated by Voldier Limited on dedicated infrastructure located within the European Economic Area. Your personal data is processed within the EEA by default. Where transfers to a third country outside the EEA are required (for example, to a sub-processor in a non-adequate jurisdiction), we rely on:
When Voldier uses AI models, processing occurs on Voldier-operated infrastructure within the EEA — your data is never sent to third-party AI vendors (OpenAI, Google, Anthropic, etc.).
The Service is intended for businesses and is not directed at children. Consistent with GDPR Art. 8 and the Irish Data Protection Act 2018 (which sets the digital age of consent at 16), we do not knowingly process personal data of children under 16. If you believe we have inadvertently collected such information, contact us immediately at [email protected].
We may update this Privacy Policy from time to time. We will notify you via email at least 14 days before material changes take effect. The "last updated" date at the top of this page will reflect the most recent revision.
Controller: Voldier Limited, Dublin, Ireland (Companies Registration Office number IE [pending]). Privacy contact: [email protected].
Data Protection Officer: Voldier Limited has not yet appointed a formal external DPO. Under § 38 of the German Federal Data Protection Act (BDSG), a DPO is mandatory only once an organisation regularly employs at least 20 persons engaged in automated personal-data processing; we are below that threshold and below the equivalent GDPR Art. 37 obligations. Until the threshold is reached, all privacy enquiries are centralised at [email protected] (and [email protected]), both monitored directly by the founder.
Purpose: We compute an internal "payment behavior score" based on your invoice and payment history with the merchant that serves you. This score is used ONLY by that merchant for its internal collections and credit decisions.
Legal basis: Explicit consent (GDPR Art. 6(1)(a)) plus contract performance (Art. 6(1)(b)).
This is NOT a credit check: this is NOT a consumer credit-reference agency under the Consumer Credit Directive 2008/48/EC or the Irish Consumer Credit Act 1995, this is NOT a credit-bureau report, and this score is NOT shared with third parties or with other merchants. It is an internal, closed-loop reputation signal.
Recipients: none outside Voldier. Cross-merchant lookups are NOT enabled today. If we ever add furnishing to credit-reference agencies, we will solicit a fresh, specific Art. 6(1)(a) consent.
Retention: Score history is retained for seven (7) years after the last activity on your account, then anonymised. Full detail in our Data Retention Policy.
Source of your data (GDPR Art. 14): You either signed up directly, or the merchant that serves you created your profile in our system through their Sync/ERP integration or manual upload. In the second case, you should also have received the merchant's own privacy notice.
Your rights:
DELETE /individual/consent/credit_scoring via API.POST /individual/score-review.Right to lodge a complaint: You may file a complaint with the UK Information Commissioner's Office (ico.org.uk) or with the data-protection authority of your EU/EEA Member State of residence, work, or place of alleged infringement — for example, the Irish Data Protection Commission (DPC), CNIL in France, BfDI in Germany, AEPD in Spain, or Garante in Italy.
Notice version: vo_v1. Last updated: 2026-05-27. Canonical URL: https://voldier.com/legal/privacy.
For any privacy questions, requests, or concerns:
Data Protection Officer: [email protected]
General privacy email: [email protected]
Postal: VOLDIER LIMITED, Dublin, Ireland
Lead supervisory authority: Irish Data Protection Commission — dataprotection.ie
Response time: We respond to GDPR data-subject requests within one month (Art. 12(3)), extendable by up to two further months for complex requests.