← Back to Equitas Elite

Policy

Privacy

Last updated: 2026-05-20

Equitas Elite is an invitation-only platform for institutional investors and allocators. This page describes what data we collect from members, prospects, and visitors, how we use it, and the controls you have over it.

We aim for plain English. If anything below is unclear, write to privacy@equitaselite.com.

Boilerplate notice

This policy is a working draft maintained by the Equitas Elite team. It is not yet counsel-reviewed and will be replaced with a lawyer-prepared version before the first paying customer. The protections it describes are operational reality today; the language will be tightened.

What we collect

From members directly:

  • Account: email, full name, firm or family office name, title, and (where applicable) AUM range.
  • Identity flags: any combination of Angel, Family Office, Family Foundation, DAF, Next Gen. Each investor-side role carries its own mandate.
  • Mandate (per role): sectors, stages, geography, check-size range, risk tolerance, return expectations, investment horizon, mandate type, deal-structure preference, plus extended pillar fields (sub-sectors, anti-sectors, ESG requirements, lead capacity, holding period, governance preferences).
  • Privacy state: Off-Market flag (Sovereign-only) and downgrade-grace timestamp where applicable.
  • Activity: introduction requests you send or receive, RSVPs to events, in-app notifications you mark read, concierge interactions.

From prospects (before you have an account):

  • Waitlist application via /request-access: name, email, firm, role, optional mandate notes.
  • Demo signup via /try: name, email, firm, AUM range, intended use, role context for the walkthrough. A 30-minute magic-link token is emailed for email verification; once clicked, a 1-day demo session is started.

Captured automatically:

  • Authentication state managed by AWS Cognito (a cookie-based session and a refresh token).
  • Standard server logs (request path, response status, IP, user-agent) retained for security and operational debugging.
  • CloudTrail audit logs of administrative actions in our AWS account.
  • Cloudflare Turnstile receives your IP and a challenge token strictly to confirm form submissions on /try aren’t scripted; we do not use it for tracking.

We do not use third-party advertising trackers, share your data with brokers, or sell information to anyone.

How we use it

  • Match you to compatible counterparties via a per-role compatibility matrix (e.g. Angels see Family Offices, Foundations, DAFs, and Next-Gen peers; Family Offices see the corresponding opposite mix). Scoring runs across six pillars — strategic scope, capital mechanics, time and risk, governance, counterparty profile, values — each weighted by your own mandate.
  • Send transactional emails (introduction requests, accept / decline notices, weekly digest of new counterparties, waitlist updates, demo magic-link verification) — every member-facing one carries a one-click unsubscribe.
  • Operate the platform: serve the site, prevent abuse, debug issues, comply with legal obligations.

Your controls

  • Edit or remove most account fields anytime from your profile.
  • Turn email notifications off with one click from your profile, or via the unsubscribe link in any email.
  • Request full account deletion by emailing privacy@equitaselite.com. We honour deletion within 30 days, minus any data we are legally required to retain.
  • Request a copy of your account data by email. We export the relevant rows as JSON.

Where it lives

  • PostgreSQL on AWS RDS (us-east-1), encrypted at rest with a customer-managed KMS key. Multi-AZ. 35-day point-in-time recovery.
  • AWS Cognito user pool (us-east-1) for authentication.
  • AWS S3 for any documents you upload, encrypted at rest with a customer-managed KMS key, accessed only via short-lived signed URLs.
  • AWS SES (us-east-1) sends outbound mail from system@equitaselite.com. DKIM-signed, SPF aligned, DMARC p=reject.

All inbound and outbound traffic uses TLS. The database is in a private subnet with no public internet exposure.

Sharing

When two members accept an introduction, both parties' primary email addresses are revealed to each other so the conversation can continue off-platform. That is the only sharing of personal data between members; it requires explicit acceptance from the recipient.

Off-Market mode (a Sovereign-tier feature): when enabled, your profile is invisible to other members in match results and on profile detail pages. Your assigned relationship manager, EE admins, and any counterparty you've accepted an introduction with still see you. Sending an introduction outward reveals your identity to that one recipient — that's the only path out for new connections while you're Off-Market.

Sub-processors: AWS (RDS, Cognito, S3, SES, CloudTrail) handles infrastructure, identity, storage, and mail. Cloudflare Turnstile validates the /try demo signup form against scripted abuse. All operate under their standard data-processing terms. No data is shared with marketing partners, ad networks, or data brokers.

Retention

Account data is retained for the life of your membership and for 30 days after deletion is confirmed. Server logs are retained for 30 days. Backups, snapshots, and CloudTrail archives are retained for up to 90 days for operational and audit purposes.

Children

Equitas Elite is for institutional investors. The platform is not intended for, and we do not knowingly collect data from, anyone under 18.

Changes

We'll post material changes here with an updated “last updated” date. For significant changes, we'll also email existing members in advance.

Contact

Data controller: Equitas Elite · 1209 N Orange St, Wilmington, DE 19801, USA

Privacy inquiries: privacy@equitaselite.com