Legal
Privacy policy
Last updated: 1 July 2026
preFDD (“we”, “us”) respects your privacy. This notice explains what personal data we process when you visit prefdd.com or contact us, and your rights under the EU/UK General Data Protection Regulation (GDPR).
1. Data controller
Dealgrotto Limited
7 Bell Yard, London WC2A 2JR, United Kingdom
Company No. 14931771
Email: greg@prefdd.com
2. The website collects almost nothing
prefdd.com is a static marketing website. It sets no cookies, runs no analytics or advertising trackers, and has no forms. We do not build a profile of you from your visit.
2.1 Server logs
Our web server and reverse proxy record standard access logs — IP address, timestamp, the page requested, and browser user-agent — for the purpose of operating the site securely and protecting against abuse. These logs are rotated on a short retention cycle. Legal basis: Article 6(1)(f) GDPR (legitimate interest in operating and securing the service).
2.2 When you email us
If you email us about a deal, we receive the contact details and any materials you choose to send, and we use them to respond and, if you engage us, to carry out the review. Legal basis: Article 6(1)(b) GDPR (steps prior to, and performance of, a contract) and Article 6(1)(f) (legitimate interest in responding to a business enquiry).
3. Deal materials and engagement data
Deal materials you send us are treated as strictly confidential. A mutual NDA is signed before full materials are shared. During a review, your materials are shared only with a single AI provider — under commercial terms that contractually prohibit using them to train any model — and a single EU storage provider. Documents are stored in the EU, are never served to the open web, and are deleted on request after delivery. We are happy to share our sub-processor list and data-handling terms with your compliance team before any materials are sent. Legal basis: Article 6(1)(b) GDPR.
4. Sharing and international transfers
We do not sell your personal data or share it for advertising. Engagement sub-processors (our AI provider and EU storage provider) process data on our instructions under contract. Where any provider processes data outside the EEA/UK, we rely on the European Commission’s Standard Contractual Clauses and the UK Addendum.
5. Retention
- Server access logs: short rotation cycle for security purposes.
- Email correspondence: kept only as long as needed to handle your enquiry or engagement.
- Deal materials: deleted on request after the engagement closes, and otherwise not retained beyond what professional standards require.
6. Your rights
You have the right to:
- access the personal data we hold about you (Art. 15 GDPR);
- have it corrected (Art. 16) or deleted (Art. 17);
- restrict or object to processing (Art. 18, 21);
- data portability (Art. 20);
- lodge a complaint with your supervisory authority.
To exercise any of these rights, email greg@prefdd.com.
7. Changes
We may update this notice from time to time. The “last updated” date at the top reflects the most recent change.