Privacy

Your data, held closely

What we collect when you use Noyau Dur, why we hold it, who else touches it, and the rights you have over it. Written to meet the EU and UK General Data Protection Regulation.

Last updated 10 July 2026

Noyau Dur is an invitation-only network for private markets. Members are approved by hand, identifying details pass between them only by mutual consent, and the network stays small on purpose. This notice explains what that means for the data we hold about you.

It applies to this site, to the web portal where invitations are redeemed, and to the Noyau Dur application on iOS.

01

Who we are

The data controller is Noyau Dur Limited, a company registered in England and Wales under company number 16935443, with its registered office at 128 City Road, London EC1V 2NX, United Kingdom.

This notice covers everything we run: this site, the web portal where invitations are redeemed and subscriptions are paid, and the Noyau Dur iOS application. For any privacy matter, write to privacy@noyaudur.com.

02

What we collect

Almost all of it comes from you, when you redeem an invitation and build your profile.

  • Name — your first and last name, held against your account and shown to another member only after mutual disclosure.
  • Phone number — verified by a one-time code and used as your primary way to sign in.
  • Email address — an alternative sign-in method, and how we reach you about your account.
  • Country and city — given during onboarding, and shown on your card as your location.
  • Professional profile — your role, the fields your role calls for (strategies, ticket sizes, fund metrics, sectors, services offered, team size, year founded), and anything you write in your headline or about section.
  • Profile photograph — if you choose to upload one.
  • Invitation code — the code you redeem. It carries the role you were invited as, and we record that it has been used.
  • Device identifier — an identifier for the installation you signed in from, used to keep one account tied to one device.
  • Messages — the content of your one-to-one conversations with other members, processed on our behalf by Stream Chat.
  • Subscription records — for asset managers and service providers, the status of your subscription and the identifiers Stripe returns to us. Card details are handled by Stripe and never reach our systems.
  • Technical data — IP address and ordinary request logs, kept to secure the service and rate-limit abuse.
03

Why we process it

Each purpose below rests on a legal basis under the GDPR.

  • Performance of a contract — running your membership: authenticating you, showing you the right cards, carrying your messages, and taking payment where your role requires it.
  • Legitimate interests — keeping the network closed and safe. That covers preventing invitation codes from being shared, enforcing one device per account, and protecting members from abuse. We have weighed these against your interests and think a closed professional network cannot work without them.
  • Consent — revealing your identifying details to another member. You give that consent case by case, and you can decline without losing anything else.
  • Legal obligation — keeping the tax and accounting records we are required to keep.
04

Disclosure between members

Your card shows only the fields your role publishes. Your name, email address and phone number are never revealed automatically, no matter how the two of you matched.

After a match, either side can ask to disclose. Details are exchanged only once both of you have agreed, and the request can simply go unanswered. Disclosure is a decision between two members. It is not tied to what anyone has paid.

One exception, and it is deliberate: a service provider's company name appears on their card before disclosure, because service providers join the network in order to be found. The name of the individual behind that firm still requires mutual consent.

What another member discloses to you is confidential. Our terms of use say so, and we act on reports that it has been passed on.

05

Who processes data for us

We share data only with the processors needed to run the service, each under its own data processing terms.

  • Supabase — our database, authentication and file storage, hosted in the European Union.
  • Stream Chat — carries the one-to-one messages between matched members.
  • Stripe — takes payment on the web portal. The iOS application contains no purchases and never handles payment.
  • Apple TestFlight — distributes the application during the beta period.

We do not sell personal data, we do not share it with advertisers, and we do not use member data or message content to train machine-learning models.

06

Where your data is stored

Account and profile data is held in the European Union. Where a processor moves data outside the EU or the UK, that transfer relies on an adequacy decision or on Standard Contractual Clauses, together with the technical safeguards the processor commits to.

07

One account, one device

Membership is personal, so an account may be used on one active device at a time. We store an identifier for the installation you signed in from, and signing in somewhere new ends the previous session.

That identifier exists for this purpose alone. We do not use it to follow you across other apps or websites, and it is not shared with advertisers.

08

How long we keep it

Profile data is held for as long as your account is open. Messages remain available to both sides of a conversation while the connection stands.

When you ask us to delete your account we erase your profile, your photograph and your messages within 30 days, apart from records we are required to retain for tax and accounting, and a minimal record that an invitation code was redeemed. Request logs are kept for a short period and then discarded.

09

Your rights

Under the GDPR you may ask us to do any of the following.

  • Access — obtain a copy of the personal data we hold about you.
  • Rectify — correct anything inaccurate, most of which you can edit yourself in the app.
  • Erase — delete your account and the data attached to it.
  • Restrict or object — pause our processing, or object to the processing we base on legitimate interests.
  • Port — receive your data in a structured, machine-readable format.
  • Withdraw consent — including consent you gave to disclose your details to a particular member.

Write to privacy@noyaudur.com and we will answer within one month. If our answer does not satisfy you, you may complain to the data protection authority where you live or work.

10

Children

Noyau Dur is a professional network for adults. The service is not directed at anyone under 18, and we do not knowingly hold data about children.

11

Changes to this notice

We update this notice as the service changes. The date at the top always reflects the current version, and we email members before any material change takes effect.

Questions about this document? Write to privacy@noyaudur.com and a person will answer.