Privacy Policy

Ortolan ("we", "us", "our") operates the website ortolansfo.com and the related private network for family-office professionals. This policy explains what personal data we collect, why, and what your rights are.

We collect the following categories of personal data:

• Account & authentication data: we use a passwordless email "magic link" to sign you in. We collect and store the email address you register with and a session identifier issued by our authentication provider. We do not collect or store passwords.
• Profile information you provide: any details you add or correct on your Ortolan profile (current employer, investment focus, contact preferences, etc.).
• Event registrations: if you register for an event, your name, email, organisation and free-text fields you complete on the form.
• Public-source professional data: for our internal directory, we aggregate publicly available information about family-office professionals (e.g. name, role, employer, public LinkedIn URL). If your profile appears here, you may request correction or removal at any time (see Section 8).
• Technical data: IP address, browser type, pages visited, referrer. Used for security and aggregate analytics.

• To authenticate you and protect access to private areas.
• To operate, secure and improve the Ortolan service.
• To send you operational emails (event confirmations, account changes).
• With your separate consent, to send occasional updates about the network. You can unsubscribe at any time.
• To comply with legal obligations and prevent fraud or misuse.

By registering for an OrtolanSFO event, you consent to OrtolanSFO retaining your information to administer the event, send you operational and event-related communications, and — to the extent supported by your separately given marketing consent — to invite you to future OrtolanSFO gatherings and share occasional curated updates from the network. You may withdraw your marketing consent and request deletion of your information at any time (see Section 8).

• Contract: processing necessary to provide the service you signed up for.
• Legitimate interests: security, fraud prevention, maintaining a directory of publicly known professionals.
• Consent: for marketing communications and any optional features. Withdrawable at any time.

We do not sell personal data. We share strictly with:

• Hosting & infrastructure providers (Vercel, Supabase) that store and process data on our behalf under contractual data-processing agreements. Supabase also provides our authentication and magic-link email delivery.
• Authorities if required by law.

Some of these providers are located outside the UK / European Economic Area. Where this is the case, transfers are protected by the Standard Contractual Clauses or an equivalent legal mechanism.

Account data: for as long as your account is active, plus a short period thereafter (typically 30 days) to allow recovery. Inactive accounts may be deleted after 24 months. Event-registration data is retained for the legal limitation period applicable to events. Aggregated, non-identifying analytics may be retained indefinitely.

We use a small number of essential cookies needed for authentication and session management. We do not use advertising or third-party tracking cookies. Anonymous analytics may be collected via Vercel Analytics, which does not use cookies and does not track you across sites.

Under UK / EU GDPR you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Request deletion ("right to be forgotten").
• Object to or restrict processing.
• Receive your data in a portable format.
• Withdraw consent for any processing based on consent.
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, email us at privacy@ortolansfo.com. We respond within 30 days.

We use industry-standard technical and organisational measures including encryption in transit (HTTPS), encryption at rest by our providers, access controls, and least-privilege principles. No method of transmission or storage is 100% secure; we will notify affected users and competent authorities of any qualifying personal data breach without undue delay.

Ortolan is not directed at children under 16 and we do not knowingly collect personal data from them.

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the email associated with your account.

For any privacy-related question, contact us at privacy@ortolansfo.com.