tresora
Home
Overview
Product
Product OverviewTresora AITreasury ManagementRisk ManagementReconciliationPaymentsConnectivity Hub
Resources
BlogWho it is forFAQ
Company
Who we areBecome a partnerWork with us
← HomeLegal

Privacy policy

Last updated: November 2025

Tresora builds financial infrastructure for treasury and finance teams, and we treat personal data with the same discipline we treat financial data. This policy explains what personal data we process through tresora.io and our platform, why we process it, how long we keep it, and the rights you have over it. It is written in plain language because a privacy policy that has to be decoded is not a privacy policy we would trust from a vendor.

1. Who we are

Tresora is the controller of the personal data processed through this website and, subject to the terms of any commercial agreement signed with a customer, a processor of personal data processed within the Tresora platform on behalf of that customer. References to "we" and "us" mean Tresora.

Questions about this policy or requests relating to personal data should be sent to . We aim to respond within a reasonable period appropriate to the request and in line with applicable law.

2. Summary

The short version: we collect the minimum personal data required to run the website, handle demo requests from businesses, and — with your consent — measure how the site is used. We do not sell personal data, we do not run advertising pixels, and we do not share personal data with third parties for their own marketing. If any of the detail below surprises you, please write to us.

3. Scope of this policy

This policy applies to personal data we process in our role as controller through the tresora.io website, demo requests, and any direct correspondence. Tresora is a B2B service: our platform is licensed to companies, not individuals, and the personal data we handle is typically professional contact information shared in the context of a business relationship.

Personal data processed within the authenticated Tresora platform — on behalf of a customer — is governed by the data processing agreement signed with that customer and by the platform's documentation. Where there is a conflict for platform data, the data processing agreement prevails.

4. Personal data we collect

We collect only the categories of personal data listed below.

  • Identity and contact data you provide voluntarily — typically name, company email, company name, job title, and the content of any message — when you request a demo or otherwise contact us in a professional capacity.
  • Technical data your browser transmits when it loads pages on tresora.io — IP address, user agent string, referring URL, timestamps, and the specific pages requested.
  • Usage data collected through analytics, only if you have accepted analytics cookies via the consent banner. This includes pages viewed, session duration, device type, and approximate geography derived from IP.
  • Preference data stored in a first-party cookie we control — your language, theme (light or dark), and your analytics-consent decision — so the site remembers how you want to see it.
  • Correspondence data — emails, calls, and meeting notes — generated during conversations initiated by you, such as demo calls, support exchanges, or procurement discussions.

We do not intentionally collect special categories of personal data (health, biometric data, political opinions, and similar) through the website. Please do not submit such data in demo or contact messages.

5. Why we process your data

We process personal data for the following purposes, and only for those purposes.

  • To respond to demo requests, qualification questions, and other inbound contact — including scheduling, preparing tailored materials, and following up on conversations you have started with us.
  • To operate, secure, maintain, and continuously improve the website and the platform — including detecting abuse, preventing fraud, and diagnosing technical issues.
  • To understand, in aggregate, how the website is used so we can invest in content and features that are genuinely useful — only when you have consented to analytics cookies.
  • To comply with legal obligations that apply to us — for example responding to legitimate requests from authorities, enforcing our terms, or defending legal claims.
  • To manage commercial relationships with current, former, and prospective customers — including contract negotiation, onboarding, billing, and ongoing account management.

6. Legal bases

Where applicable data protection law requires a legal basis, we rely on one of the following for each processing purpose above.

  • Contract — where the processing is necessary to take steps at your request before entering into a contract, or to perform a contract we have with you or your organisation.
  • Legitimate interests — including the interests of keeping the website and platform operational and secure, understanding how buyers evaluate us, and running the commercial side of the business. These interests are balanced against your rights and freedoms.
  • Consent — specifically for analytics cookies, set only after an affirmative action on the consent banner. You may withdraw this consent at any time via the cookie policy page.
  • Legal obligation — where the processing is required to comply with a law that applies to us.

7. How we share personal data

We share personal data only with parties who help us operate the website or the platform, and only to the extent necessary for the service they provide. Current categories of recipient include cloud hosting and infrastructure providers, a transactional email provider, an analytics provider (Google Analytics, only with your consent), security and monitoring tools, and professional advisers such as lawyers and accountants when their advice requires it. We require all processors to process personal data only on our documented instructions and to apply appropriate safeguards.

We do not sell personal data. We do not rent lists. We do not share personal data with advertising networks or third parties for their own marketing purposes.

8. International transfers

The providers we use may process personal data in countries other than the one in which you are located. Where such transfers occur, we put in place appropriate safeguards required by applicable law — such as standard contractual clauses, adequacy decisions, or equivalent mechanisms — so that your personal data continues to receive a level of protection substantially equivalent to that in your home jurisdiction.

9. Data retention

We keep personal data only for as long as we need it for the purposes described in this policy, plus a reasonable buffer for legal, accounting, and dispute-resolution purposes. Specifically:

  • Demo and contact submissions are retained while the conversation is active and for a period afterwards to remember prior context.
  • Customer relationship records are retained for the duration of the contract and for a period afterwards proportionate to statutes of limitation.
  • Analytics data is retained per the default retention period of the analytics provider when you have accepted analytics cookies.
  • Server logs and security telemetry are retained for a short operational window — typically no more than 30 days — unless an ongoing security investigation requires longer retention.

10. Security

We apply organisational and technical measures appropriate to the nature of the personal data we process. This includes access controls, encryption of data in transit and at rest where technically feasible, least-privilege principles for internal access, secure software development practices, ongoing monitoring, and formal incident response procedures. No system is perfectly secure, but we treat every design decision as one that affects control quality — because it does.

11. Your rights

Depending on the data protection law that applies to you, you may have some or all of the following rights regarding your personal data.

  • A right to be informed about how your personal data is processed — this policy is the primary means through which we meet that obligation.
  • A right of access to the personal data we hold about you.
  • A right to have inaccurate personal data corrected or incomplete personal data completed.
  • A right to have personal data erased in defined circumstances.
  • A right to restrict or object to certain processing, particularly processing based on our legitimate interests.
  • A right to data portability — receiving personal data in a structured, commonly used, machine-readable format where the processing is based on consent or contract.
  • A right to withdraw any consent you have given, without affecting the lawfulness of processing already carried out.
  • A right to lodge a complaint with the data protection authority competent in your jurisdiction.

To exercise any right, email from the address associated with your personal data. We may ask for information to verify your identity before acting on the request, and we may decline to act on requests that are manifestly unfounded or excessive.

12. Cookies

We use a small number of first-party cookies to run the site and, with your consent, analytics cookies to measure how it is used. Details of each cookie, its purpose, and how to change your consent are set out in our cookie policy. Read the cookie policy.

13. Changes to this policy

We may update this policy from time to time. When we do, we will revise the date at the top of the page and, where the changes are material, take reasonable steps to highlight them. Continued use of the website after a change takes effect indicates acceptance of the updated policy.

14. How to contact us

For any privacy-related question, request, or concern: . If you are exercising a right under applicable data protection law, mentioning the specific right in the subject line helps us route your request quickly.

Back to home