Privacy Policy

Effective Date: August 30, 2025
Who we are: Foreranger LTD (“Foreranger,” “PositionBridge,” “we,” “us,” or “our”) operates positionbridge.com and related services that help firms parse, validate, map, transform, and load portfolio positions and transactions from custodians, brokers, and administrators.

How to contact us: [info at foreranger.com]

This Privacy Policy explains what we collect, how we use and share information, the choices available to you, and your rights under applicable privacy laws (including UK/EU GDPR and certain U.S. state laws). Our services are for business use and not directed to children under 18.

1) Scope

This Policy covers your use of positionbridge.com, app subdomains, APIs, and any support channels or integrations we operate (collectively, the “Services”). It applies to information you provide directly, information collected automatically when you use the Services, and information we receive from third parties you connect.

2) Information we collect

  1. You provide:
  • Account & Firm Details (name, work email, phone, company/desk, role), credentials.
  • Workspace & Configuration (connection details you choose to store, e.g., SFTP endpoints, mapping rules, transformation logic, schema definitions, templates).
  • Client Data / “Position Data” you upload or route through the platform (e.g., positions, trades, valuations, cash, security masters, reference/identifier files, counterparty data, audit notes). Please only upload personal data if you have lawful authority.
  • Support & Communications (tickets, feedback, call notes, problem files, usage questions).
  • Billing (handled by our payment processor; we don’t store full card details).
  1. Collected automatically:
  • Usage logs (actions taken, API calls, feature use, timestamps), diagnostics, and crash reports to secure and improve the Services.
  • Device/technical data (IP address, browser/OS, device type, approximate geolocation at city/country level).
  • Cookies/Tags for session management, preferences, and analytics. See “Cookies” below.
  1. From third parties (at your direction):
  • Integrations (e.g., custodian/broker SFTP or API connections, identity providers) share data you authorize.
  • Service providers (analytics, email delivery, fraud/security) share limited operational signals.

3) How we use information (and legal bases)

We use information to:

  • Provide, secure, and maintain the Services (set up workspaces, process files, run jobs, maintain audit trails, prevent abuse). (Contract / Legitimate interests)
  • Improve & develop features (quality checks, success/error rates, performance tuning, UX research using aggregated data). (Legitimate interests)
  • Communicate about account activity, security alerts, product updates, and support. (Contract / Legitimate interests; marketing with Consent where required)
  • Comply with law and enforce our terms. (Legal obligation / Legitimate interests)
  • Use information with your consent where required (and allow withdrawal at any time).

4) How we share information

We do not sell personal information. We share as follows:

  • Processors / Vendors under contract (hosting, storage, email/SMS, analytics, error tracking, payment processing).
  • Other users you invite (e.g., colleagues in your workspace, recipients of files or jobs you share).
  • Affiliates and corporate transactions (if we reorganize, merge, or sell assets).
  • Legal/safety (lawful requests, rights protection, abuse/fraud prevention).
  • Aggregated/de‑identified insights that cannot reasonably identify you.

5) Cookies & analytics

We use essential cookies (authentication, security, preferences) and analytics cookies to understand usage and improve reliability. We currently do not host third‑party advertising on the Service. You can manage non‑essential cookies in your browser or OS settings.

6) Your content and “Controller/Processor” roles

For Client Data / Position Data you load into PositionBridge, your organization is typically the Controller and PositionBridge acts as a Processor under your instructions and our Data Processing Addendum (DPA) (available on request). You retain ownership of Client Data; we process it solely to provide the Services and maintain security/auditability.

7) Security

We employ measures such as TLS in transit, encryption at rest (where applicable), access controls, least‑privilege permissions, logging/monitoring, employee confidentiality, and secure development practices. No method is 100% secure; please use strong, unique credentials and notify us promptly of any suspected unauthorized access.

8) International transfers

We may process data in countries other than yours. Where UK/EU data are transferred internationally, we use lawful mechanisms (e.g., SCCs and equivalent safeguards). Details are available upon request.

9) Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object, or port your personal data, and to withdraw consent where used. UK/EU users may also lodge a complaint with the ICO or their local authority. U.S. state laws (e.g., CCPA/CPRA) may provide rights to know, delete, correct, and to opt‑out of sale/share (we do not sell or share for cross‑context ads). We will not discriminate for exercising rights. Request access via [info at foreranger.com].

10) Retention

We keep personal data only as long as necessary for the purposes described, including security logs and legal/accounting obligations. Backups persist for limited periods and are purged on a rolling basis.

11) Children

The Services are not for individuals under 18. We do not knowingly collect personal data from children.

12) Changes to this Policy

We will update this Policy as our practices or laws change and will revise the Effective Date above and provide additional notice if legally required. Continued use after updates signifies acceptance.

13) Contact

  • Email: [info at foreranger.com]