Legal

Privacy Policy

Last updated: 28 March 2026. Eigin Ltd · Company number 17122541 · ICO registration: pending (applied 28 March 2026)

We collect your email address to notify you when eigin launches. That is all we collect at this stage. This page explains exactly what we do with it, how long we keep it, and how to ask us to delete it.

eigin is a privacy product. We apply the same standard to our own data practices that we intend to apply to your payment data. We collect only what we need. We keep it only as long as we need it. We do not sell it, share it, or use it for anything other than what we say here.

Who we are

The data controller is Eigin Ltd, a private limited company incorporated in England and Wales under company number 17122541. Our registered office is at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ.

You can contact us about your data at any time by emailing privacy@eigin.co.

What we collect

At this pre-launch stage, we collect one piece of data:

Your email address, submitted via the waitlist form on eigin.co.

We do not collect your name. We do not collect your IP address for storage. We do not collect device identifiers, location data, or any other personal information. We do not use tracking cookies or third-party analytics that identify you.

If you visit eigin.co, the server processes your IP address to serve the page. This is handled by our hosting provider Hetzner Online GmbH and is not stored or logged beyond standard server access logs, which are retained for up to 30 days and then deleted.

Why we collect it and the legal basis

We collect your email address for one purpose: to notify you when eigin launches or when we have material updates to share about the product.

The legal basis for this processing is your consent (UK GDPR Article 6(1)(a)). You provide consent by actively submitting your email address via the waitlist form. You can withdraw your consent at any time by emailing privacy@eigin.co or clicking the unsubscribe link in any email we send you. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

We do not rely on legitimate interests for this processing. Consent is the appropriate basis for a voluntary waitlist, and we prefer it because it is the clearest and most unambiguous basis available.

How long we keep it

We will retain your email address for one of the following periods, whichever comes first:

Until eigin launches and you have been notified, after which we will ask for fresh consent before any further communications.
Until you unsubscribe or ask us to delete your data, at which point we will remove it within 30 days.
If eigin does not launch within 24 months of your sign-up, we will delete all waitlist data at that point.

We will not retain your data indefinitely. If you have not heard from us in 24 months, your data will have been deleted.

Who has access to your data

Your data is processed by the following services:

Our email list management software (Listmonk), which runs on our own server hosted by Hetzner Online GmbH in Nuremberg, Germany. This is self-hosted software, not a third-party service. Your data stays on our server.
Postmark (operated by ActiveCampaign, LLC), which we use to send confirmation and notification emails. Postmark processes your email address on US-based infrastructure. We have a Data Processing Agreement with Postmark under UK GDPR Article 28. Postmark will only process your data on our instructions and for the stated purpose.
A regulated card issuing partner (to be named before launch), which will provide the card issuing infrastructure for eigin's virtual cards. When the product launches, this partner will process your identity and transaction data as required for card issuance and payment processing. The partner will be covered by UK GDPR safeguards including, where applicable, standard contractual clauses.

No one else has access to your email address. We do not share it with advertisers, data brokers, analytics companies, or any other third party. We will never sell your data. That is not a policy. It is the point of the product.

International transfers

Our server infrastructure is hosted by Hetzner Online GmbH in Germany, which is within the European Economic Area. Postmark processes data on US infrastructure. Transfers to Postmark are covered by standard contractual clauses under UK GDPR Article 46(2)(c).

Your email address is processed by Postmark on US infrastructure. Postmark transfers are covered by standard contractual clauses under UK GDPR Article 46(2)(c). Card issuing will be provided by a regulated partner, to be named before launch, with appropriate UK GDPR safeguards in place at that time. All server infrastructure remains within the EU.

Security

Security at eigin is consistent with the standard we apply to the product itself.

Our security measures include:

All data transmitted to and from eigin.co is encrypted using HTTPS with TLS 1.2 or 1.3.
Our server runs on Hetzner infrastructure in Germany with restricted access.
Listmonk (our email list software) runs as a non-root system service with restricted filesystem access.
We apply security patches automatically via Ubuntu unattended upgrades.
Access to the email list is restricted to the sole director of Eigin Ltd.

No security system is infallible. If we become aware of a data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and notify you directly if the risk is high, as required by UK GDPR Articles 33 and 34.

Your rights

Under the UK GDPR, you have the following rights in relation to your personal data. To exercise any of them, email privacy@eigin.co.

Access: you can request a copy of the personal data we hold about you. We will respond within one month.
Rectification: if any data we hold about you is inaccurate, you can ask us to correct it.
Erasure: you can ask us to delete your data at any time. We will do so within 30 days.
Restriction: in certain circumstances you can ask us to limit how we use your data.
Portability: you can ask for your data in a machine-readable format.
Object: you can object to our processing at any time, including by unsubscribing.
Withdraw consent: you can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

There is no automated decision-making or profiling applied to waitlist data. Your email address is stored. Nothing more happens to it until we send you a notification.

How to complain

If you are unhappy with how we have handled your data, please contact us first at privacy@eigin.co. We will do our best to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. The ICO is the UK supervisory authority for data protection.

Changes to this policy

If we make material changes to this policy, we will update the "last updated" date at the top and, where we have your email address, notify you by email before the changes take effect.

Minor changes, such as formatting corrections or clarifications that do not affect your rights, may be made without notification.

Contact

For any data protection queries:

Email: privacy@eigin.co
Post: Eigin Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ

If you have specific concerns about how your data is handled, contact us at privacy@eigin.co.