About us
JOIN US Sesame Solutions Sesame Active Investments News Contact Us
LOGIN

Privacy Policy

Last updated: April 23, 2026

This Privacy Policy describes how Sesame Financial Group SA ("we", "us", "our") collects, uses, processes, and protects personal data in connection with:

This Privacy Policy applies to all users of the above services (collectively, the "Services").

1. Controller Information

The data controller responsible for processing personal data is:

Sesame Financial Group SA
Rue du Prince 9-11
1204 Genève
Switzerland
Email: info@sesame-financial.com

2. Scope of Services and Users

The Services are intended exclusively for professional clients and authorized users, including financial professionals who have been granted access by Sesame Financial Group SA or its authorized personnel.

  • Access is strictly provisioned via internal systems (CRM).
  • Users cannot self-register.
  • The Services are not intended for minors, and we do not knowingly collect data relating to individuals under 18 years of age.

3. Categories of Personal Data Processed

We may process the following categories of personal data:

3.1 Account and Identification Data

  • First name and last name
  • Email address
  • Phone number

3.2 Company Information

  • Company name
  • Address
  • City
  • Country
  • Geographic zone

3.3 Technical and Usage Data

  • IP address
  • Device identifiers
  • Session data and login history
  • Failed login attempts
  • Push notification tokens
  • Crash reports (via Sentry)

3.4 Service Interaction Data

  • Notification preferences
  • Pricing request history
  • Document download logs (including user, timestamp, and document)

3.5 Mobile App–Specific Data

  • Push notification tokens
  • Calendar interaction (local only; no server transmission)
  • Locally stored application data (tokens, user profile, cached content)

4. Purposes and Legal Basis of Processing

We process personal data primarily on the basis of our legitimate interests (Article 6(1)(f) GDPR equivalent), including:

  • Providing access to the Platform and App
  • Managing user accounts and authentication
  • Delivering financial content, research, and services
  • Enabling notifications relevant to users' portfolios
  • Supporting pricing tools and user-initiated requests
  • Monitoring system performance and security
  • Ensuring compliance with contractual and regulatory obligations

We may also process data where necessary to:

  • Perform a contract or pre-contractual steps
  • Comply with legal or regulatory obligations

5. Authentication and Security

Authentication is handled via our proprietary backend systems:

  • Login is performed using email and password
  • Passwords are securely encrypted and not accessible in plain form
  • Token-based authentication is used (access and refresh tokens)
  • Tokens are:
    • short-lived
    • securely stored on the device
    • invalidated upon logout

We implement:

  • encryption in transit
  • encryption at rest
  • secure token authentication
  • session expiry controls
  • environment separation

6. Cross-Platform Access (Magic Link Authentication)

When users access the Platform from the App:

  • authentication is performed via secure magic link mechanisms
  • authentication tokens are transmitted via secure headers
  • no personal data is exposed in URLs
  • tokens are short-lived and single-use
  • no persistent browser session is created

7. Notifications

We send push notifications via the Expo Push Service.

Notifications may include:

7.1 MyNews Notifications

Triggered based on:

  • user portfolio composition
  • associated products, underlyings, or research

7.2 Event Notifications

Triggered manually by administrators when:

  • an event relevant to a user's portfolio occurs

Users may:

  • opt out via App settings
  • disable notifications at the operating system level

8. Documents and Downloads

The Services allow users to download documents (PDF format):

  • documents may be confidential or client-specific
  • documents may be watermarked and personalized
  • downloads are logged (user, timestamp, document)
  • files are stored locally on the user's device

We do not control further distribution after download.

9. Events and Calendar Integration

The App allows users to add events to their device calendar:

  • data is written locally only
  • no calendar data is transmitted to our servers
  • event details may include:
    • title
    • date/time
    • description
    • timezone

10. Pricing Tool and Market Data

The Platform and App provide pricing tools:

  • pricing requests are linked to user accounts
  • no personal data is included in pricing results
  • pricing data is indicative and confidential
  • live pricing is delivered via WebSocket connections
  • no third-party providers receive user-identifiable data

11. Analytics and Monitoring

We use Sentry for:

  • error tracking
  • crash reporting
  • system diagnostics

We do not use:

  • advertising tracking
  • behavioral profiling
  • third-party marketing analytics

12. Cookies (Website Only)

The Website uses limited cookies solely to:

  • determine whether a user is authenticated in the Platform

No tracking, advertising, or profiling cookies are used.

13. Data Sharing

We do not sell or share personal data with third parties for marketing or advertising purposes.

Personal data is not disclosed to third parties except where:

  • required by law
  • necessary to protect rights or security
  • required for regulatory compliance

14. International Data Transfers

  • All personal data is processed within Europe
  • No transfers are made outside the EEA/UK

15. Data Retention

We retain personal data as follows:

  • Active and inactive account data: 48 months, then securely archived
  • Backup data: 24 months, then deleted
  • Upon account deactivation:
    • access is blocked
    • data is retained for a defined period for compliance purposes

16. Data Subject Rights

Users may exercise their rights through their employer or client organization.

Where applicable, users may have rights including:

  • access to personal data
  • rectification of inaccurate data
  • restriction or objection to processing

Requests may be submitted to: info@sesame-financial.com

Users also have the right to lodge a complaint with the competent Swiss supervisory authority.

17. Confidentiality and Professional Use

All materials provided through the Services are:

  • confidential
  • intended solely for authorized users
  • subject to professional and regulatory obligations

Users must:

  • maintain confidentiality of credentials
  • not share access with third parties
  • not redistribute content without authorization

Additional details are provided in our Disclaimer.

18. Security Measures

We implement appropriate technical and organizational measures, including:

  • encryption (in transit and at rest)
  • secure authentication mechanisms
  • access control and privilege management
  • monitoring and logging
  • infrastructure isolation

Mobile data handling includes:

  • secure storage of tokens and user data
  • in-memory handling of API responses
  • standard OS-level protections

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Updates will be published on our Website and made available within the App where appropriate.

20. Contact

For any questions regarding this Privacy Policy:

Email: info@sesame-financial.com

Our website uses Functional cookies to help us improve your browsing experience.
It also uses cookies from Google Analytics to help us collect statistical information.

NO cookie is used to collect data from you with the objective to offer custom advertising or to share with third party vendors.

Please let us know if you want to disable the Statistics cookies.
 Accept Cookies