ReeskReesk.io
← Back to home

Privacy Policy

How we collect, use and protect your personal information.

Last updated: Mar 25, 2026

1. Introduction

Reesk is a trading name of Pideeco, a company established in Louise avenue 137 - 1050 Brussels, Belgium, BE 0829.399.686, active in regulatory consulting for financial institutions. Pideeco operates the Reesk.io enterprise risk management platform. In this Privacy Policy, "we", "our", and "us" refer to Pideeco in connection with Reesk. This policy explains how we collect, use, disclose, and safeguard information when you use our platform. By using Reesk, you agree to the terms of this policy.

Reesk is not directed at children under 16, and we do not knowingly collect personal data from children.

2. Who is responsible for what (controller and processor)

Account and service operation. Pideeco acts as data controller for personal data we need to run the service and our relationship with you — for example account registration (name, email), authentication, billing contact details, and support. We decide how those data are processed to deliver and secure the platform.

Content in your risk spaces. When an organization uses Reesk to manage risks, controls, and related records, that organization (your employer or the subscribing entity) is generally the controller for any personal data it or its users enter into the platform — for example if names or identifiers appear in risk descriptions, assessments, or comments. Pideeco then processes that information as a processor on the organization's instructions and on the basis of our Terms of Service and any applicable data processing agreement. The organization remains responsible for ensuring it has a lawful basis for that content and for the security of sensitive business data it chooses to store in Reesk.

The product is built for operational risk and compliance workflows. Where content does not relate to an identified or identifiable person, the GDPR may not apply to that content.

3. Data we collect

We collect the following categories of data:

  • Account data: name, email address, company name, and password hash when you register.
  • Usage data (analytics): pages visited, features used, and similar product analytics only if you accept analytics in our cookie consent banner (PostHog). If you do not accept, we do not use PostHog for your visit.
  • Risk workspace data: risks, controls, actions, tests, reports, and other records you create in your risk spaces.
  • Billing data: subscription tier and payment status. Payment card details are handled by our payment processor (Mollie) and are not stored on our servers.
  • Technical data: IP address, browser type, device type, and session identifiers as needed for security, debugging, and service delivery.

4. How we use your data

  • To provide, operate, and improve the Reesk platform.
  • To authenticate you and manage your account and subscription.
  • To send transactional emails (account verification, password reset, operational notifications) via our email provider.
  • To measure product usage in aggregate when you have consented to analytics.
  • To comply with legal obligations.

We do not send standalone marketing or product newsletter emails today. If we introduce optional marketing communications in the future, we will only send them where you have explicitly opted in (for example via account settings or signup), and you may withdraw that consent at any time.

We do not sell your personal data or your risk workspace content to third parties.

5. Legal basis for processing (GDPR)

For users in the European Economic Area, our legal bases include:

  • Contract performance: processing necessary to provide the Reesk service you signed up for (account, workspace functionality, billing relationship).
  • Legitimate interests: maintaining the security of the platform, preventing abuse and fraud, and limited technical logging where strictly necessary — not for optional product analytics.
  • Consent: optional analytics (PostHog) via our cookie banner, and any future marketing emails if we add an explicit opt-in.
  • Legal obligation: where we are required by law to process data.

Where we process workspace content that contains personal data on behalf of your organization, the organization's legal basis (e.g. legitimate interests or legal obligation in employment or risk management) is determined by that organization as controller.

6. Data retention and deletion

We retain your data only as long as needed to provide the service or as required by law. When you request deletion of your account or workspace data through the in-app controls and confirm that request, we delete the relevant data in line with that action — we do not apply a separate multi-month grace period after such a confirmed deletion request. Specific retention periods for backups and legal holds may apply where we are obliged to retain information.

7. Data security

Data is encrypted in transit using TLS 1.2+ and protected at rest by our infrastructure providers' standards. We follow security practices including access controls, audit logging, and reviews. For more detail, see our Security page.

8. Sub-processors and international transfers

We use the following categories of processors to run Reesk:

  • Vercel: hosting and delivery of the web application (frontend / edge).
  • Railway: application and database hosting for the Reesk service.
  • MailerSend: transactional email delivery.
  • GitHub: software development, source control, and CI/CD. Customer production data is not routinely stored in GitHub.
  • Mollie: payment processing; subject to Mollie's privacy policy.
  • PostHog (PostHog, Inc.): product analytics only when you consent in the cookie banner. PostHog may process data in the United States. We rely on appropriate safeguards under GDPR (such as the EU Standard Contractual Clauses) and PostHog's documentation. See also our Cookie Policy.

We may export backups periodically for disaster recovery; some backup copies may be retained in secure local storage controlled by Pideeco in addition to cloud infrastructure.

9. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Export your data in a portable format.
  • Withdraw consent at any time (where consent is the legal basis), including analytics via the cookie banner.

For requests concerning data your employer holds as controller in Reesk workspaces, we may refer you to that organization where appropriate.

To exercise these rights with Pideeco, or for any question about this policy or how we handle personal data, write to privacy@reesk.io.

10. Cookies

We use cookies and local storage that are strictly necessary for authentication and security, and — only if you accept them in our consent banner — analytics cookies. For a full list, purposes, and how to change your choice, see our Cookie Policy.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you via email or an in-app notice at least 30 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance.