Privacy Policy

PhantomBridge (“PhantomBridge,” “we,” “us,” or “our”) operates an expert network that connects institutional clients with subject-matter experts for consultations, research, and due diligence. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our websites, applications, and services (collectively, the “Services”).

This policy applies to clients, experts, website visitors, and other individuals whose personal information we process. By accessing or using the Services, you acknowledge that your personal information will be handled as described below.

The categories of personal information we collect depend on how you interact with PhantomBridge:

a. Information you provide directly

• Identification and contact details (name, employer, job title, business email, phone number, postal address).
• Professional background supplied by experts (CV, areas of expertise, prior employers, disclosures, engagement history).
• Engagement content (project briefs, consultation notes, transcripts, survey responses, deliverables).
• Payment and tax information necessary to remunerate experts and invoice clients.

b. Information collected automatically

• Device and usage data (IP address, browser type, operating system, referring URL, pages viewed, timestamps).
• Cookies and similar technologies used to authenticate sessions, remember preferences, and measure performance.

c. Information from third parties

• Screening data from sanctions, PEP, and adverse-media databases to satisfy compliance obligations.
• Information from your employer when your firm engages PhantomBridge, and public professional profiles (e.g., LinkedIn) used to build our expert network.

We use personal information to:

• Provide, maintain, and improve the Services;
• Match client briefs with suitable experts and administer engagements;
• Screen experts and engagements against compliance, disclosure, and conflicts-of-interest policies;
• Process payments, invoicing, tax reporting, and expenses;
• Communicate about account activity, product updates, and policy changes;
• Detect, investigate, and prevent fraud, abuse, or security incidents;
• Comply with applicable laws and respond to lawful requests from authorities.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract, compliance with a legal obligation, our legitimate interests (including operating and securing the Services), and, where required, your consent.

We disclose personal information only as follows:

• Between clients and experts to the extent necessary to deliver a requested engagement.
• Service providers that host infrastructure, process payments, deliver communications, or perform compliance screening under contractual confidentiality obligations.
• Corporate transactions such as a merger, financing, or sale of assets, subject to standard confidentiality safeguards.
• Legal and regulatory disclosures where required by applicable law, subpoena, or court order.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

PhantomBridge operates globally. Personal information may be transferred to, and processed in, countries other than the one in which you reside. Where required, we rely on Standard Contractual Clauses, UK International Data Transfer Agreements, or other lawful transfer mechanisms.

We retain personal information for as long as necessary to deliver the Services, comply with legal and regulatory obligations (including compliance records that must be maintained for up to seven years), resolve disputes, and enforce our agreements.

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, audit logging, and vendor security reviews. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal information, to object to certain processing, or to withdraw consent. To exercise these rights, contact us at privacy@phantombridge.com. You may also lodge a complaint with a supervisory authority.

We use strictly necessary cookies to operate the Services and optional analytics cookies to understand usage. You can manage cookies through your browser settings. Disabling certain cookies may affect site functionality.

The Services are intended for business users and are not directed to individuals under 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. Material changes will be notified through the Services or by email where appropriate. The “Last updated” date at the top reflects the most recent revision.

PhantomBridge
Attn: Data Protection Officer
A-1007, 38-1 Jong-ro 5-gil, Jongno-gu, Seoul, Republic of Korea
Email: privacy@phantombridge.com