Compliance

Trust through
technical excellence

At Heco et al, compliance isn't a checkbox - it's our
foundational architecture. Here's how we protect
your data pipeline and the consumers who power it

FSA ID: 45516

Verified License

PSD2 Compliant

According to the EU standard

Licensed by the Danish FSA

Heco et al is a registered and licensed Account Information Service Provider (AISP) under the Danish Financial Supervisory Authority (Finanstilsynet). We operate under the strict mandates of PSD2 (Payment Services Directive 2), ensuring standardized security and consumer protection across the European Economic Area.

GDPR & data sovereignty

Consumer privacy is not a feature, it is the foundational core value upon which Heco et al was built. This means the insights you receive are built on trust, not surveillance.

European-based infrastructure

All data processing and storage centers are located exclusively within the European Union.

Military-grade encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3) with strict key management.

How consumer data is protected

Every data point that reaches your dashboard has been fully anonymized. We deliver
granular shopper intelligence without exposing individual identities.

Automatic masking

Consumer identities are masked at
the point of collection.

Anonymized processing

All personal information is
scrubbed before data enters the
analytics pipeline

24/7 safety monitoring

Independent audits ensure
ongoing compliance.

ENCRYPT_SESSION: ACTIVE
BASKET_ANONYMIZATION: TRUE
MULTI_LAYER_AUTH: VERIFIED

Security architecture

Our multi-layer security model ensures that sensitive data
never touches the open internet in a readable state. We
specialize in item-level basket precision, which allows you to access granular analytics while we maintain absolute
consumer anonymity through advanced masking protocols

  • SOC2 Type II compliant processes
  • Automatic PII detection and anonymization
  • 24/7 security operations monitoring

Common Questions

Can the data I receive be traced back to individual consumers?

No. All data is anonymized and aggregated before it reaches your platform. You get
market-level patterns and segment insights, never individual identities.

Where is the data stored and processed?

Exclusively within EU-based infrastructure. Your data pipeline is fully GDPR
compliant and subject to European jurisdiction only.

How do consumers consent to data collection?

Every Optius user explicitly opts in and retains full control over their data
including the right to delete it at any time. This means the insights you build on are
ethically sourced and regulation-proof.

What certifications does Heco et al hold?

We are AISP licensed by the Danish FSA (ID: 45516), PSD2 compliant, SOC2 Type II
compliant, and operate with AES-256 encryption and TLS 1.3 across all data flows.