Privacy Policy

Effective Date: [Insert Date]

Company Name: [Your Company Name Ltd.]
Registered in England and Wales, Company No: [12345678]
Website: www.superplan.ai

1. Introduction

[Your Company Name Ltd.] (“we,” “our,” “us”) is committed to protecting the privacy and personal data of our users and clients. This Privacy Policy outlines how we collect, use, store, and share information through our AI‑powered platform for automating workflows in financial services and wealth management.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant guidance issued by the Information Commissioner’s Office (ICO).

2. Data Controller Information

[Your Company Name Ltd.] is the data controller for the purposes of this policy.
Address: [Your UK business address]
ICO Registration Number: [Insert ICO number]

3. Information We Collect

a. Personal and Business Information

  • Full name
  • Job title and company name
  • Business email address and phone number
  • User credentials (encrypted)
  • Billing and invoicing data

b. Financial Services‑Related Data

We may process data uploaded to our platform, including:

  • Client portfolios
  • Transaction histories
  • Wealth planning documents
  • Risk profiles and suitability reports
  • Other data regulated under FCA and MiFID II frameworks (if applicable)

c. Technical and Usage Data

  • Device and browser information
  • IP address
  • Session and login logs
  • User activity within the platform
  • Cookies and analytics tracking

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contractual necessity – to provide services to you or your organisation
  • Legitimate interests – to improve security, platform functionality, and support
  • Legal obligation – to comply with applicable financial or data regulations
  • Consent – for marketing or where required for third‑party integrations

5. How We Use Your Data

  • To deliver and operate our SaaS platform
  • To manage and support user accounts
  • To ensure compliance with UK financial regulations (e.g. FCA guidelines)
  • To detect and prevent fraud or security breaches
  • To provide service communications and updates
  • To improve platform features using aggregated analytics
  • For marketing (only where consent is given)

6. Disclosure and Data Sharing

a. Trusted Third Parties

  • Cloud infrastructure and data hosting (e.g. AWS UK or EU regions)
  • Customer relationship tools (e.g. HubSpot, Salesforce)
  • Analytics platforms (e.g. Google Analytics – IP anonymised)
  • FCA‑compliant identity verification or KYC providers (if applicable)
    All vendors are subject to Data Processing Agreements and security due diligence.

b. Legal or Regulatory Bodies

We may share information if required to comply with:

  • The Financial Conduct Authority (FCA)
  • HM Revenue & Customs (HMRC)
  • Law enforcement or judicial authorities
  • Any relevant UK financial regulatory body
    We do not sell personal information.

7. International Data Transfers

Where personal data is transferred outside the UK (e.g., to the US or EU), we ensure appropriate safeguards such as:

  • UK International Data Transfer Agreements (IDTAs)
  • Addenda to EU Standard Contractual Clauses
  • Transfers only to jurisdictions with adequate data protection laws

8. Data Retention

We retain your data:

  • As long as your account is active
  • For a minimum of 6 years, in line with FCA recordkeeping requirements (where applicable)
  • As needed for compliance, audit, or legal claims
    You may request deletion where legally permissible by emailing privacy@[yourcompany].co.uk.

9. Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you
  • Request correction or erasure
  • Object to processing
  • Request data portability
  • Lodge a complaint with the Information Commissioner’s Office (ICO)
  • Withdraw consent at any time (where applicable)
    To exercise your rights, contact us at privacy@[yourcompany].co.uk.

10. Data Security

We implement security controls aligned with SOC 2, ISO 27001, and FCA cybersecurity guidance, including:

  • End‑to‑end encryption
  • Role‑based access controls
  • Secure hosting in UK or EU data centres
  • Regular vulnerability testing and audits
  • Multi‑factor authentication for platform access

11. Cookies

Our website uses cookies to:

  • Provide secure logins
  • Track usage anonymously
  • Personalise your experience
    You can manage your cookie preferences via our cookie settings tool. For more details, see our Cookie Policy.

12. Children’s Data

Our services are not intended for children under 18. We do not knowingly collect or process personal data from minors.

13. Changes to This Policy

We may revise this Privacy Policy from time to time. The latest version will always be posted on our website, and we will notify you of material changes where required.

14. Contact Us

If you have any questions or concerns, or wish to exercise your rights, contact our Data Protection Officer (DPO):
Email: privacy@[yourcompany].co.uk
Address: [Your Company Ltd., Street, City, Postcode, UK]
ICO Registration: [Insert registration number]