Privacy Notice

This explains how RiskMapped Limited collects, uses and protects personal data when you use riskmapped.com or our platform.

RiskMapped Limited | Company: 16660056 (England & Wales) | 435 Stratford Road, Shirley, Solihull, B90 4AA | [email protected]

1. Our role

We are the data controller for advisers, firms, website visitors and marketing contacts (your account, billing, usage data).

We are the data processor for clients of financial advisers (your adviser's firm controls your data and determines how it's used).

2. Data we collect

Advisers and users

• Identity: Name, email, firm, role, profile photo
• Account: Login credentials (hashed), sign-in method, 2FA, active sessions (IP, device, timestamps)
• Billing: Subscription details, Stripe identifiers, invoices
• Support: Your communications with us

Client case data (processed for your adviser)

• Identity: Names, dates of birth, contact details, household/dependants
• Financial: Income, employment, benefits, expenditure, assets, liabilities, mortgages, debts
• Protection: Existing policies, cover amounts, providers
• Analysis: Protection gaps, coverage runways, scenario outputs, reports

Advisers may add notes containing additional information. We don't design for special category data (medical, religious, ethnic), but if entered, advisers are responsible for having a lawful basis.

Integrations

• Fact-find imports: Data from online forms (stored encrypted for auditability)
• Google sign-in: Name, email, avatar (we don't access Gmail/contacts)
• AI features: Optional features may send case snippets to generate summaries; requests logged briefly. We do not train AI models on your data.

Website

• IP address, browser/device, pages visited
• Essential session cookies (login/security)
• Embedded video players may set their own cookies
• CDN services (Cloudflare) for security/performance
• No advertising cookies (analytics additions require consent)

3. How we use data

Opt out of marketing anytime. Service-critical emails can't be opted out.

4. Sharing data

Service providers (processors): Cloud hosting and storage, email delivery, Stripe (payments), AI infrastructure, CDN/security providers

Your adviser's firm (client data only – not shared between firms)

Legal/regulatory authorities (where required)

We never sell data. We do not use your data to train AI models.

5. International transfers

Some providers process outside UK/EEA. We ensure safeguards via adequacy decisions or standard contractual clauses.

6. Retention

• Account/billing: Account duration + up to 7 years (tax/legal)
• Case data: Until adviser closes account, then deleted/anonymised after grace period
• AI logs: Days to weeks
• Application logs: 14–30 days
• Marketing contacts: Until unsubscribe

7. Security

HTTPS/TLS encryption, access controls, 2FA, role-based permissions, environment separation, regular updates. No system is 100% secure.

If compromised: Reset password and contact [email protected]

8. Automated decisions

We calculate protection needs and risk scores (profiling for advisory purposes). We don't make insurance/credit decisions – advisers interpret outputs and remain responsible.

9. Your rights

Under UK/EU GDPR:

• Access, correct, delete, restrict, port or object to processing
• Withdraw consent
• Complain to ICO (ico.org.uk)

Advisers/users: Contact [email protected]

Clients: Usually best to contact your adviser first (as controller). We can assist if contacted.

10. Changes

We'll update the "Last updated" date and notify registered users of significant changes. Continued use = acknowledgement.

11. Contact

RiskMapped Limited
435 Stratford Road, Shirley, Solihull, B90 4AA
[email protected]