RiskMapped
RiskMapped Free Trial
Privacy

Privacy Notice (Privacy Policy)

RiskMapped.com

Last updated: 01 April 2026

This Privacy Notice explains how RiskMapped Limited ("RiskMapped", "we", "us", "our") collects, uses, stores and protects personal information when you use the RiskMapped website and platform.

Important: RiskMapped is a software provider. We do not provide financial advice. Our platform is used by financial advisers to generate risk reports for their own clients.

1) Who we are (Controller details)

RiskMapped.com is operated by RiskMapped Limited, a company registered in England & Wales (company number 16660056) with registered office at 435 Stratford Road, Shirley, Solihull B90 4AA.

For data protection purposes, we are a data controller for:

  • personal data relating to platform users (adviser users/admins); and
  • personal data we process to operate, secure and support the platform.

Data protection contact:
Email: [email protected]
Postal address: RiskMapped, 435 Stratford Road, Shirley, Solihull B90 4AA

2) The type of personal data we process

A. Platform user (adviser/admin) data

We process:

  • Name, business name, role and business contact details
  • Account credentials and authentication information
  • Usage/activity data (eg login times, report generation events)
  • Technical data (IP address, device, browser, operating system)
  • Support communications (eg emails, tickets)

B. Client/end-customer data entered by advisers

Advisers using RiskMapped may enter information about their clients to generate risk reports. This may include:

  • Identification and contact details (eg name, email, phone)
  • Occupation information including work benefits
  • Personal circumstances relevant to risk profiling (eg employment, family/dependants)
  • Financial/risk profiling inputs and outputs
  • Free-text notes (see special category section below)

3) Special category data (health and other sensitive data)

RiskMapped is not designed to require health or medical information. However, because the platform includes free-text notes, advisers may choose to record sensitive details to support their own advisory process.

Where health information is entered, it is treated as special category data under UK GDPR.

We do not:

  • request or encourage users to enter unnecessary special category data;
  • routinely monitor or analyse free-text notes content; or
  • use health information for our own profiling or decision-making.

4) How and why we use personal data (purposes)

We use personal data to:

  • Provide and operate the platform (including generating reports requested by users)
  • Create and manage accounts and authentication
  • Provide customer support and respond to enquiries
  • Maintain security, prevent fraud or misuse, and monitor performance
  • Improve the platform (eg debugging and feature performance analysis)
  • Meet legal obligations (eg tax, accounting and regulatory compliance)

5) Lawful bases (UK GDPR Article 6) and special category condition (Article 9)

Article 6 lawful bases

We rely on the following lawful bases as appropriate:

  • Contract (to provide the platform and services you request)
  • Legitimate interests (to secure and improve the platform, prevent misuse, and provide support)
  • Legal obligation (where we must process data to comply with law)

Article 9 (special category data)

If special category data (eg health information) is entered into the platform, we process it only where an Article 9 condition applies.

In practice, for adviser-entered client health information, the relevant condition is typically:

  • Explicit consent, obtained by the adviser from their client.

6) Who we share data with

We may share personal data with trusted service providers who help us run RiskMapped, such as:

  • Hosting and infrastructure providers
  • Security and monitoring providers
  • Backup and disaster recovery providers
  • Customer support tooling providers
  • Professional advisers (eg accountants and legal advisers)
  • Payment providers (if applicable)

All providers are required to protect personal data and only process it on our instructions.

We do not sell personal data.

7) International data transfers

Where we transfer personal data outside the UK, we use appropriate safeguards, such as:

  • UK adequacy regulations, where applicable; and/or
  • standard contractual clauses and the UK addendum, where applicable.

8) How long we keep data (retention)

We keep personal data only as long as necessary for the purposes above, including:

  • Platform user data: while the account is active and for a reasonable period afterwards for audit, security and support.
  • Client data entered by advisers: retained according to the adviser account lifecycle and any configured retention settings.
  • Support communications: retained for as long as needed to resolve issues and maintain records.

Where possible, we delete or anonymise data when it is no longer required.

9) Security

We use appropriate technical and organisational measures to protect personal data, including:

  • Access controls and authentication (including MFA/2FA where enabled)
  • Encryption in transit (TLS) and, where available, encryption at rest
  • Role-based access controls within the platform
  • Monitoring, logging and alerting to detect misuse
  • Secure development and change management practices

Because special category data requires extra protection, we treat any such information entered into the platform with heightened care.

10) Your rights

Individuals have rights under UK GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure (in certain circumstances)
  • Right to restrict processing
  • Right to object (in certain circumstances)
  • Right to data portability (in certain circumstances)

If you are a client of an adviser using RiskMapped:
In many cases the adviser will be the primary point of contact for requests relating to the adviser's advice process and data they entered. We will support our adviser customers where appropriate to help them respond.

To make a request, email [email protected].

11) Cookies and analytics

We use cookies and similar technologies:

  • that are necessary for the website and platform to function securely; and
  • (where used) to understand performance and improve the service.

Please see our Cookie Policy at /cookies.
Where non-essential cookies are used, we will provide a cookie banner or consent tool.

12) Automated decision-making

RiskMapped generates outputs based on information entered by advisers. We do not use special category data for automated decisions about individuals. If this changes, we will update this notice and implement appropriate controls.

13) Complaints

If you have concerns about how we handle personal data, please contact us at [email protected].

You also have the right to complain to the UK regulator, the Information Commissioner's Office (ICO).
ICO website: https://ico.org.uk

14) Changes to this Privacy Notice

We may update this notice from time to time. The latest version will always be posted on RiskMapped.com with the "Last updated" date at the top.