Privacy Policy

MoneyBrief is not a financial adviser and does not provide regulated financial advice. This policy governs how we handle the personal and financial data you provide when using our information and introduction service.

Legal

Last updated: April 12, 2026

INTRODUCTION

MoneyBrief ("we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website at www.moneybrief.co.uk (the "Site") and our services (the "Services").

Please read this policy carefully. If you have any questions, contact us at hello@moneybrief.co.uk.

QUICK SUMMARY

This summary is for convenience only. The full policy below is the authoritative version.

Who we are: MoneyBrief Ltd, a UK company based in London.
What we collect: Information you provide in our questionnaire (financial details, name, email) and basic technical information about your visit.
Why: To generate your personalised financial brief, deliver it to you, and (with your consent) introduce you to FCA-regulated financial advisors.
Who sees it: A small set of named service providers who help us run the platform, and financial advisors only if you choose to be matched.
For how long: Up to 24 months for your questionnaire and brief, unless you ask us to delete sooner.
Your rights: You can access, correct, delete, or restrict your data at any time. Email hello@moneybrief.co.uk.

1. WHO WE ARE

This Privacy Policy explains how MoneyBrief Ltd ("we", "us", "our", "MoneyBrief") collects, uses, stores, and shares your personal information when you use our website at www.moneybrief.co.uk (the "Site") and our services (the "Services").

MoneyBrief Ltd is a company registered in England and Wales [CONFIRM company number once incorporated], with registered office at 34 Bushnell Road, London SW17 8QP.

MoneyBrief is an information and introduction service. We are not authorised by the Financial Conduct Authority and do not provide regulated financial advice.

We are the "data controller" for the personal information described in this policy. This means we are responsible for deciding how and why your data is processed.

For all data-related enquiries, contact us at hello@moneybrief.co.uk.

2. WHAT INFORMATION WE COLLECT

2.1 Information you provide directly

When you complete our questionnaire as a User:

Identity data: Title, first name, last name, age
Contact data: Email address, location (postcode area)
Demographic data: Marital status, dependents, employment status, industry
Financial data: Assets (cash, ISAs, GIAs, pensions, property, other investments), liabilities (mortgage, unsecured debts), income (employment, rental, savings interest, dividends), expenditure (mortgage payments, discretionary, non-discretionary, other), pension contributions across multiple tax years, ISA and CGT allowance usage
Goals and preferences data: Your stated investment goals, risk attitude responses, retirement plans, withdrawal needs, advice you are seeking
Consent records: Records of which consents you have given and when

If you register as a financial Advisor:

Name, business name, email, and contact details
FCA Firm Reference Number and authorisation status
Professional qualifications, areas of specialism, geographic coverage
Account login credentials
Subscription billing information (note: payment card details are processed directly by Stripe and are not stored by us)

2.2 Information collected automatically

When you visit our Site, we automatically collect limited technical information:

IP address (used for security and, in anonymised form, for analytics)
Browser type and version
Device type and operating system
Pages visited and time spent
Referring website

This information is used for analytics, security monitoring, and improving the Services.

2.3 Special category data

The questionnaire is designed not to ask for "special category" personal data (such as health information, racial or ethnic origin, religious beliefs, or political opinions) as defined in Article 9 UK GDPR.

If you voluntarily provide special category data in a free-text response (for example, mentioning a health condition in a "tell us more about your circumstances" field), we will treat it with extra care and only process it to the extent necessary to provide the Service you have requested.

3. WHY WE COLLECT YOUR INFORMATION AND OUR LEGAL BASIS

We collect and process your information for specific purposes. UK GDPR requires us to identify a lawful basis for each.

3.1 For Users completing the questionnaire

Generating your personalised financial brief — Lawful basis: Contract (necessary to deliver the service you have requested)

Delivering your brief by email — Lawful basis: Contract

Identifying FCA-regulated advisors who match your profile — Lawful basis: Contract (matching) and Consent (sharing your Brief with the advisor)

Sharing your Brief with matched advisors — Lawful basis: Consent (given at the end of the questionnaire)

Sending you updates about our service (marketing) — Lawful basis: Consent (separately given and freely withdrawable)

Improving the Services, fraud prevention, security — Lawful basis: Legitimate interests (our interest in running a viable, secure service, balanced against your interests)

Meeting legal and regulatory obligations — Lawful basis: Legal obligation

‍

3.2 For Advisors

PurposeLawful basisVerifying your FCA registration and creating your accountContractMatching you with relevant User IntroductionsContractProcessing subscription paymentsContractSending account, billing, and service notificationsContractMarketing about new platform featuresLegitimate interests (with right to object)Meeting legal and regulatory obligationsLegal obligation

3.3 Withdrawing consent

Where we rely on consent (advisor matching, marketing), you can withdraw it at any time by:

Clicking "unsubscribe" on any marketing email
Emailing hello@moneybrief.co.uk with "Withdraw consent" in the subject line
Updating your preferences in your account (Advisors only)

Withdrawal does not affect processing already carried out lawfully before withdrawal.

4. HOW WE PROCESS YOUR FINANCIAL DATA

When you complete the questionnaire, your responses move through the following pipeline:

Typeform captures your responses and securely sends them to our processing platform
Make.com orchestrates the automation flow
OpenAI's API receives your structured questionnaire data and generates the narrative content for your Brief
PDFMonkey receives the Brief content and formats it into a PDF document
Google Workspace (Gmail) delivers the PDF to your email address
Make.com stores execution logs (which auto-delete after a short period)

Important points about this pipeline:

Each processor in the chain is bound by a Data Processing Agreement requiring them to handle your data in accordance with UK GDPR and only on our instructions.
OpenAI: As of the date of this policy, OpenAI states that API submissions are not used to train their models. We rely on OpenAI's current commitments at openai.com/policies. If their policy changes materially, we will update this Privacy Policy.
No automated final decision-making with legal effect: The Brief is informational, not a decision affecting your legal rights. The advisor matching algorithm makes suggestions you can review and override. You have the right to request human review of any automated processing that significantly affects you (Article 22 UK GDPR).
The Brief is for informational purposes only. It is not regulated financial advice. See our Terms & Conditions for the full statement.
Your financial data is not sold to any third party, ever.
Sharing with advisors only with your consent. Advisors are not given access to your data unless you explicitly consent to be matched.

5. WHO WE SHARE YOUR INFORMATION WITH

We share your information only with the parties listed below, and only as described.

5.1 Financial advisors on our platform

If you consent to be matched with an advisor, we share your Brief and contact details with one or more matched Advisors. From that point, the advisor processes your data as an independent data controller in connection with their own regulated advisory services and is bound by their own FCA regulatory obligations and their own privacy policy.

You can withdraw consent before matching takes place. After matching, you should also contact the advisor directly to manage your relationship with them.

5.2 Service providers (processors)

These third parties process personal data on our behalf, under contract, and only on our instructions. We have selected each because of their reputation, security practices, and regulatory compliance.

Typeform — Questionnaire delivery and response capture. Sees all questionnaire responses. Located in EU/UK.

Make.com — Workflow automation. Sees all questionnaire data passed through automation steps and execution logs. Located in EU.

OpenAI — AI generation of Brief narrative. Sees questionnaire content (structured, sent via API). Located in USA.

PDFMonkey — PDF rendering. Sees Brief content (text and figures). Located in EU.

Google Workspace (Gmail) — Email delivery of your Brief. Sees your email address and the Brief PDF as an attachment. Located in USA / global.

Stripe — Advisor subscription payment processing. Sees advisor billing information; card details are processed directly by Stripe (we do not see them). Located in USA.

Webflow — Website hosting. Sees site analytics and basic interaction data. Located in USA.

Google Analytics — Website analytics. Sees anonymised browsing data and IP address (IP anonymisation enabled). Located in USA.

‍

5.3 International data transfers

Some of our processors (OpenAI, Google, Stripe, Webflow) are based in the United States. The UK does not currently provide an unrestricted adequacy decision for transfers to the US.

We rely on the following safeguards for these transfers:

UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with UK addendum in our agreements with each processor
Verification that each processor either participates in the EU-US Data Privacy Framework or has signed our IDTA/SCC equivalent
For OpenAI specifically: API data is not used for model training, is not retained beyond 30 days by default for abuse-monitoring, and is covered by their Data Processing Addendum

5.4 What we don't do

We do not share your data with:

Advertisers, ad networks, or marketing companies
Data brokers or list resellers
Any third party for commercial gain other than the advisor matching described above
Any other party not listed above, except as required by law

5.5 Disclosures required by law

We may disclose your information if compelled by a valid legal request (such as a court order or law enforcement request that meets the relevant statutory threshold). Where legally permitted, we will notify you before complying.

6. HOW LONG WE KEEP YOUR INFORMATION

We retain personal data only for as long as necessary for the purposes set out above, then delete it.

Questionnaire responses and generated Brief: 24 months from generation, then permanently deleted. To allow re-issue or reference if you contact us. You can request earlier deletion at any time.

User email address and basic profile: Until you request deletion, or 24 months after your last interaction (whichever sooner). To allow re-engagement and service continuity.

Consent records: 7 years. UK GDPR accountability — we need evidence of when and how consent was given.

Advisor account data: Duration of subscription plus 12 months. To allow re-activation, address billing queries, and meet legal record-keeping.

Payment records: 7 years. HMRC record-keeping obligations.

Technical logs (server logs, IP addresses): 12 months. Security monitoring and abuse prevention.

Marketing preferences: Indefinitely (you can withdraw at any time). To honour your stated preferences.

‍

When data is deleted, it is permanently and securely removed from our systems. Some backup copies may persist in encrypted backups for a maximum of 90 days before being overwritten.

7. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data. We respond to all requests within one month (the statutory period under UK GDPR), and usually much sooner.

Right of access: You can request a copy of all personal data we hold about you ("subject access request").

Right to rectification: You can ask us to correct inaccurate or incomplete data.

Right to erasure ("right to be forgotten"): You can ask us to delete your personal data. We must comply unless we have a legal obligation to keep it (e.g. tax records).

Right to restrict processing: You can ask us to limit how we use your data while a dispute is resolved.

Right to data portability: You can request your data in a structured, machine-readable format to take it elsewhere.

Right to object: You can object to processing based on legitimate interests, including profiling and direct marketing.

Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

Right not to be subject to automated decision-making: You can request human review of significant automated decisions.

Right to complain to the ICO: You can complain to the UK Information Commissioner's Office at ico.org.uk.

‍

How to exercise your rights

Email hello@moneybrief.co.uk with the subject line "Data Request" and tell us:

Which right you wish to exercise
The specific data or processing in question (if relevant)
Any other information that will help us identify you and respond accurately

We may need to verify your identity before responding to protect against fraudulent requests.

There is no charge for most requests. We may charge a reasonable fee, or refuse, if a request is manifestly unfounded, excessive, or repetitive — but this is rare.

8. AUTOMATED DECISION-MAKING

Some aspects of the Service involve automated processing of your data:

AI generation of your Brief: OpenAI's models generate text based on your questionnaire responses. This produces an informational document, not a decision affecting your legal rights.
Advisor matching: We use rule-based logic to match you with advisors based on your stated goals, asset level, and location. This is a suggestion, not a binding outcome.

Neither of these constitutes "automated decision-making with legal or similarly significant effect" within the meaning of Article 22 UK GDPR. However, you have the right to:

Request a human review of any automated processing that significantly affects you
Contest the outcome
Be given an explanation of how the automated logic works at a high level

To exercise these rights, email hello@moneybrief.co.uk.

9. DATA SECURITY

We take security seriously. Our protections include:

TLS encryption for all data in transit
Access controls limiting who can see personal data
Data Processing Agreements with all processors
Regular review of our security practices
Auto-deletion of data per the retention schedule above

No system is perfectly secure. If we become aware of a personal data breach that creates a high risk to your rights and freedoms, we will notify you and the Information Commissioner's Office within 72 hours as required by Article 33-34 UK GDPR.

10. COOKIES AND TRACKING

Our Site uses cookies and similar technologies. A cookie is a small text file stored on your device by your browser.

10.1 Cookies we use

Essential cookies: Required for site functionality (e.g. session, security, your cookie preferences). These cannot be disabled.

Analytics cookies: Google Analytics (with IP anonymisation enabled) for understanding site usage. Opt-in via banner.

Marketing cookies: We do not currently use marketing or advertising cookies.

‍

10.2 Your cookie choices

The first time you visit the Site, our cookie banner asks for your preferences. You can change these at any time via the home page

Disabling essential cookies may break parts of the Site. Disabling analytics cookies will not affect your use of the Site.

You can also control cookies through your browser settings.

11. THIRD-PARTY WEBSITES AND CONTENT

The Site may contain links to third-party websites, including FCA Register pages, advisor websites, and external resources. We are not responsible for the privacy practices of those websites. We recommend you read their privacy policies before providing personal information.

Our processors each have their own privacy policies, which you can review:

Typeform: typeform.com/privacy-policy
Make: make.com/en/privacy-notice
OpenAI: openai.com/policies/privacy-policy
PDFMonkey: pdfmonkey.io/privacy
Google (Workspace, Analytics): policies.google.com/privacy
Stripe: stripe.com/gb/privacy
Webflow: webflow.com/legal/privacy

12. CHILDREN'S PRIVACY

The Services are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18.

If you believe we have collected information from a minor in error, please contact us at hello@moneybrief.co.uk immediately and we will delete it without delay.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes to our Services, regulatory developments, or processing practices.

Material changes (e.g. new types of processing, new categories of data, new processors): we will notify you by email at least 14 days before the change takes effect
Minor changes (e.g. wording improvements, clarifications): we will update the "Last updated" date at the top of this policy

We encourage you to review this policy from time to time. Your continued use of the Services after changes take effect indicates acceptance of the updated policy.

14. HOW TO CONTACT US

For questions, requests, or complaints regarding this Privacy Policy or your personal data:

MoneyBrief Ltd

‍34 Bushnell Road

London

SW17 8QP

United Kingdom

Email: hello@moneybrief.co.uk

Complaints to the regulator

You have the right to complain to the UK Information Commissioner's Office (ICO):

Information Commissioner's Office

‍Wycliffe HouseWater Lane

Wilmslow

Cheshire SK9 5AF

Website: ico.org.ukHelpline: 0303 123 1113

We would always prefer the chance to resolve any concerns directly with you first, but you have the right to go to the ICO at any time.