Last updated: 30 March 2026
Paraplanr ("we", "us", "our") provides an AI-powered paraplanning platform for UK financial adviser firms. This privacy policy explains how we collect, use, store, and protect personal data in connection with our website at paraplanr.co.uk and the Paraplanr application.
Paraplanr operates in two data protection roles. We are the data controller for personal data we collect directly — such as website visitor information, user accounts, and payment details. We are the data processor for personal data belonging to the clients of financial adviser firms who use our platform. Processing of adviser-client data is governed by a separate Data Processing Agreement between Paraplanr and each adviser firm.
Contact: hello@paraplanr.co.uk
When you visit paraplanr.co.uk we may collect your name, email address, company name, and message if you submit a contact form or sign up for our waitlist. We collect this data to respond to your enquiry and, where you have consented, to send you product updates. The lawful basis is consent (contact forms and marketing) and legitimate interests (understanding how visitors use our site).
When you create a Paraplanr account we collect your name, email address, role, and firm membership. We use this to provide and administer the service. The lawful basis is performance of a contract.
Subscription payments are processed by Stripe. Paraplanr does not receive or store your full card number. Stripe acts as an independent controller for payment data under its own privacy policy.
We use PostHog for product analytics. Usage data is anonymised and processed in the EU (Frankfurt). We do not use advertising cookies or share analytics data with third parties.
When a financial adviser firm uses Paraplanr, the firm's client data is uploaded to our platform for extraction, document generation, and integration with back-office systems. This data may include names, dates of birth, National Insurance numbers, addresses, contact details, employment information, income, expenditure, pension and investment details, assets, liabilities, risk profiles, and health information where relevant to financial advice.
For this data, the adviser firm is the data controller and Paraplanr is the data processor. We process it only on the firm's documented instructions and in accordance with our Data Processing Agreement. We do not use adviser-client data for any purpose other than providing the service to the firm.
Some of our sub-processors are based in the United States. In particular, adviser-client data is sent to Anthropic (US) for AI-powered extraction and document generation. Before transmission, we apply PII anonymisation — replacing email addresses, phone numbers, postcodes, and dates of birth with placeholders. The Anthropic API does not use customer data for model training, and API logs are deleted after 7 days.
International transfers are protected by UK International Data Transfer Agreements (IDTAs) and supplemented by technical safeguards including encryption in transit and PII anonymisation.
We use the following third-party services to deliver the Paraplanr platform: Vercel (application hosting), Supabase (database and storage), Anthropic (AI processing), Stripe (payments), Sentry (error monitoring), Resend (email delivery), PostHog (analytics), and Intelliflo (back-office integration at the adviser firm's direction). A detailed sub-processor register with locations, purposes, and data categories is available on request and is provided to all customers as part of our Data Processing Agreement.
Website contact form submissions are retained for 12 months. User accounts are retained for the duration of the subscription plus 30 days. Payment records are retained for 6 years as required by HMRC. Adviser-client data is retained as instructed by the controller firm under the Data Processing Agreement, and is deleted within 30 days of the firm's subscription ending unless the firm requests earlier deletion or data return.
We implement appropriate technical and organisational measures to protect personal data. These include HTTPS enforced via HSTS headers, encryption at rest (AES-256), row-level security isolating each firm's data, PII anonymisation before AI processing, encrypted storage of third-party credentials, rate limiting on sensitive endpoints, audit logging, role-based access control, and application error monitoring with source map protection.
We use essential cookies required for the platform to function, specifically the Supabase authentication session cookie. We use the Meta (Facebook) pixel and the LinkedIn Insight Tag to measure the effectiveness of our advertising and to understand how visitors interact with our website. These tracking pixels may set cookies and collect data such as your IP address, browser type, and pages visited. This data is shared with Meta Platforms, Inc. and LinkedIn Corporation respectively for advertising measurement and optimisation. You can opt out of Meta's data collection via your Facebook ad settings at facebook.com/adpreferences, and LinkedIn's data collection via your LinkedIn ad settings at linkedin.com/psettings/guest-controls.
Under the UK GDPR, you have the right to access, rectify, erase, restrict processing of, object to processing of, and port your personal data. You may withdraw consent at any time where consent is the lawful basis for processing. To exercise any of these rights in relation to your website or account data, contact us at hello@paraplanr.co.uk. We will respond within 30 days.
If your personal data has been processed through Paraplanr by your financial adviser, you should contact your adviser directly as they are the data controller. We will assist the adviser in responding to your request.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and, where required, notify affected individuals without undue delay.
We may update this policy from time to time. Material changes will be communicated via email to registered users and posted on this page. We encourage you to review this policy periodically.
If you have questions about this privacy policy or wish to exercise your data protection rights, contact us at hello@paraplanr.co.uk.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.