WealthSpace Privacy Policy

Effective Date: 1 January 2025

Last Updated: 11 December 2025

1. Introduction............................................................................................................................ 1

2. Data Controller Information................................................................................................... 1

3. Personal Data We Collect..................................................................................................... 1

3.1 User Account Data........................................................................................................... 1

3.2 Client Data (Processed on Behalf of Advisory Firms)..................................................... 1

3.3 Meeting and Communication Data.................................................................................. 1

3.4 Document Data................................................................................................................ 1

3.5 Billing Data....................................................................................................................... 1

4. Legal Bases for Processing................................................................................................... 1

4.1 Performance of a Contract (Article 6(1)(b))..................................................................... 1

4.2 Legitimate Interests (Article 6(1)(f))................................................................................. 1

4.3 Legal Obligation (Article 6(1)(c))...................................................................................... 1

4.4 Consent (Article 6(1)(a)).................................................................................................. 1

5. Special Category Data........................................................................................................... 1

6. Artificial Intelligence and Automated Processing.................................................................. 1

6.1 AI Capabilities We Use.................................................................................................... 1

6.2 Data Processed by AI Services....................................................................................... 1

6.3 Human Oversight............................................................................................................. 1

7. Third-Party Data Sharing and Sub-Processors..................................................................... 1

7.1 Categories of Sub-Processors......................................................................................... 1

Cloud Infrastructure............................................................................................................ 1

AI Model Provider............................................................................................................... 1

Communication and Calendar Services............................................................................. 1

E-Signature Services.......................................................................................................... 1

Telephony and Recording Services................................................................................... 1

Search Services................................................................................................................. 1

Payment Processing........................................................................................................... 1

8. International Data Transfers.................................................................................................. 1

8.1 UK-Based Processing...................................................................................................... 1

8.2 Transfer Mechanisms...................................................................................................... 1

8.3 Transfers Outside the UK................................................................................................ 1

9. Data Retention....................................................................................................................... 1

9.1 Retention Periods............................................................................................................ 1

10. Your Rights Under UK GDPR............................................................................................. 1

10.1 Right of Access.............................................................................................................. 1

10.2 Right to Rectification...................................................................................................... 1

10.3 Right to Erasure............................................................................................................. 1

10.4 Right to Restrict Processing.......................................................................................... 1

10.5 Right to Data Portability................................................................................................. 1

10.6 Right to Object............................................................................................................... 1

10.7 Rights Related to Automated Decision-Making............................................................. 1

11. Security Measures............................................................................................................... 1

11.1 Technical Measures....................................................................................................... 1

11.2 Organisational Measures............................................................................................... 1

12. Cookies and Browser Storage............................................................................................. 1

12.1 Local Storage Used....................................................................................................... 1

13. Client Portal......................................................................................................................... 1

13.1 Portal Access................................................................................................................. 1

13.2 Available Permissions.................................................................................................... 1

14. Recording and Consent....................................................................................................... 1

14.1 Phone Call Recording.................................................................................................... 1

14.2 Video Meeting Recording.............................................................................................. 1

14.3 Audio Upload.................................................................................................................. 1

15. Compliance and Audit......................................................................................................... 1

15.1 Audit Trail Features........................................................................................................ 1

15.2 FCA Compliance Support.............................................................................................. 1

16. Data Breach Notification...................................................................................................... 1

16.1 Notification to the ICO.................................................................................................... 1

16.2 Notification to Affected Individuals................................................................................. 1

16.3 Notification to Business Customers............................................................................... 1

17. Contact Us........................................................................................................................... 1

18. Complaints........................................................................................................................... 1

19. Children's Data.................................................................................................................... 1

20. Changes to This Privacy Policy........................................................................................... 1

 

 

 

1. Introduction

WealthSpace ("we", "us", "our") is a financial advisory software-as-a-service platform designed to support financial advisers and their firms in delivering exceptional client service. We are committed to protecting the privacy and security of all personal data we process.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation.

WealthSpace operates as a data controller for certain processing activities and as a data processor when processing personal data on behalf of our business customers (financial advisory firms).

2. Data Controller Information

WealthSpace is the data controller for the processing of personal data relating to our direct business relationships, including user account management and billing.

Registered Company:

WEALTHSPACE LTD (Company No. 15396707)

Registered Address:

Kings Court Runway East Bath

Parsonage Lane

Bath, Bath And North East Somerset

England, BA1 1ER

ICO Registration Number:

[TO BE CONFIRMED]

Data Protection Contact:

support@wealthspace.ai

When processing client data on behalf of financial advisory firms, WealthSpace acts as a data processor. In such cases, the advisory firm remains the data controller for their clients' personal data, and separate Data Processing Agreements govern this relationship.

3. Personal Data We Collect

We collect and process various categories of personal data depending on your relationship with WealthSpace and how you interact with our services.

3.1 User Account Data

When you create and maintain a WealthSpace account, we collect:

• Email address and password (encrypted)

• Full name and professional title

• Organisation name and role within the organisation

• Profile information including initials and profile pictures

• Team member information

• Login history and authentication events

3.2 Client Data (Processed on Behalf of Advisory Firms)

When advisory firms use our platform to manage their client relationships, we process:

• Client names, email addresses, and telephone numbers

• Financial data including portfolio values, asset information, and risk profiles

• Tax planning, pension, investment, and estate planning information

• Income details and drawdown strategy data

• Risk questionnaire responses

3.3 Meeting and Communication Data

To support client meetings and communications, we may process:

• Audio recordings of meetings (with appropriate consent)

• Video meeting recordings

• Meeting transcriptions with speaker identification

• Phone call recordings (with compliance announcements)

• Chat messages and meeting notes

• Meeting attendee information and scheduling data

3.4 Document Data

Documents uploaded to or generated within our platform include:

• Suitability reports and client agreements

• Fund switch authorities and ISA application forms

• Electronically signed documents with audit trails

• Uploaded files including PDFs, Word documents, images, and spreadsheets

3.5 Billing Data

For payment processing, we collect:

• Payment card details (processed securely through PCI-compliant providers)

• Bank account and direct debit information

• Billing addresses

• Invoice and payment history

 

 

4. Legal Bases for Processing

We process personal data only where we have a valid legal basis under UK GDPR. The legal bases we rely upon depend on the specific processing activity.

4.1 Performance of a Contract (Article 6(1)(b))

We process personal data where necessary to perform our contractual obligations, including:

• Managing user accounts and providing access to our services

• Delivering the WealthSpace platform to advisory firms

• Processing billing and payments

4.2 Legitimate Interests (Article 6(1)(f))

We process certain data based on our legitimate business interests, where such interests are not overridden by your rights. These include:

• Maintaining audit logs for compliance and security purposes

• System security, fraud prevention, and service protection

• Service improvement and development

4.3 Legal Obligation (Article 6(1)(c))

We are required to process certain data to comply with legal obligations, including:

• Maintaining financial services compliance records as required by the FCA

• Retaining audit trails for regulatory purposes

• Responding to regulatory reporting requirements

4.4 Consent (Article 6(1)(a))

Where required, we obtain explicit consent for specific processing activities, including:

• Recording meetings (participants are notified prior to recording)

• Recording phone calls (compliance announcements are made)

• Marketing communications (where applicable)

5. Special Category Data

In the course of providing financial advisory services, certain personal data processed through our platform may reveal or relate to special category data, particularly information concerning health conditions (for example, in relation to life insurance or protection policies).

Where special category data is processed, this is done either with your explicit consent or under the exemption for processing necessary for the provision of professional services in the financial sector, in accordance with Article 9(2) of UK GDPR.

 

 

6. Artificial Intelligence and Automated Processing

WealthSpace utilises artificial intelligence and machine learning technologies to enhance our services. We believe in transparency about how these technologies process personal data.

6.1 AI Capabilities We Use

Our platform integrates the following AI capabilities, hosted within our UK cloud infrastructure:

• Large Language Models (Anthropic Claude): Used for report generation, compliance analysis, and chat assistance

• Speech-to-Text Transcription: Used for transcribing meeting audio recordings

• Document Embeddings: Used for intelligent document search and retrieval

• Document Extraction: Used for extracting text and data from uploaded documents

6.2 Data Processed by AI Services

The following types of data may be processed by AI services:

• Meeting transcripts for analysis and summary generation

• Client financial data for report generation

• Documents for analysis and compliance checking

• User queries and chat messages

6.3 Human Oversight

We do not engage in fully automated decision-making that produces legal or similarly significant effects on individuals. All AI-generated content, recommendations, and analyses are subject to review by human advisers before being relied upon for client decisions.

7. Third-Party Data Sharing and Sub-Processors

We work with carefully selected third-party service providers (sub-processors) to deliver our services. Each sub-processor is contractually bound to protect personal data and process it only in accordance with our instructions.

7.1 Categories of Sub-Processors

Cloud Infrastructure

• Amazon Web Services (AWS): Primary cloud infrastructure provider — UK region (eu-west-2, London)

AI Model Provider

• Anthropic: Provider of Claude large language model, accessed via our UK cloud infrastructure

Communication and Calendar Services

• Microsoft: Calendar, email, and video meeting integration (Outlook, Teams)

• Google: Calendar, email, and video meeting integration (Gmail, Calendar, Meet)

• Zoom: Video meeting integration

E-Signature Services

• DocuSign: Electronic signature services — EU region (eu.docusign.net)

Telephony and Recording Services

• Twilio: Phone call recording and telephony services — UK compliant

• Recall.ai: Virtual meeting recording services — EU region

Search Services

• Tavily: Web search for research assistance — USA (with PII redaction applied)

Payment Processing

• Stripe: Card payment processing

• GoCardless: Direct debit processing — UK

 

 

8. International Data Transfers

Our primary cloud infrastructure is hosted in the United Kingdom (London region), ensuring that the majority of personal data processing occurs within the UK. However, some of our sub-processors are located outside the United Kingdom.

8.1 UK-Based Processing

The following processing activities occur within the UK:

• Database storage and primary application hosting

• AI model inference (large language models)

• Speech-to-text transcription

• Document storage and processing

• Document embeddings and vector search

8.2 Transfer Mechanisms

Where personal data is transferred to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• UK International Data Transfer Agreement (IDTA)

• Data Processing Agreements with all sub-processors

8.3 Transfers Outside the UK

Limited personal data may be transferred outside the UK for specific services, including web search functionality (Tavily) and certain communication platform integrations (Microsoft, Google, Zoom). These transfers are protected by appropriate safeguards including Standard Contractual Clauses and supplementary security measures. Where possible, we apply PII redaction before data leaves UK infrastructure.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests.

9.1 Retention Periods

• User Accounts: Duration of service plus 2 years following account closure

• Client Data: As instructed by the advisory firm (typically 7+ years for financial records in accordance with FCA requirements)

• Meeting Recordings: Configurable retention period with automatic archival (standard storage for 30 days, then archived for up to 180 days)

• Documents: Standard storage for 90 days, then archived for up to 365 days before deletion

• Audit Logs: 7 years (in accordance with FCA requirements)

• E-Signed Documents: 7+ years (audit trails retained by DocuSign)

• Report Exports: Automatically deleted after 30 days

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data. Please note that some rights may be subject to exemptions, particularly where data is processed for financial regulatory compliance purposes.

10.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will respond to valid requests within one month. To submit a Subject Access Request, please contact us at support@wealthspace.ai.

10.2 Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.

10.3 Right to Erasure

In certain circumstances, you have the right to request that we delete your personal data. Please note that this right is subject to exemptions, including where we are required to retain data for legal or regulatory compliance purposes.

10.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data or consider an objection you have raised.

10.5 Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

10.6 Right to Object

You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

10.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. As noted in Section 6.3, we do not engage in such processing.

 

 

11. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or damage.

11.1 Technical Measures

• Secure authentication with automatic token expiry

• Magic link authentication for passwordless access with short-lived tokens

• Role-based access control (RBAC) to limit data access to authorised users

• Encryption of data at rest using AES-256 encryption

• Encryption of data in transit using TLS 1.3

• Database connection pooling and network isolation

• Web application firewall protection

• Automated secrets rotation (90-day cycle for credentials)

11.2 Organisational Measures

• Staff training on data protection and security practices

• Access limited to personnel who require it for their role

• Regular security assessments and reviews

• Incident response procedures

• Separation of production and non-production environments

12. Cookies and Browser Storage

WealthSpace uses browser storage technologies to provide and improve our services. We do not use third-party tracking cookies.

12.1 Local Storage Used

Our platform stores the following data in your browser's local storage:

• Session authentication: Information to keep you logged in

• AI conversation history: Your chat history with our AI assistant

• User preferences: Your selected AI model, theme, and integration preferences

• Cached data: Meeting and other data cached for performance

This storage is strictly functional and necessary for the operation of our services. You can clear this data through your browser settings, though this may affect your user experience.

13. Client Portal

WealthSpace provides a client portal that allows advisory firms' clients to access certain information and services directly.

13.1 Portal Access

Access to the client portal is controlled through secure magic link authentication. Advisory firms can configure the specific permissions granted to each client.

13.2 Available Permissions

Depending on configuration, clients may be able to:

• View their portfolio information

• Access and download documents

• Send secure messages to their adviser

• View meeting notes and recordings

• Book meetings with their adviser

• Update their personal details

• Complete questionnaires

 

 

14. Recording and Consent

WealthSpace provides recording functionality to help advisory firms meet their regulatory obligations and improve client service.

14.1 Phone Call Recording

When phone calls are recorded through our telephony integration, a compliance announcement is made to all participants at the start of the call, informing them that the call is being recorded.

14.2 Video Meeting Recording

Video meetings conducted through Zoom, Microsoft Teams, or Google Meet may be recorded. Meeting participants are notified through the respective platform's notification system when recording begins.

14.3 Audio Upload

Users may upload audio recordings of meetings for transcription. The advisory firm using this feature is responsible for ensuring appropriate consent was obtained from all participants prior to the original recording.

15. Compliance and Audit

WealthSpace maintains comprehensive audit capabilities to support advisory firms' regulatory compliance obligations.

15.1 Audit Trail Features

Our audit logging captures:

• Timestamps of all significant actions

• User identification for each action

• Action types and affected resources

• Changes made to records

• Session tracking information

Audit logs never include personally identifiable information (PII) to ensure security while maintaining compliance.

15.2 FCA Compliance Support

Our platform supports FCA compliance through:

• Suitability document tracking

• Approval workflows for client communications

• Document expiry management

• Exportable audit reports

16. Data Breach Notification

In the event of a personal data breach, we will comply with our obligations under UK GDPR.

16.1 Notification to the ICO

Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach.

16.2 Notification to Affected Individuals

Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify affected individuals without undue delay.

16.3 Notification to Business Customers

Where we process data as a data processor on behalf of advisory firms, we will notify the relevant advisory firm of any breach affecting their data without undue delay.

17. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

WEALTHSPACE LTD

Kings Court Runway East Bath

Parsonage Lane

Bath, Bath And North East Somerset

England, BA1 1ER

Email: support@wealthspace.ai

18. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

We encourage you to contact us first to resolve any concerns before approaching the ICO.

19. Children's Data

WealthSpace services are designed for use by financial advisory professionals and their adult clients. Our services are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

— End of Privacy Policy —