Privacy Policy

CoverProof plays two distinct data-protection roles, and the difference matters for your rights:

• As a processor. When a regulated firm uploads its SM&CR register and FCA Register data, and sends declarations to individuals, that firm is the data controller and decides why the data is processed. CoverProof processes it on the firm's instructions. If you are an individual who received a declaration, the firm that sent it — not CoverProof — is your controller, and rights requests are normally directed to them. We will support them in responding.
• As a controller. For our own website visitors and for the account holders who sign up to use CoverProof, we are the controller of that account and contact data and of our product analytics.

• Account holders (we are controller): name, work email, and the firm you belong to. Sign-in is passwordless, so we do not store a password. Sessions record an IP address and browser user-agent for security.
• Register & declaration data (we are processor): for the individuals in a firm's SM&CR/FCA register — full name, job title, work email, FCA Individual Reference Number, regulatory function codes, and the AI gap-analysis result and rationale about whether they fall within the regime. For declaration and counterparty recipients — name, email, the company name where relevant, and their signed response.
• Website visitors (we are controller): consent-gated product analytics (see Cookies, below).

• Contract — to provide the service to firms that subscribe.
• Legal obligation / legal claims — to retain the signed declarations and the immutable audit trail as court-admissible evidence of compliance (see Retention).
• Legitimate interests — to secure the service and, where you consent, to understand product usage. For register/declaration data processed on a firm's behalf, the lawful basis is determined by that firm as controller.

We use a small set of sub-processors to run the service. The current list, and what each one does, is published and kept up to date on our Trust Centre.

Some sub-processors are located outside the UK (for example in the United States). Where personal data is transferred internationally, the transfer is protected by appropriate safeguards such as the UK International Data Transfer Agreement / Addendum or Standard Contractual Clauses, together with each provider's data-processing terms.

We hold personal data only as long as there is a lawful reason to. Two categories are treated specially, and we are upfront about why:

• Signed declarations are cryptographically sealed compliance records. A firm relies on them as evidence of its Section 250 position, so they are retained under the legal-obligation / legal-claims basis for the applicable statutory retention period, rather than deleted on demand.
• The audit trail is append-only and hash-chained. Its court-admissibility depends on the fact that no record can be altered or removed — so it is immutable by database design. It is engineered to contain minimal personal data (the email of an acting firm administrator, never declarant personal data).

Everything else — the uploaded register rows and the free-text of AI analysis — can be erased on request. When a firm erases an individual, we overwrite that operational personal data and return a report showing exactly what was erased and what was retained under legal hold. We never silently keep data we claim to delete. Firm administrators can run both export and erasure from Privacy & Data in the dashboard.

Under UK GDPR you have rights of access, rectification, erasure, restriction, portability, and objection. How to exercise them depends on our role:

• If your data is held because a firm uploaded it (we are processor), contact that firm — they are your controller. We provide them tools to export and erase your data and will assist them promptly.
• For your own CoverProof account (we are controller), email privacy@coverproof.co.uk.
• You can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to resolve it first.

We do not use advertising cookies. We use privacy-friendly product analytics (PostHog, hosted in the EU) only after you accept analytics in our consent banner; IP addresses are anonymised and analytics events never include names or emails. Decline, and no analytics cookies are set. You can change your choice any time from the cookie settings control.

How we protect this data is documented on our Security page. For any privacy question, email privacy@coverproof.co.uk. CoverProof is a UK company; this policy is governed by the law of England and Wales.