Privacy Policy - Wealth365

1. Introduction

Wealth365 is operated by Wealth365 Ltd, a company registered in Northern Ireland (company number NI740485) with its registered office at 19 Milltown Street, Warrenpoint, Co. Down BT34 3PS. Wealth365 Ltd ("we", "us", "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our retirement planning service.

We process personal data in accordance with:

The UK General Data Protection Regulation (UK GDPR)
The Data Protection Act 2018
The Privacy and Electronic Communications Regulations 2003 (PECR)

2. Data Controller

For the purposes of data protection legislation, the data controller is:

Wealth365 Ltd
Registered in Northern Ireland, company number NI740485
Registered office: 19 Milltown Street, Warrenpoint, Co. Down BT34 3PS
Email: contact@wealth365.co.uk
Data Protection Enquiries: dpo@wealth365.co.uk

3. Information We Collect

3.1 Information You Provide Directly

Category	Data Types	Purpose
Account Information	Name, email address, password (encrypted)	Account creation and authentication
Financial Planning Data	Age, retirement age, salary, pension values, savings, property details, debts, National Insurance years	Retirement projections and calculations
Family Information	Spouse/partner details, dependents' ages (if you choose to provide)	Joint planning calculations

3.2 Information Collected Automatically

Category	Data Types	Purpose
Technical Data	IP address, browser type and version, device type, operating system	Security, service optimisation
Usage Data	Pages visited, features used, time spent on pages	Service improvement
Session Data	Login timestamps, session duration	Security and authentication

3.3 Special Category Data

We do not intentionally collect special category data (such as health information, race, religious beliefs, or political opinions). If you include such information in any free-text fields, you consent to our processing of that information for the purposes of providing the service.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

Purpose	Legal Basis
Providing the retirement planning service	Contract – Processing is necessary to perform our contract with you
Account security and fraud prevention	Legitimate Interest – We have a legitimate interest in protecting our service and users
Service improvement and analytics	Legitimate Interest – We have a legitimate interest in improving our service
Marketing communications (if opted in)	Consent – Only with your explicit consent
Compliance with legal obligations	Legal Obligation – Where required by law

5. How We Use Your Information

We use your personal data to:

Create and manage your account
Provide retirement planning calculations and projections
Save and retrieve your financial plans
Respond to your enquiries and support requests
Send service-related communications (e.g., password resets)
Improve and develop our service
Ensure the security of our platform
Comply with legal and regulatory obligations

6. Data Sharing

6.1 We Do Not Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Third Parties We May Share Data With

Provider / Category	Purpose	Location	Safeguards
Replit, Inc.	Application hosting and database — the production environment currently runs on Replit infrastructure in their North America region (United States)	United States (Replit North America region). Replit, Inc. is incorporated in the United States. Migration of the production deployment to Replit's European Union region is a planned future objective; until that migration is complete, primary hosting remains in the US.	Transfer from the UK to the United States is governed by the UK Addendum to the EU Standard Contractual Clauses / UK International Data Transfer Agreement (IDTA), as approved by the ICO under Article 46 UK GDPR, under our Data Processing Agreement with Replit. Technical measures: TLS in transit; Fernet field-level encryption at rest for sensitive financial fields; bcrypt password hashing.
Sentry (Functional Software, Inc.)	Error and performance monitoring — see Section 13.4 for full details of the PII-scrubbing controls in place	United States	Data Processing Agreement; EU–US Data Privacy Framework participation; PII scrubbed before transmission so no financial plan data or personal identifiers leave the device/server
Stripe, Inc.	Payment processing and subscription management	United States	PCI-DSS Level 1 certification; Standard Contractual Clauses; card data never touches Wealth365 servers
Hetzner Online GmbH	Off-site encrypted database backup storage (chosen provider; operator provisioning in progress) — nightly logical backups will be GPG-encrypted and uploaded to Hetzner Object Storage in the EU region once provisioning is complete	European Union (EEA) — Falkenstein, Germany or Helsinki, Finland	Data Processing Agreement to be executed and filed before production use (provisioning in progress). Storage is within the EEA; no restricted transfer arises. Backups will be GPG-encrypted before upload so Hetzner cannot read backup contents. The GPG private key will be held offline and never in the Hetzner environment.
Email Service Providers	To send transactional emails (password resets, notifications)	United Kingdom / EEA	Data Processing Agreement in place
Legal and Regulatory Bodies	Where required by law or legal process	United Kingdom	Only when legally obligated

7. International Transfers

7.1 Where your data is stored and processed

Wealth365's production application and database are currently hosted by Replit, Inc. in their North America region (United States). This means that when you use Wealth365, your personal data — including your account information and any financial planning data you enter — is stored and processed in the United States.

Because primary hosting is in the United States, the transfer of your personal data from the UK to Replit's US infrastructure is a restricted transfer under Chapter V of the UK GDPR and proceeds under the Article 46 safeguard described in Section 7.2 (the UK IDTA / UK Addendum to EU SCCs).

Planned future migration: migration of the production deployment to Replit's European Union region is a planned future objective. Once completed, the primary hosting flow will instead rely on the UK's adequacy regulations for the EEA, and this Privacy Policy will be updated to reflect that change. Until that migration is complete, the position described in this Section 7 is the current and authoritative one.

Development environments: Replit's development and build tooling also runs in North America. Development environments must not contain real client data.

7.2 Transfer mechanism

Primary hosting (Replit North America region) — UK IDTA / UK Addendum to EU SCCs: the routine storage and processing of your personal data by Replit, Inc. in the United States is governed by the UK Addendum to the EU Standard Contractual Clauses, or equivalently the UK International Data Transfer Agreement (IDTA), as approved by the Information Commissioner's Office (ICO) under Article 46 UK GDPR, under our Data Processing Agreement with Replit. The IDTA requires the recipient to protect your data to a standard equivalent to UK GDPR.

Error and performance monitoring — Sentry (Functional Software, Inc.), United States: Sentry is a US-hosted processor. It participates in the EU–US Data Privacy Framework and processes data under a Data Processing Agreement with Wealth365 Ltd. A PII-scrubbing layer runs before any data leaves the server or device, so only anonymised technical data (stack traces, route names, timing) is ever transferred — no financial plan data or personal identifiers are included. See Section 13.4 for full detail.

Payment processing — Stripe, Inc., United States: handled under PCI-DSS Level 1 certification and Standard Contractual Clauses. Your card number and billing details are submitted directly to Stripe and never touch Wealth365 servers.

7.3 Transfer risk assessment

Because primary hosting, error monitoring, and payment processing all involve US-based sub-processors, every flow of your personal data outside the UK is currently a Chapter V restricted transfer covered by an Article 46 safeguard (the UK IDTA / UK Addendum to EU SCCs, or — for Sentry — the EU–US Data Privacy Framework alongside our DPA). In addition to the contractual safeguards above, the following technical measures reduce the risk of unauthorised access to your data in transit or at rest:

TLS in transit: all data is encrypted in transit between your browser and our servers, and between our servers and any third-party processor.
Fernet field-level encryption at rest: sensitive personal and financial fields are encrypted at the individual database-field level using AES-128-CBC with HMAC-SHA256, so raw database access does not expose readable data.
bcrypt password hashing: passwords are never stored — only a one-way hash. Even database access cannot reveal a password.
Sentry PII scrubbing: error-monitoring events are scrubbed of all personal and financial identifiers before transmission, limiting what any third party with access to monitoring infrastructure could see.

7.4 Your rights in relation to international transfers

You have the right to obtain a copy of the safeguards (including the UK Addendum to EU SCCs / UK IDTA) that govern any transfer of your personal data outside the UK. To exercise this right, or if you have any questions about where your data is stored or how it is transferred, please contact our Data Protection Officer at dpo@wealth365.co.uk.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

Data Type	Retention Period
Active account data	For the duration of your account
Inactive account data	Deleted after 2 years of inactivity (with prior notice)
Deleted account data	Removed within 30 days of account deletion request
Backup data	Removed within 90 days of account deletion
Legal/compliance records	As required by law (typically 6-7 years)

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Request that we limit how we use your data.

Right to Data Portability

Receive your data in a structured, commonly used format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent).

Rights Related to Automated Decisions

Not be subject to decisions based solely on automated processing.

To exercise any of these rights, please contact us at dpo@wealth365.co.uk. We will respond within one month of receiving your request.

Self-service tools

Where you hold a Wealth365 login, you can exercise two of these rights without contacting us at all. Both tools live on your Account page under "Your data" and "Danger zone":

Export my data (Articles 15 & 20). One-click download of every record we hold against your account, as a single JSON file with a SHA-256 integrity digest. Limited to one download per 24 hours.
Delete my account (Article 17). Permanently removes your identifying data from our systems and deletes your Stripe customer record (including any saved payment methods). Any active subscription is cancelled immediately and is not refunded for the remaining billing period. You will receive a confirmation email and an audit reference; the operation cannot be undone.

Records we are required to keep (the MLR-2017 exception)

UK Money Laundering Regulations 2017 require us to retain transaction and identity-verification records for 5 years after our relationship with you ends. When you delete your account, we keep these specific records (audit log, AML checks, KYC documents) for that period — but with all identifying fields removed or replaced with a one-way hash, so the surviving rows cannot be linked back to you. After 5 years they are purged in full.

The full table-by-table retention schedule that the export and erasure tools enforce is documented in docs/data-retention.md and is available on request.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Transport encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL.
Field-level encryption at rest: Sensitive personal and financial fields are encrypted at the individual database-field level using Fernet (AES-128-CBC with HMAC-SHA256). Even if the underlying database were accessed, protected fields would be unreadable ciphertext.
Password security: Passwords are never stored — only a one-way bcrypt hash. We cannot recover your password; we can only verify it.
Access controls: Staff access to personal data is restricted on a need-to-know basis.
Hosting infrastructure: The production environment is currently hosted on Replit, Inc. infrastructure in their North America region (United States). Physical and logical access controls are maintained by Replit. The UK→US transfer is governed by the UK IDTA / UK Addendum to EU SCCs under Article 46 UK GDPR; see Section 7 for full detail. Migration of the production deployment to Replit's European Union region is a planned future objective. The technical measures above (TLS, field-level encryption, bcrypt) apply in full.
Regular updates: We keep our systems patched and updated.
Monitoring: We monitor for suspicious activity and security threats. Error monitoring data is sent to Sentry (US) with a PII-scrubbing layer — see Sections 7 and 13.4.

11. Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the Information Commissioner's Office (ICO) within 72 hours
Notify affected individuals without undue delay where there is a high risk
Document the breach and remedial actions taken

12. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Mobile Application

When you use the Wealth365 mobile application ("App") in addition to or instead of the web service, the following additional data practices apply.

13.1 Data Collected on Mobile

Category	Data Types	Purpose
Device Information	Device model, operating system version, app version, locale/language setting	Compatibility, error diagnosis, version-specific feature gating
Push Notification Token	A device-specific token issued by Apple (APNs) or Google (FCM)	Delivering in-app notifications (e.g. plan reminders, security alerts). Tokens are stored encrypted and are never shared with third parties for marketing.
Crash & Performance Data	Stack traces, app state at time of crash, response times	Stability monitoring via Sentry. All events are scrubbed of PII before transmission — see Section 13.4.
App Usage Events	Screens viewed, features tapped, session duration	Product improvement. No financial plan content is included in these events.

13.2 Biometric Authentication (Face ID / Fingerprint)

The App offers optional biometric authentication using Face ID or Touch ID (iOS) and fingerprint recognition (Android). You may enable or disable this at any time in the App settings.

On-device only: Biometric verification is performed entirely by your device's secure enclave. No biometric data — not the fingerprint image, Face ID map, or any template — is ever transmitted to Wealth365 servers or stored in our systems.
Legal basis: Consent (you must actively enable biometric login; it is not on by default).
Fallback: You can always authenticate using your email address and password if biometric login is unavailable or disabled.

13.3 Push Notification Tokens

If you grant notification permission, your device's push token is stored against your account:

Tokens are encrypted at rest using the same Fernet encryption as other sensitive fields.
Tokens are used only to deliver notifications from Wealth365 directly to your device.
Tokens are never sold or shared with advertising networks.
You can revoke notification permission at any time in your device's system settings; your token will be deregistered from our system within 24 hours.
Legal basis: Consent (iOS and Android both require you to grant permission explicitly).

13.4 Crash & Error Monitoring (Sentry)

The App sends crash reports and performance data to Sentry (Functional Software, Inc., a US-based processor). The following safeguards are in place:

A PII-scrubbing layer runs on every event before it leaves the device. Fields whose names match our sensitive-key list (email, date of birth, NI number, financial plan data, account balances, goals, etc.) are replaced with [Filtered].
Request bodies on plan, account, and authentication endpoints are stripped entirely.
Only stack traces, route/screen names, and timing data leave the device.
send_default_pii is set to false in the Sentry SDK configuration on both iOS and Android.
Sentry processes data under a Data Processing Agreement with Wealth365 Ltd and participates in the EU-US Data Privacy Framework.
Legal basis: Legitimate Interest — we have a legitimate interest in maintaining the stability of the App.

13.5 Third-Party Processors Used by the Mobile App

The following third-party processors are used by the App (no new processors are introduced beyond those already used by the web service):

Processor	Role	Data shared	Safeguards
Stripe	Subscription billing (web only — not in-app purchase)	Email, subscription status	PCI-DSS Level 1. DPA in place.
Sentry	Crash reporting and performance monitoring	Anonymised stack traces, screen names, timing (PII scrubbed)	DPA in place. EU-US DPF participant.
Yahoo Finance	Live stock/ETF price data	Ticker symbols only (no personal data)	Public API; no personal data transmitted.
FCA Register API	Adviser firm lookup	Search terms only (no personal data)	UK public register; no personal data transmitted.
Hetzner Online GmbH	Off-site encrypted database backup storage (chosen provider; operator provisioning in progress)	Encrypted database dump only (no personal data readable — GPG-encrypted before upload)	DPA to be executed and filed before production use (provisioning in progress). Storage in EEA (no restricted transfer). Private decryption key to be held offline, never with Hetzner.
Microsoft 365	Transactional email (password reset, notifications)	Email address, notification content	DPA in place.
Apple APNs / Google FCM	Push notification delivery	Device push token, notification payload (no financial plan content)	Operated by Apple / Google under their own DPAs.

13.6 App Store Review

When the App is submitted to Apple App Store or Google Play Store for review, Apple Inc. and Google LLC may have access to the App's functionality as part of the review process. They are subject to their own privacy policies and are not acting as our data processors in that capacity.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the updated policy on our website with a new "Last Updated" date
Emailing registered users about material changes

We encourage you to review this policy periodically.

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact:

Wealth365 Ltd
Registered in Northern Ireland, company number NI740485
Registered office: 19 Milltown Street, Warrenpoint, Co. Down BT34 3PS
Data Protection Officer: dpo@wealth365.co.uk
General Enquiries: contact@wealth365.co.uk

16. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.