How we protect your data — and how you can help.
Your financial data is some of the most sensitive information you have. We take its protection seriously — not as a box-ticking exercise, but as a core part of how we run the business.
We have a dedicated head of cyber security on the team. Our systems are designed, built, and tested in-house — which means we understand every layer of how your data is stored, accessed, and protected. We process and protect personal data in accordance with UK data protection legislation, including the UK GDPR.
All client data is held in Microsoft Azure's UK South data centre. Your information stays in the UK, hosted on infrastructure that meets the highest international security standards including ISO 27001 and SOC 2 compliance.
We also maintain a separate staging environment for development and testing, so live client data is never used in our testing processes.
Your data is encrypted in transit and at rest. Every connection to the Wealth Portal uses TLS, and our databases sit on Azure's encrypted storage — so your information is protected both while it's moving and while it's being held.
The vast majority of our application logic runs on the server, not in your browser. This means your sensitive data is processed on our secure infrastructure rather than being sent to your device where it could be more exposed.
Where we do use client-side technology — for charts and interactive elements — it's only for presentation. The complex operations that handle your financial data always run server-side.
We support multi-factor authentication on the Wealth Portal and biometric login — Face ID and fingerprint — on our mobile app. Biometric authentication is managed securely at device level by your device provider (e.g. Apple or Android) and is not stored by us. We strongly encourage every client to enable MFA — it's one of the most effective protections against unauthorised access.
Not everyone in the firm can see everything. Access to client data is controlled on a role-by-role basis — people only see what they need to see for their job. This limits exposure and ensures your information is treated with the care it deserves.
When you share sensitive documents with us — passports, identity documents, statements — access links are time-limited and expire automatically. Documents are stored in Azure's encrypted storage, so sensitive documents aren't left accessible on open URLs.
Our DocBox system lets you view your documents — wills, powers of attorney, statements, contracts — through a secure viewer. Whether you're in a hotel, at an airport, or on someone else's computer, you can see what you need without leaving copies behind.
It also means you can share documents directly with us — identity documents, bank statements, anything sensitive — without having to use email. Upload it once, securely, and it's there.
A single secure login gives you access to your consolidated information across platforms. No separate logins for separate providers, no passwords scattered across different websites. This level of integration is only possible with institutional-grade platforms, and it's one of the reasons we use them.
We run penetration testing regularly as part of our development process, including after major releases. Our systems are tested for vulnerabilities in a dedicated staging environment before anything goes live.
The references you see in links and on screen are randomised codes, not the underlying database IDs — so what's visible externally can't be used to guess or enumerate anything internally.
One of the biggest risks in financial services is email. Phishing attacks, compromised inboxes, messages intercepted in transit — email is an inherently leaky way to share sensitive information, and yet most firms still use it as their main channel with clients.
We took a different approach. The Wealth Portal and our mobile app have a secure messaging system built in. It's how we communicate with clients, and it's how we encourage you to communicate with us. Messages live inside our platform — not in an email server, not in a shared inbox, not in your spam folder next to a supermarket offer.
We don't force anyone to use it — but we do recommend it. Your financial information is too important to be sitting in an email inbox.
This is also why the mobile app matters. With secure messaging on your phone, you can reach us instantly — without relying on email at all.
We use AI to help with things like drafting communications and summarising documents. We have a dedicated AI specialist on the team, and we take a careful, ethics-led approach to how it's applied.
Our AI runs inside Microsoft's enterprise Azure environment, which doesn't use customer data to train its models. We don't use consumer AI tools for client work, and we don't hand your data to third parties to train theirs.
AI should make things better for clients — never at the expense of their privacy.
Security is a partnership. We do everything we can on our side — but some of the most effective protections are in your hands.
If you haven't already, switch it on. It takes 30 seconds and it's one of the single most effective things you can do to protect your accounts — not just with us, but everywhere.
Send us documents, questions, and sensitive information through the Wealth Portal or mobile app — not email. It's more secure than email and it's there for a reason.
We will never ask you for passwords, login details, or bank information by email. If you receive anything that looks like it's from us asking for this, it isn't. Contact us directly.
Use strong passwords, keep your phone and computer updated, and don't share login credentials. The best security in the world can't protect you if someone else has your password.
While we take extensive measures to protect your data, no system can be guaranteed to be completely secure. We continuously review and improve our security practices to minimise risk.
If you have any concerns about how your data is protected, we're happy to talk through our approach in detail.
Get in Touch