How we protect your data — and how you can help.
Your financial data is some of the most sensitive information you have. We take its protection seriously — not as a box-ticking exercise, but as a core part of how we run the business.
We have a dedicated head of cyber security on the team. Our systems are designed, built, and tested in-house — which means we understand every layer of how your data is stored, accessed, and protected.
All client data is held in Microsoft Azure's UK South data centre. Your information stays in the UK, hosted on infrastructure that meets the highest international security standards including ISO 27001 and SOC 2 compliance.
We also maintain a separate staging environment for development and testing, so live client data is never used in our testing processes.
Data is encrypted at rest and in transit. All connections use TLS encryption, and our databases use Azure SQL's built-in encryption to protect your information even if the underlying storage were somehow compromised.
The vast majority of our application logic runs on the server, not in your browser. This means your sensitive data is processed on our secure infrastructure rather than being sent to your device where it could be more exposed.
Where we do use client-side technology — for charts and interactive elements — it's only for presentation. The complex operations that handle your financial data always run server-side.
We support multi-factor authentication on the Wealth Portal and biometric login — Face ID and fingerprint — on our mobile app. We're strong supporters of Apple's approach to device security and biometrics. We strongly encourage every client to enable MFA — it's one of the most effective protections against unauthorised access.
Not everyone in the firm can see everything. Access to client data is controlled on a role-by-role basis — people only see what they need to see for their job. This limits exposure and ensures your information is treated with the care it deserves.
When you share sensitive documents with us — passports, identity documents, statements — the access links are only available for minutes, not hours. Documents are stored in Azure's encrypted storage and links expire automatically. Nothing sits on an open URL.
Our DocBox system lets you view your documents — wills, powers of attorney, statements, contracts — through a secure viewer without downloading them to your device. Whether you're in a hotel, at an airport, or on someone else's computer, your documents stay protected. Nothing is saved locally.
It also means you can share documents directly with us — identity documents, bank statements, anything sensitive — without having to use email. Upload it once, securely, and it's there.
Because we integrate our institutional platforms directly via secure APIs, you log in once — to the Wealth Portal — and everything is there. No separate logins for separate providers, no passwords scattered across different websites. Your credentials stay in one place, protected by our authentication and encryption. This level of integration is only possible with institutional-grade platforms, and it's one of the reasons we use them.
We run penetration testing as part of our development process — after every major release, our systems are tested for vulnerabilities in a dedicated staging environment before anything goes live.
Sensitive data such as policy numbers and account references are hashed and never exposed in plain text — even within our own systems. If someone were to gain access to our database, the information they'd find would be meaningless without the keys to decrypt it.
One of the biggest risks we've seen in the financial services industry is email getting hacked. Phishing attacks, compromised inboxes, intercepted messages — email was never designed to be secure, and yet most firms still use it as their primary communication channel with clients.
We took a different approach. The Wealth Portal and our mobile app include encrypted secure messaging. It's how we communicate with clients — and it's how we encourage you to communicate with us. If you send us an email, we'll typically respond through secure messaging instead.
We don't force anyone to use it — but we do recommend it. Your financial information is too important to be sitting in an email inbox alongside marketing newsletters and spam.
This is also why the mobile app matters. With secure messaging on your phone, you can reach us instantly — and everything stays encrypted, end to end.
We use artificial intelligence to help improve our services — from report writing to compliance checks. But we have clear policies on how AI is used in relation to client data.
Client databases and sensitive personal information are not fed through AI systems. Where we use AI, it's applied to processes and workflows, not to your personal data directly. We have a dedicated AI specialist on the team with a Master's degree in Artificial Intelligence, and our approach is evidence-based and ethics-led.
We believe AI should make things better for clients — but never at the expense of their privacy or security.
Security is a partnership. We do everything we can on our side — but some of the most effective protections are in your hands.
If you haven't already, switch it on. It takes 30 seconds and it's one of the single most effective things you can do to protect your accounts — not just with us, but everywhere.
Send us documents, questions, and sensitive information through the Wealth Portal or mobile app — not email. It's encrypted and it's there for a reason.
We will never ask you for passwords, login details, or bank information by email. If you receive anything that looks like it's from us asking for this, it isn't. Contact us directly.
Use strong passwords, keep your phone and computer updated, and don't share login credentials. The best security in the world can't protect you if someone else has your password.
If you have any concerns about how your data is protected, we're happy to talk through our approach in detail.
Get in Touch