Privacy Policy
Your privacy and data security are our top priorities. Learn how we protect and handle your information.
Last updated: March 2026
Privacy at a Glance
Secure by Design
HTTPS (TLS) between your browser and our servers; passwords hashed with bcrypt; sessions in httpOnly cookies
Full Transparency
Clear information about data collection and use
Your Control
Manage your privacy settings and data access
Introduction
William Roberts Coaching and Advisory Ltd ("we", "us", or "our"), a company incorporated in England (company number 15629688), operates NHS Financial Planner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
We take your privacy seriously and have implemented robust measures to protect your personal information while providing you with a valuable service for managing your NHS pension and financial documentation.
Jurisdiction and Governing Law
This Privacy Policy is governed by English law. Any disputes arising from or related to this policy will be subject to the exclusive jurisdiction of the courts of England and Wales. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Information We Collect
Personal Information
- Name and contact information
- NHS employment details
- Email address
- Password (hashed with bcrypt; not stored in plain text)
- Payment information (processed securely by Stripe)
- Professional registration numbers (where applicable)
- Employment history and workplace details
Usage Information
- Log data and device information
- Usage patterns and preferences
- Uploaded documents and analysis results
- Communication preferences
- IP addresses and browser information
- Session duration and interaction data
Cookies and Tracking
This section is our cookie policy. We use cookies and similar technologies (including local storage where noted) to provide and improve our service. You have full control over non-essential cookies through our cookie consent banner and settings.
Essential Cookies (Always Active)
These cookies are strictly necessary for the operation of our website. They enable core functionality such as security, network management, and accessibility.
- Authentication: Session tokens, login status, CSRF protection
- Security: Secure connection management, fraud prevention
- Functionality: Language preferences, accessibility settings
- Cookie Consent: Your cookie preference choices
Legal Basis: Legitimate interest - These cookies are essential for the website to function properly.
Functional Cookies
These cookies allow the website to remember choices you make and provide enhanced, more personal features.
- Remembering your calculator preferences and settings
- Storing your display preferences (dark mode, layout)
- Personalizing content based on your professional role
Legal Basis: Consent - You can enable or disable these cookies through our cookie settings.
Analytics Cookies
We use reliability and performance telemetry to improve the service and diagnose issues. Where optional analytics is in use, we request consent through cookie preferences.
- Sentry: Error tracking, performance traces, and (where enabled) Session Replay — replays may capture interactions on the site with text and media masked; sampling depends on configuration
- PostHog: Product analytics (we use the EU-hosted endpoint when configured); we limit automatic capture and rely on explicit events and page views
- Page views, session duration, and user journeys
- Feature usage and engagement metrics
- Performance and load time measurements
Legal Basis: Service reliability and consent-based analytics as configured in cookie settings.
Retention: Retention varies by system and provider configuration.
Marketing Cookies
We currently do not use marketing cookies.
Currently, we do not use marketing cookies. If we introduce them in the future, we will update this policy and require your explicit consent.
Managing Your Cookie Preferences
You have several options to control or limit cookie usage:
- Cookie Banner: When you first visit our site, you can choose to accept all, reject all, or customize your preferences
- Change preferences later: Use in the footer on any page, or the button below — the banner then stays hidden unless you open settings again.
- Browser Settings: Most browsers allow you to refuse or delete cookies through their settings
Note: Blocking all cookies may affect your ability to use certain features of our website.
Third-Party Cookies
We use the following third-party services that may set cookies:
- Stripe (Payment Processing): Essential for secure payment processing and fraud prevention
- Sentry (Monitoring): When analytics consent is on — errors, performance, and optional Session Replay
- PostHog (Product Analytics): When analytics consent is on — cookies and local storage for product analytics (EU-hosted when configured)
These services have their own privacy policies and may collect information as described in their respective policies.
How We Use Your Information
We use your information to:
- Provide and maintain our services
- Process your payments and subscriptions
- Send you important updates and notifications
- Improve our services and user experience
- Analyse document contents for pension and financial insights
- Respond to your inquiries and support requests
- Comply with legal obligations
- Prevent fraud and abuse
- Enforce our terms of service
Artificial intelligence and other processors
Core features use third-party AI and infrastructure providers. Depending on how you use the service, we may send content to these providers for processing (for example prompts, chat messages, document text or excerpts, and related context). Providers act as processors under their own terms and privacy policies.
AI providers
- OpenAI (OpenAI API) — document analysis, chat, embeddings, and (where applicable) web-augmented or search responses. This is our primary AI provider.
- Perplexity AI — used as a fallback for real-time or web-grounded answers when configured (for example when OpenAI search is unavailable or times out).
Before sending text to external AI services, we apply best-effort automated redaction of common personal-identifier patterns (for example styles of NI numbers, NHS numbers, dates of birth, email addresses, phone numbers, and postcodes) where that pipeline is enabled. This is not a guarantee that all sensitive or special-category data will be removed. Only upload or enter what you need for your use.
AI processing may involve transfer and storage outside the UK (including the United States), depending on the provider’s infrastructure and configuration. Where we rely on such transfers, we use appropriate safeguards (such as the UK International Data Transfer Agreement / Addendum or the provider’s approved mechanisms) where applicable.
Subprocessor register
The table below lists organisations that process personal data on our behalf or provide material parts of our infrastructure. We may update this list as our suppliers change; check this page for the latest version.
| Subprocessor | Role |
|---|---|
| OpenAI | AI processing (document analysis, chat, embeddings, search-augmented responses where configured) |
| Perplexity AI | AI processing (fallback for real-time or web-grounded answers when configured) |
| Stripe | Payment processing, billing, and subscription management |
| Resend | Transactional email delivery (e.g. account, subscription, notifications) |
| Sentry (Functional Software Inc.) | Error and performance monitoring; optional Session Replay when you consent to analytics cookies |
| PostHog | Product analytics when you consent (we typically use the EU-hosted instance when configured) |
| DigitalOcean | Cloud hosting for our application; when cloud file storage is enabled, DigitalOcean Spaces (S3-compatible object storage) stores uploaded documents and other files |
| Neon (or other managed PostgreSQL provider) | Managed PostgreSQL database hosting for application and account data; we may use Neon or another managed PostgreSQL service depending on deployment |
| Redis | Caching, rate limiting, and coordination of background jobs (self-hosted or a managed Redis service depending on deployment) |
Software libraries and frameworks we run on our own infrastructure (for example our web application stack) are not listed here unless they receive personal data as a separate cloud service on their own terms.
Data Security
We implement technical measures to protect your personal information, including:
- HTTPS (TLS): encrypts data between your device and our website and APIs
- Passwords: stored as bcrypt hashes, not plain text
- Sessions: signed JWTs in httpOnly cookies
- Database: PostgreSQL; our application requires TLS to the database in production (
sslmode=require) - Access control: authentication required for account data; role-based controls for administrative features
- Logging: selected actions (e.g. document sharing, subscription and security events) are logged for support and security review
- Payments: card data handled by Stripe under their standards; we do not store full card numbers on our servers
- Encryption at rest:provided by our hosting and database providers where they offer it — we do not operate a separate "end-to-end" encryption layer for file contents
We review and improve security as the service evolves. We do not list specific audit or penetration-test schedules here; ask us if you need detail for procurement or risk assessment.
Data Retention and Deletion
We retain your personal information for as long as necessary to provide our services and comply with legal obligations. You can request deletion of your account and associated data at any time. Upon deletion request:
- Your account will be deactivated immediately
- Personal data will be deleted within 30 days
- Backup data will be removed within 90 days
- Anonymized analytics data may be retained
Your Rights Under GDPR
Under the UK GDPR, you have the right to:
- Access your personal information
- Correct inaccurate information
- Request deletion of your information
- Object to processing of your information
- Receive a copy of your information
- Withdraw consent at any time
- Lodge a complaint with the ICO
- Request restriction of processing
- Data portability
To exercise any of these rights, please contact our Data Protection Officer using the contact information below. We will respond to your request within 30 days.
Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of our service after such changes constitutes your consent to the updated policy.
Questions About Privacy?
If you have any questions about this privacy policy or how we handle your data, please contact us.