Privacy Policy

Last updated: 27 May 2026

1. Introduction

Wealthstone ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, request access to our platform, or otherwise interact with us.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are the data controller responsible for your personal data.

2. Who we are

The data controller is Wealthstone. If you have any questions about this Privacy Policy or our use of your personal data, please contact us at legal@wealthstone.com.

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: name, email address, telephone number, LinkedIn profile URL, and company or organisation name.
  • Professional data: job title, industry, and information about your role or organisation.
  • Communication data: messages you send us via contact forms, email, or other correspondence.
  • Technical data: IP address, browser type and version, time zone, device information, and usage data collected through cookies and similar technologies.
  • Platform data: where you use our services, we may process financial documents, portfolio information, and related data you choose to upload or connect to the platform.

We do not intentionally collect special category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, or health information) unless you voluntarily provide it and we have a lawful basis to process it.

4. How we use your personal data

We use your personal data for the following purposes:

  • To respond to enquiries and process access requests.
  • To provide, operate, and improve our platform and services.
  • To communicate with you about our services, updates, and support.
  • To comply with legal and regulatory obligations.
  • To protect the security and integrity of our systems.
  • To analyse website usage and improve user experience.

5. Lawful bases for processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

  • Consent: where you have given clear consent, for example when submitting a request form or accepting non-essential cookies.
  • Contract: where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • Legitimate interests: where processing is necessary for our legitimate interests (such as improving our services, preventing fraud, or communicating with prospective clients), provided your interests and fundamental rights do not override those interests.
  • Legal obligation: where we need to comply with applicable law or regulation.

6. Sharing your personal data

We do not sell your personal data. We may share your data with:

  • Service providers who assist us with hosting, analytics, email delivery, customer support, and security (acting as data processors under contract).
  • Professional advisers such as lawyers, accountants, or auditors where reasonably necessary.
  • Regulators, law enforcement, or other authorities where required by law or to protect our legal rights.
  • A successor entity in the event of a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We require all third parties to respect the security of your personal data and to process it in accordance with applicable data protection law.

7. International transfers

Your personal data may be transferred to, stored at, or processed in countries outside the United Kingdom. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements, adequacy regulations, or other mechanisms approved under UK GDPR.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods depend on the nature of the data and the purpose of processing. When data is no longer required, we securely delete or anonymise it.

9. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to request deletion of your personal data in certain circumstances.
  • Right to restrict processing — to request that we limit how we use your data.
  • Right to data portability — to receive your data in a structured, commonly used format.
  • Right to object — to object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making — including the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, where applicable.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at legal@wealthstone.com. We will respond within one month, as required by law. We may need to verify your identity before processing your request.

10. Cookies

Our website may use cookies and similar tracking technologies to improve functionality and analyse usage. Essential cookies are necessary for the website to operate. Non-essential cookies, where used, will only be placed with your consent where required by law.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS 1.2 or higher) and at rest (AES-256), access controls, and regular security reviews. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

12. Children

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Where changes are material, we will take appropriate steps to notify you.

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at legal@wealthstone.com.