Privacy Policy – General


Bridgeweave is committed to maintaining the confidentiality, integrity and security of personal data, i.e., any information relating to an identified or identifiable natural person.


What information do we collect?


We collect, use and process certain personal data confidentially and in accordance with the General Data Protection Regulation (GDPR). 


We collect personally identifiable information about you through registration and use of our services and as provided by your employer, bank or wealth manager (together, your organisation). In addition, we use this information to make inferences about you, even if you have not expressly declared that information to us.


How do we use and share your personal data?


We will only ask you to provide us with a limited amount of personal information needed to provide a service to your organisation. We may share your personal data with third parties such as your organisation and our sub-contractors to provide the services.


Is your personal data kept secure?


All the personal data we collect is hosted on a private cloud. We take all appropriate technical and organisational measures to ensure the effective and secure processing of any personal data. 


We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.


What are your privacy rights? 


Where we are a data controller, you have a number of rights in respect of your personal data, including the right: 


  • to request access to, and copies of, the personal data that we hold about you
  • to require us to correct the personal data we hold about you if it is incorrect
  • to require us to erase your personal information, in certain circumstances
  • to require us to restrict our data processing activities, in certain circumstances
  • where our processing is based on your consent, the right to withdraw that consent
  • where the processing is carried out by automated means, to receive from us the personal data we hold about you which you have provided to us 
  • to object, on grounds relating to your particular situation, to any of our processing activities where you feel this has a disproportionate impact on your rights


Updates, retention and deletion


This Privacy Policy can be updated at any time.


We will retain your personal data for a minimum of seven years after the end of our relationship with your organisation, for our accounting, record-keeping and tax reporting requirements.  After that period, we will delete your personal data and retain only aggregated / anonymised information, for the purpose of improving our proprietary algorithms.


Questions and complaints


If you wish to raise a question or complaint about how we have used your personal data, you can contact us at:


If you are not satisfied with our response or believe we are processing your personal data unfairly or unlawfully, you can complain to the Information Commissioners Office (