Everything Equiscore holds about you is there because you put it there, and it stays only as long as you want it to. You have full control over what we hold, what we analyse, and who we share it with.
This page explains what we store, how we protect it, and the rights you have over it.
How consent works
Every connection, every document, every share requires an explicit action from you. We do not pull data in the background, share your profile automatically, or enrol you in anything you did not ask for.
Open banking access is authorised by you directly with your bank. You choose which account to connect and can disconnect at any time. We receive read-only access and nothing else.
Documents and supporting evidence are uploaded by you. Nothing is added to your portfolio without your action. You can review and remove anything at any time.
Your Trust Portfolio is private by default. It is only visible to someone you have explicitly shared it with. You set the terms and can revoke access at any point.
What we hold
We hold the minimum data required to produce a meaningful, verified Trust Portfolio. We do not collect or retain data beyond that purpose.
Name, date of birth, address and the documents you submitted to verify your identity. This is the minimum required to operate a verified profile.
Read-only bank transaction history retrieved via open banking. This data is used to analyse your financial behaviour and produce your verified modules. It is not sold, shared with third parties, or used for advertising.
Any documents you choose to upload, such as tenancy agreements or bills. These are stored only while they are part of your active Trust Portfolio. You can remove them at any time.
Your verified score, module results, and Portfolio Strength over time. This is the record that institutions see when you share your profile with them.
How we protect it
Financial data requires a higher standard of care than most. These are the specific commitments we make.
All data we hold is encrypted at rest using industry-standard encryption. All data transmitted between your device and our servers is encrypted in transit via TLS. Your data is never transferred in plain text.
We do not handle your banking credentials. Your bank authentication happens directly between you and your bank. We connect via FCA-authorised open banking infrastructure that is independently regulated and audited.
Your personal data and financial information are not sold to third parties. They are not used for profiling, advertising, or shared with any organisation outside of what is necessary to operate your Trust Portfolio.
Internal access to your data is restricted, logged, and subject to regular review. We operate on a least-privilege basis, meaning staff only access the data their role requires.
Your rights
These are not optional extras. They are legal requirements that we are obliged to honour and that you are entitled to exercise at any time.
You can request a copy of all personal data we hold about you at any time. We will provide it within 30 days.
You can close your account and request deletion of your data. We will remove your personal information from our systems within 30 days, subject to any legal obligations we are required to meet.
If any information we hold about you is inaccurate, you can request a correction. We will review and update the record.
You can disconnect your open banking connection at any time. You can also withdraw consent for us to process your data by closing your account. Withdrawing consent will affect the completeness of your Trust Portfolio.
You have the right to object to certain types of processing of your data. Where we rely on legitimate interests rather than consent, you can raise an objection and we will review it.
To exercise any of your rights, contact us at privacy@equiscore.app. We will respond within the timeframes required under UK GDPR.
The people who use Equiscore are already navigating difficult situations.
The last thing they need is a platform they cannot trust with their financial data. We take that seriously. Not because we are required to, but because this product only works if the people who need it most feel safe using it.
Your data is not the product. It is the asset we are here to protect.
Everything is encrypted, private by default, and entirely in your control.