PortfolioCloud Legal Notices

Privacy Notice

How PortfolioCloud handles personal data

This notice explains how PortfolioCloud handles personal data in the primary web platform and in the UK SECCL integration flow. It is written for platform customers, advisers, administrators, and anyone whose data is supplied to PortfolioCloud through a customer deployment.

Last updated: 12 March 2026

Role we play

For UK client, account, portfolio, and trading data imported from SECCL, PortfolioCloud generally acts as a processor on behalf of the customer firm using the platform. That customer decides why the data is collected and what lawful basis applies.

PortfolioCloud may act as a controller for its own operational data, including user accounts, authentication records, security logs, service communications, and session recordings where those features are enabled.

Personal data we process

  • Customer-supplied client and account data, including identifiers, portfolio holdings, model allocations, trading instructions, and generated advice outputs.
  • Platform user data, including names, email addresses, roles, login/session identifiers, and access permissions.
  • Operational and security data, including audit events, request metadata, and issue investigation records.
  • Session recording data where policy-enabled for walkthroughs, support, or quality review.

Why we process it

  • To ingest SECCL data, build portfolio views, support rebalancing, and generate recommendations and advice documents.
  • To authenticate users, enforce permissions, and keep the service secure.
  • To maintain auditability, detect incidents, and investigate operational issues.
  • To deliver customer-requested support, onboarding, and service improvements.

Where the data goes

Depending on the feature being used, data may be stored in PortfolioCloud application databases, workflow payload storage, generated document stores, and audit or diagnostic systems. PortfolioCloud also uses third-party service providers to host infrastructure, authenticate users, and support document generation.

UK data imported from SECCL can move beyond the initial feed and into internal client records, rebalance workflow payloads, recommendation datasets, generated advice documents, and audit records where required for service delivery.

Retention

PortfolioCloud applies retention periods by data type. Audit logs are retained for a short security window, session recordings are retained for a limited review window, and customer content is retained in line with contractual instructions, operational needs, and platform lifecycle controls.

More detailed retention rules are maintained in the internal UK GDPR compliance pack and, where PortfolioCloud is acting as processor, under the customer’s documented instructions.

Your rights

If your data is held in PortfolioCloud through a customer firm, contact that firm first. They are usually the controller for that data and can validate your request. PortfolioCloud supports its customers with access, correction, deletion, restriction, and related requests where required by contract and law.

If you are a PortfolioCloud customer user and your request relates to your own platform account or operational data, use your normal support channel or the contact route provided in your service agreement.

Cookies and similar technologies

PortfolioCloud uses essential cookies and similar technologies to run the service, keep users signed in, secure embedded integrations, and support optional session recording features. Details are in the Cookie Notice.