Privacy Policy

Last updated: April 2026

1. Who we are

FundLens ("we", "us", "our") operates the website at fundlens.co.uk. We provide an independent data and comparison service for UK investors. We are the data controller for personal data collected through this website.

We are not authorised or regulated by the Financial Conduct Authority (FCA) and do not provide financial advice. This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data we collect

We collect the following categories of personal data:

Account data

  • Email address — collected when you register for an account.
  • Password — stored as a cryptographic hash. We never store your password in plain text.
  • Account creation date and last login timestamps.

Billing data

  • Payment processing is handled entirely by Stripe. We do not receive, process, or store your card number, expiry date, or CVV — these never touch our servers.
  • We store a Stripe customer ID and subscription status to manage your access to paid features.
  • We store your subscription plan, status, and billing period dates.

Usage data

  • Standard server access logs including IP address, browser type, pages visited, and timestamps — collected automatically for security and performance monitoring.
  • Session data — we use a session cookie to keep you authenticated while you use the site.

Data we do not collect

  • We do not collect your name, address, phone number, or date of birth.
  • We do not collect information about your investment portfolio or financial position.
  • We do not use advertising cookies or tracking pixels.
  • We do not collect data from social media profiles.

3. Lawful basis for processing

We process your personal data under the following lawful bases as defined by UK GDPR:

  • Contract — processing your account data and billing data is necessary to provide you with the subscription service you have signed up for.
  • Legitimate interests — processing server logs and session data to maintain the security, performance, and integrity of our service.
  • Legal obligation — retaining certain billing records as required by applicable law (e.g. for tax and accounting purposes).

4. How we use your data

  • To create and manage your account.
  • To verify your subscription status and provide access to paid features.
  • To send transactional emails (e.g. account confirmation, password reset, billing receipts). We do not send marketing emails.
  • To detect, investigate, and prevent fraud, abuse, or security incidents.
  • To maintain the performance and security of the service.
  • To comply with our legal obligations.

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising or marketing profiling.

5. Third-party processors

We share data with the following carefully selected processors, each of whom is bound by their own data protection obligations:

  • Supabase — provides our authentication system and database hosting. Data is stored on servers in the EU. Subject to Supabase's Privacy Policy.
  • Stripe — processes subscription payments. Subject to Stripe's Privacy Policy. Stripe is certified to the UK extension of the EU-US Data Privacy Framework.
  • Vercel — hosts our web application and serves the website. May process IP addresses and request data in the course of delivering the service. Subject to Vercel's Privacy Policy.

We do not use any advertising networks, analytics platforms, or social media tracking tools.

6. Cookies

We use only essential cookies necessary for the site to function. We do not use advertising, tracking, or analytics cookies. For full details, see our Cookie Policy.

  • Authentication cookie — keeps you logged in during your session. This is strictly necessary for the service to function.

7. Data retention

  • Account data is retained for as long as your account is active.
  • If you request deletion of your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. billing records for tax purposes, which we retain for 7 years in accordance with HMRC requirements).
  • Server access logs are retained for up to 90 days for security purposes, then deleted.

8. Your rights under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request that we correct inaccurate or incomplete data.
  • Right to erasure — you may request deletion of your personal data ("right to be forgotten"), subject to our legal obligations.
  • Right to restrict processing — you may request that we limit how we use your data in certain circumstances.
  • Right to data portability — you may request a copy of your data in a structured, machine-readable format.
  • Right to object — you may object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at privacy@fundlens.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include encrypted connections (HTTPS), hashed password storage, and restricted access to production systems. However, no internet transmission is completely secure and we cannot guarantee absolute security.

10. Children's privacy

FundLens is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. The updated policy will show a revised "Last updated" date. Continued use of the service after changes take effect constitutes your acceptance of the revised policy.

12. Right to complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concerns directly first.

13. Contact

Questions about this policy or our data practices? Email us at privacy@fundlens.co.uk.