How Funds Benchmark collects, uses, stores, and protects your personal data across our website and iOS app — in accordance with UK GDPR and the Data Protection Act 2018.
This privacy policy explains how Funds Benchmark ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at fundsbenchmark.com and our Funds Benchmark iOS mobile application (together, the "Platform"). We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data controller: Storm Digital Advertising Ltd, trading as Funds Benchmark
Contact email: support@fundsbenchmark.com
We collect the following categories of personal data:
Account information. When you register for an account, we collect your name, email address, and password (stored as a salted hash; never in plain text). If you subscribe to a paid plan, we collect billing information including your payment card details, which are processed by our payment provider Stripe and are not stored on our servers.
Sign in with Apple and Google Sign-in. If you sign in using Apple or Google on the iOS app or website, we receive your name and email address from that identity provider. We never receive your password.
User-generated content. When you use the Platform, we store the funds you add to your watchlist, the comparison sets you save, the synthetic portfolios you build, and your app preferences (such as chart period and notification settings). This data is stored against your account so it can sync across your devices.
Usage data (website only). When you use our website, we automatically collect information about your activity, including pages visited, funds searched and viewed, comparisons made, screener filters applied, and the dates and times of your visits. This data helps us improve the website. Our iOS app does not collect usage or analytics data — no page views, feature usage, or behavioural telemetry is transmitted from the app.
Device and technical data. On the website we collect your IP address, browser type and version, operating system, device type, and screen resolution. On the iOS app we collect only your IP address (inherent in any HTTP request) and a static User-Agent string identifying the app version; no device identifier, IDFA, advertising ID, or analytics event is transmitted.
Authentication token (iOS app only). When you log in on the iOS app, we issue an authentication token that is stored securely in the iOS Keychain on your device. This token is used to keep you logged in and is never exposed to other apps on your device.
Communications. If you contact us by email or through the Platform, we retain the content of those communications along with your email address to respond to your enquiry and improve our support.
We use your personal data for the following purposes:
To provide the Platform. Processing your registration, authenticating your login sessions, delivering fund data and AI-generated analysis, and managing your subscription and payments. Legal basis: performance of our contract with you.
To improve the Platform. Analysing usage patterns to understand which features are most valuable, identifying bugs and performance issues, and informing product development decisions. Legal basis: our legitimate interest in improving our services.
To communicate with you. Responding to support enquiries, sending service-related notifications (such as subscription confirmations or material changes to the Platform), and, where you have opted in, sending product updates or newsletters. Legal basis: performance of our contract (for service communications) and your consent (for marketing communications).
To ensure security. Detecting and preventing fraud, unauthorised access, and other security threats. Legal basis: our legitimate interest in protecting our Platform and users.
To comply with legal obligations. Where required by law, regulation, or legal process. Legal basis: compliance with a legal obligation.
On the website we use:
Strictly necessary cookies. Required for the website to function — for example, to keep you logged in during a session. These cannot be disabled.
Analytics cookies. Used to understand how visitors interact with the website. We use these to measure traffic, identify popular content, and improve the user experience. You can opt out through the cookie banner displayed on your first visit.
Payment cookies. Set by our payment provider Stripe when you make a purchase. These are necessary to process your payment securely.
We do not use advertising or tracking cookies, and we do not serve third-party advertisements on any part of the Platform.
We do not sell your personal data to third parties. We share data only in the following limited circumstances:
Payment processing. Billing and payment card information is shared with Stripe, our payment processor, solely for the purpose of processing your subscription payments. Stripe's privacy policy is available at stripe.com/privacy.
Hosting and infrastructure. The Platform is hosted on third-party servers. Our hosting providers process data on our behalf under data processing agreements that require them to protect your data in accordance with applicable law.
AI analysis (Anthropic). When you request an AI-generated forecast or comparison summary, our server calls the Anthropic Claude API to generate the analysis. We send only fund data (performance, allocations, holdings) and generic market context. Your personal data — name, email, account ID, watchlist, or any other identifier — is never sent to Anthropic. Anthropic does not retain or train on this data under their API terms.
Legal requirements. We may disclose personal data where required by law, regulation, court order, or governmental authority.
We retain your personal data for as long as your account is active or as needed to provide you with the Platform. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes (in which case it will be retained for up to 7 years and then deleted).
Usage and analytics data is retained in anonymised, aggregated form and is not linked back to individual users after account deletion.
Under UK GDPR, you have the following rights:
To exercise any of these rights, contact us at support@fundsbenchmark.com. We will respond within 30 days.
We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit (TLS/SSL), encrypted storage of passwords, access controls limiting data access to authorised personnel, and regular security reviews.
No system is completely secure. If you become aware of any security vulnerability or suspect unauthorised access to your account, please contact us immediately at support@fundsbenchmark.com.
Your data is primarily processed within the United Kingdom and the European Economic Area. Where data is transferred outside the UK/EEA (for example, to infrastructure providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office.
The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting a notice on the Platform or by email. The "last updated" date at the top of this page indicates when the policy was most recently revised.
If you have questions about this privacy policy or our data practices, or if you wish to make a complaint, please contact us:
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.