planbot Privacy Policy
Effective date: 10 September 2025
1. Who We Are
Ammonite Wealth Ltd (company no. 11744099) provides Planbot, a SaaS platform for financial advice firms.
- We are the data controller for personal data relating to our business customers and their authorised users (e.g., login credentials, account data).
- We act as a data processor when processing any client personal data on your behalf within Planbot.
2. Data We Process
We process the following categories of personal data:
- 2.1 Account Data – Names, business contact details, login credentials.
- 2.2 Usage Data – Audit logs, service performance metrics.
- 2.3 Template Data – Content of templates and documents you build.
- 2.4 Client Data – Personal data about your clients entered into Planbot to generate outputs.
Client Data Handling:
- Client personal data is processed in-memory and is not stored on our servers.
- Client personal data entered into Planbot to generate outputs is stored temporarily in the browser via Redis cache and Redux session storage (persisted cache). This allows data to survive page reloads and navigation within an active session. Data is not stored on Processor servers and is cleared automatically on logout, session reset, or account closure.
- All data is encrypted in transit (TLS 1.2+) and processed securely.
3. Lawful Basis for Processing
- Contract (Article 6(1)(b)) — to deliver our services.
- Legitimate interests (Article 6(1)(f)) — for service improvement, troubleshooting, and security.
4. Sub-Processors and International Transfers
We use the following sub-processors:
| Sub-Processor | Purpose | Location | Safeguards |
| OpenAI, LLC | AI text generation (language models) | United States |
UK Addendum to EU Standard Contractual Clauses (SCCs) under OpenAI API DPA; data encrypted in transit; opted out of model training |
| Deepgram, Inc. | Speech-to-text transcription | United States |
UK Addendum to EU SCCs under Deepgram DPA; data encrypted in transit and at rest; opted out of model training |
| Google Cloud (europe-west2) | Hosting and storage of user templates | London, United Kingdom | Data stays in UK; encrypted at rest and in transit |
Data sent to OpenAI and Deepgram is only used to generate requested outputs and is not used to train their models.
5. International Transfers
Transfers to the US are safeguarded by UK Addendum to Standard Contractual Clauses (SCCs).
6. Security
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access controls and audit logging are in place.
- No personal data is used to train AI models.
7. Retention
- User Account Data: Retained while the account is active and up to 30 days after closure.
- Client Data: Not retained on our servers; retained on our servers; it persists temporarily in the browser session as described above and is cleared on logout or reset.
- Template Data: Stored while the account is active; removed when the account is closed unless explicitly exported by the user.
8. Your Rights
You have rights under UK GDPR to access, rectify, erase, restrict, or port your personal data, and to object to processing.
Contact us at: contact@ammonitewealth.com. We aim to respond within 1 month of receiving your request.
9. Complaints
If you are unsatisfied with our handling of your data, you may complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
10. Changes to this Privacy Policy
We may update this policy periodically. Any changes will be effective from the date published on Planbot or communicated via email.