Privacy Policy

Last updated: 6 July 2026

This Privacy Policy explains how Funder Compass (the "Software Owner", "we", "us") handles personal information collected through the Funder Compass software platform (the "Service"). This policy is maintained by the Software Owner and describes app-visible practices; it is not a certification or independent audit.

1. Our role

For most information that flows through the Service — such as loan applicant details, borrower documents, valuations, and client contacts uploaded by a customer's staff — the customer (the "Controller") decides the purposes and means of processing and Funder Compass acts as a Processor on its behalf. We act as Controller only for information we collect directly to operate the Service (billing records, account credentials, support correspondence, telemetry).

2. Information we process

  • Account information: name, email, phone, role, profile settings.
  • Authentication data: password hashes and session tokens managed by our authentication provider.
  • Customer Data: loans, applicants, contacts, documents, drawdowns, inspections, tasks, checklists, activity log, and any files uploaded to the platform.
  • Operational data: log entries, timestamps, IP address, browser type, error reports.
  • Billing data: subscription plan, seat count, invoicing contact.

3. How we use it

  • To provide, secure, and improve the Service;
  • To authenticate users and enforce role-based access control;
  • To respond to support requests and Owner-panel inquiries;
  • To detect and prevent fraud, abuse, and security incidents;
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell personal information, and we do not use Customer Data to train third-party foundation models.

4. Legal bases

Where GDPR or similar laws apply, we rely on (a) performance of contract, (b) our legitimate interests in operating and securing the Service, (c) legal obligation, and (d) your consent for optional features (e.g. marketing communications).

5. Sharing and subprocessors

We use vetted subprocessors to host and operate the Service, including cloud hosting, managed database, email delivery, and error monitoring. Subprocessors are engaged under written data-protection terms and only process personal information on our documented instructions. A current subprocessor list is available on written request to the billing contact.

6. International transfers

Personal information may be processed in countries other than yours. Where required, we use lawful transfer mechanisms such as Standard Contractual Clauses.

7. Security

We implement industry-standard technical and organisational measures including encryption in transit, encryption at rest for the managed database and file storage, row-level security for tenant data isolation, hashed credentials, audit logging, and least-privilege access for staff. No system is perfectly secure and we cannot guarantee absolute security.

8. Retention

We retain Customer Data for as long as the subscription is active and for a limited wind-down period after termination, after which data is deleted from active systems. Backups follow a standard retention cycle. Specific retention periods can be provided on request.

9. Your rights

Depending on your jurisdiction you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal information. Where Funder Compass is a Processor, requests should be directed to the Controller (your organisation's Super Admin). Where we are Controller, contact us via the app or the billing email.

10. Cookies and analytics

We use strictly necessary cookies for authentication and session management. If analytics or product-usage telemetry is enabled, it is aggregated and used solely to operate and improve the Service.

11. Children

The Service is not directed to children under 16 and we do not knowingly process their personal information.

12. Changes

We may update this policy. Material changes will be posted in the app; the "Last updated" date at the top reflects the current version.

13. Contact

Privacy questions: use the "Requests" tab in the Super Admin Panel or write to the billing contact on file.