Privacy Policy
Last updated: 15 May 2026
1. Who we are
ParaHub is the data controller for the personal data we collect about you through this platform. This policy explains what data we hold, why we hold it, and what rights you have.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What data we collect
The personal data we collect falls into the following categories:
- Account data: your name, email address, password (stored as a hash), and the role you sign up under (adviser or paraplanner).
- Profile data: the information you choose to publish on your ParaHub profile, including your headline, bio, qualifications, specialisms, software experience, day rate, availability, and avatar image.
- Messages: messages you send and receive through our inbox, and the related metadata (timestamps, who sent what to whom).
- Usage data: information about how you use the platform, such as pages visited, features used, and approximate location derived from your IP address.
- Verification documents: where you choose to verify your account, the documents you upload (for example, qualification certificates) and the outcome of the review.
3. Lawful basis
We rely on the following lawful bases under UK GDPR:
- Contract: we process your account, profile, and messaging data so we can provide the ParaHub service to you.
- Legitimate interests: we process usage data and audit logs to keep the platform secure, prevent abuse, improve features, and meet our regulatory obligations.
- Consent: we rely on consent for non-essential cookies and for any optional marketing communications. You can withdraw consent at any time.
- Legal obligation: we may process data where the law requires it (for example, to respond to a valid law enforcement request).
4. How we use your data
- To create and manage your account.
- To show your profile to other users in the directory (paraplanners only).
- To enable advisers and paraplanners to message each other.
- To send transactional emails (sign-in confirmations, notification summaries).
- To detect, investigate, and prevent abuse, fraud, and breaches of our terms.
- To improve and develop the platform.
5. How long we keep it
We retain data for different periods depending on its purpose:
- Profile and account data: retained for as long as your account is active. If you delete your account, we remove personal identifiers within 30 days, except where retention is required for the periods set out below.
- Messages: retained for 2 years from the date each message was sent, then deleted.
- Audit logs: retained for 7 years, to meet regulatory expectations and to support investigations of misuse.
- Verification documents: retained for the duration of your account plus 12 months after closure.
6. Sharing
We use a small number of trusted suppliers to operate the platform, including Supabase (database and authentication), our email provider, and our analytics provider. These suppliers process personal data on our behalf and only under our instructions.
We do not sell your personal data. We may share data with regulators or law enforcement where we are legally required to do so.
7. International transfers
Where suppliers process data outside the UK, we ensure that an appropriate safeguard is in place, such as the UK International Data Transfer Agreement or an adequacy decision.
8. Your rights
Under UK GDPR you have the following rights:
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct information that is inaccurate or incomplete.
- Erasure: ask us to delete your data, subject to the retention periods set out above.
- Portability: request a machine-readable copy of the data you have provided so you can move it elsewhere.
- Objection and restriction: object to processing based on legitimate interests, or ask us to restrict processing while a query is investigated.
- Withdraw consent: where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, email privacy@parahub.co.uk. We will respond within one month.
9. Security
We use industry-standard technical and organisational measures to protect your data, including encryption in transit, role-based access controls, and regular review of our systems. No service is completely free of risk, so please pick a strong password and let us know if you suspect a problem with your account.
10. Complaints
If you are not happy with how we have handled your data, please contact us first and give us the chance to put it right. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
11. Contact
For privacy questions, data requests, or to update your details, email privacy@parahub.co.uk.