Back to Home

Privacy Policy

Last updated: January 2026

Zero-Retention Architecture

Formal Bridge is built on a Zero-Retention Architecture. Creditor data uploaded to our platform is processed entirely in your browser. It is never transmitted to or stored on our servers. We store only the minimum metadata required for certificate verification.

1. Data Controller

Formal Bridge Ltd. is the data controller for personal data processed through this platform. We are registered in England and Wales.

Contact: privacy@formalbridge.com

2. Data We Collect

Data We Store

  • Account Data: Email address (for authentication via Clerk)
  • Certificate Metadata: Verification codes, calculation results, dates, IP names, input file hashes
  • Usage Data: Page views, feature usage (anonymised)

Data We Do NOT Store

  • Creditor Data: Names, addresses, claim amounts, classifications
  • Uploaded Files: Excel spreadsheets, CSV files
  • Case Details: Company names, case numbers, estate details

All creditor data is processed client-side and destroyed immediately after certificate generation.

3. How We Use Your Data

  • Authentication: To verify your identity and protect your account
  • Certificate Verification: To allow third parties to verify certificate authenticity
  • Service Improvement: Anonymised usage analytics
  • Communication: Service updates and important notices (you can opt out)

4. Third-Party Services

We use the following third-party services:

  • Clerk: Authentication (processes email, stores account data)
  • Supabase: Database hosting (stores certificate metadata)
  • Stripe: Payment processing (when payments are enabled)
  • Vercel: Website hosting

Each provider has their own privacy policy and complies with GDPR requirements.

5. Data Retention

  • Account Data: Retained while your account is active
  • Certificate Metadata: Retained for 7 years (regulatory compliance period for insolvency records)
  • Creditor Data: Not retained (processed client-side only)

6. Your Rights (GDPR)

Under the UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing

To exercise these rights, contact privacy@formalbridge.com

7. Cookies

We use only essential cookies required for authentication and platform functionality. We do not use advertising or tracking cookies.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), secure authentication, and regular security reviews.

Contact

For privacy enquiries, contact us at privacy@formalbridge.com