Privacy Policy

Last updated: 20 February 2026

1. Who We Are

Nubro ("we", "us", "our") is a UK-based B2B mortgage deal management platform that helps property finance brokers match deals with specialist lenders. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data controller contact: privacy@nubro.ai

2. Data We Collect

  • Account information — name, email address, and profile data provided during registration.
  • Deal data — borrower information, property details, loan parameters, and lender matches you create within the platform.
  • Email data — emails synced via Gmail or Microsoft integrations, including sender, recipient, subject, and body content.
  • Documents — files you upload to deals (stored in Vercel Blob Storage).
  • Usage data — IP address, browser type, pages visited, actions performed, and timestamps.

3. Lawful Basis for Processing

  • Contract — processing deal data and account information is necessary to provide our lender matching and deal management services.
  • Consent — AI-powered email classification and analysis is performed only with your explicit consent, which you can withdraw at any time via your account settings.
  • Legitimate interest — fraud prevention, abuse detection, platform security, and service improvement.

4. Third-Party Processors

We share data with the following processors, each operating under appropriate data processing agreements:

  • Anthropic — AI classification of emails and deal matching.
  • Google — Gmail integration for email sync.
  • Microsoft — Outlook/Microsoft 365 email integration.
  • Stripe — payment processing and subscription management.
  • Vercel — application hosting and blob storage for uploaded documents.
  • Sentry — error monitoring and performance tracking (PII is redacted before transmission).
  • Upstash — rate limiting infrastructure.

5. Your Rights

Under the UK GDPR, you have the right to:

  • Access your data — request a full export of your personal data via your account settings or by contacting us.
  • Erasure — request deletion of your account and all associated data. Deletion requests are processed with a 72-hour grace period to allow cancellation.
  • Restrict processing — manage your consent preferences for optional processing such as AI email classification.
  • Data portability — receive your data in a structured, machine-readable format (JSON).
  • Object — object to processing based on legitimate interest.

To exercise any of these rights, email privacy@nubro.ai or use the data management controls in your account settings. We will respond within 30 days.

6. Data Retention

  • Session data — deleted 30 days after session expiry.
  • Deal data — retained for 7 years in accordance with UK Financial Conduct Authority (FCA) record-keeping requirements.
  • Usage and audit records — retained for 2 years for security and compliance purposes.
  • Email data — retained until account deletion.

7. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), secure authentication with optional multi-factor authentication (MFA), rate limiting, and regular security audits. All data is processed within the EU/UK region.

8. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.