Privacy Policy

MemberBridge (“we”, “us”, “our”) operates a governed AI platform that pension schemes and benefits providers (“Clients”) embed in their member portals. This policy explains how we handle personal data in connection with that service and with our own marketing and sales activities.

We are committed to handling personal data lawfully and transparently, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

MemberBridge Ltd is the data controller for personal data we collect about visitors to this website and prospective clients. For personal data belonging to pension scheme members that flows through our platform, we act as a data processor on behalf of our Clients, who are the data controllers.

Our registered address and contact details are available on request at privacy@memberbridge.io.

2. Data we collect and why

2a. Website visitors

When you visit this website we may collect:

• Technical data (IP address, browser type, pages visited, referrer) via server logs and analytics
• Contact details you voluntarily submit via our enquiry form (name, work email, organisation, message)

We use this to operate and improve the website, respond to your enquiry, and, where you have given permission, to send relevant communications about MemberBridge. Our lawful basis is legitimate interests for analytics and contract / consent for enquiry responses and marketing respectively.

2b. Clients and prospective clients

We collect names, work email addresses, job titles, and organisation details of individuals at pension schemes and professional services firms we deal with. We use this to manage our commercial relationship. Our lawful basis is contract and legitimate interests.

2c. Pension scheme member data (processor role)

When our platform is deployed by a Client, it processes personal data about that Client’s pension scheme members (including name, member reference, pension pot value, contribution rate, retirement date, and beneficiary information) solely to deliver the service. We do this as a data processor under a Data Processing Agreement with each Client.

We do not use member data for any purpose other than delivering the contracted service. Member data is never used to train AI models, shared with third parties for commercial purposes, or retained beyond the period agreed with the Client.

3. How we use AI

Our platform uses large language models (LLMs) to classify member intent and compose responses. Before any member data is passed to an LLM:

• Personally identifiable information (PII) is masked or tokenised at the trust boundary
• Only the minimum data required to compose a response is included
• Data is transmitted over encrypted channels and not retained by the model provider beyond the inference request

Clients select their preferred LLM provider and hosting model (cloud or on-premises) as part of their deployment configuration.

4. Cookies and tracking

This website uses strictly necessary cookies to operate correctly, and optional analytics cookies to understand how visitors use the site. We do not use advertising or cross-site tracking cookies. You can manage your cookie preferences at any time via the cookie banner or by adjusting your browser settings.

5. Data sharing

We share personal data only in the following circumstances:

• Service providers: hosting, email delivery, and analytics providers acting as processors under appropriate contracts
• Legal obligation: where required by law, regulation, or a court order
• Business transfer: in the event of a merger or acquisition, subject to equivalent privacy protections

We do not sell personal data.

6. International transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy decisions or the International Data Transfer Agreement). Clients who require data to remain within the UK or EEA can configure their deployment accordingly.

7. Retention

We retain website enquiry data for up to 24 months. Client contact data is retained for the duration of the commercial relationship plus a reasonable period thereafter. Member data processed on behalf of Clients is retained only as specified in the relevant Data Processing Agreement, and deleted or returned on termination.

8. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request erasure (“right to be forgotten”) where lawfully applicable
• Restrict or object to processing
• Data portability
• Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@memberbridge.io. We will respond within one calendar month. If you are a pension scheme member, please contact your scheme administrator in the first instance, as we process your data under their instruction.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit and at rest, role-based access controls, and regular security reviews. Further detail is available on our Security page.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to Clients directly. The effective date at the top of this page indicates when the current version was last revised.

11. Contact

For any privacy-related question or request: privacy@memberbridge.io