What data does Best Business Loans collect for AI matching?

We collect the information you provide in your Quick Quote, typically including company details (name, sector, years trading, turnover band), funding needs (purpose, amount, desired term), and contact details. We may enrich this with publicly available records (e.g., Companies House) to improve matching accuracy.

Do you sell my personal data?

No. We never sell personal data. We only share your information with relevant, vetted lenders or brokers to progress your enquiry, and with trusted processors who help us deliver our service securely.

Who do you share my data with?

With your permission, we introduce your enquiry to suitable UK finance providers (lenders or brokers) based on your profile and needs. We also use secure third-party processors for hosting, CRM, communications, analytics, and security. Providers act as independent data controllers for any information they receive.

Is my data secure and where is it stored?

We use encryption in transit (TLS) and at rest, apply access controls with multi-factor authentication, and follow secure development and monitoring practices. Data is stored in the UK or EEA where possible; if data is transferred internationally, appropriate safeguards such as Standard Contractual Clauses or the UK IDTA are used.

How long do you keep my information?

We retain enquiry records only as long as necessary to process your request and meet legal or audit obligations. Typical retention for enquiry data is up to 24 months, unless you ask us to delete earlier and no legal requirement prevents us from doing so.

Does the AI make automated lending decisions?

No. Our AI suggests suitable providers based on your profile and market criteria. All lending decisions, quotes and eligibility outcomes are made by the finance providers themselves, under their own policies and regulatory obligations.

What are my rights and how can I exercise them?

You have rights under UK GDPR, including access, rectification, erasure, restriction, portability, and objection. To exercise these rights or to change your preferences, email hello@bestbusinessloans.ai.

How is my data used, shared and kept secure during the AI matching process?

Short answer: your data powers matching, stays private, and is protected by strong security

We use only the data you provide to understand your business profile and match you with suitable UK lenders or brokers. We never sell your data and only share it with carefully selected finance partners relevant to your enquiry, and only with your permission. Your information is encrypted in transit and at rest, access is strictly controlled, and we follow UK GDPR and data protection best practice to keep it secure.

Best Business Loans is an independent introducer, not a lender. Our AI suggests potential matches and routes your enquiry efficiently, while regulated providers make any lending decisions.

This page explains, in plain English, exactly what we collect, how we use it, who we may share it with, and the security safeguards applied at every stage.

What we collect and why we collect it

The core details we ask for in your Quick Quote

To match you accurately, we request a small set of business details you input on our forms. Typical fields include company name, trading status, sector, years trading, turnover band, loan purpose, and the funding amount you’re looking for.

We also ask for contact information so relevant providers can follow up with you quickly and professionally. We minimise collection to what’s necessary for matching and introduction, and you control what you enter.

We may enrich your submission with publicly available data, such as Companies House records, to help identify suitable providers more precisely.

How our AI uses your information

Our AI looks for fit between your business profile and live criteria from our lender and broker network. It considers factors like sector appetite, typical deal sizes, security requirements, time trading, and loan purpose suitability.

The output is a shortlist of providers most likely to be relevant for your circumstances. This reduces time wasted on unsuitable applications and improves your chances of finding the right route.

Importantly, the AI does not approve or decline loans. It suggests options; lenders and brokers still apply their own underwriting and checks.

Lawful basis and fairness

We process your data under UK GDPR on the basis of legitimate interests and your consent when you submit an enquiry. This covers matching, introduction, and associated customer service.

Where marketing is involved, we only send updates if you explicitly opt in, and you can opt out at any time. We keep our communications clear, fair and not misleading, in line with FCA and ASA expectations for promotions.

We do not collect data about children and our services are for business users aged 18 and over.

We never sell your data

We do not sell personal data. We share it only to progress your enquiry with relevant, vetted finance partners, or with processors who help us provide our service securely.

Who we share your information with, and on what legal basis

Carefully selected lenders and brokers

With your permission, we introduce you to finance providers suited to your business needs. These may include specialist lenders, mainstream providers, and FCA-authorised brokers relevant to your sector.

Each introduction is purposeful and limited to providers likely to help. We never operate a blanket distribution model or share your data without a clear matching reason.

When we introduce you, those providers typically become independent data controllers for the information they receive, applying their own privacy policies and regulatory duties.

Our trusted processors (who help us run the platform)

We use secure third-party processors for hosting, CRM, communications, security monitoring, analytics, and form delivery. Each processor is bound by a written data processing agreement.

These processors are not permitted to use your data for their own purposes. They only process it on our instructions to deliver the service you requested.

We conduct due diligence on all critical vendors and review their security certifications and controls regularly.

Location of processing and international transfers

Where possible, we store and process data in the UK or EEA. If a partner or processor is located outside the UK/EEA, we use appropriate safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.

We assess the data protection regime of destination countries where required and apply supplementary measures where appropriate. We will always aim to minimise what is transferred and ensure lawful grounds exist.

If you prefer your data not to be transferred internationally, contact us and we will explain your options before proceeding.

Examples of sector-specific introductions

If you operate within healthcare, we may consider lenders experienced with NHS, private practice, or care home funding. You can learn more in our resource on healthcare business loans.

How we keep your data secure

Encryption, access control and secure development

Your data is encrypted in transit using TLS and at rest using strong encryption. We segment environments and apply least-privilege access with multi‑factor authentication for staff and administrators.

We follow secure development practices, change control, and code review. We log and monitor system activity to detect anomalous behaviour and apply timely patching.

Backups are encrypted and tested, and we define strict retention schedules to ensure data is not kept longer than necessary for the purposes described.

Risk management, testing and incident response

We conduct regular risk assessments and vendor reviews and maintain a Data Protection Impact Assessment for our AI matching process. Penetration testing and vulnerability scanning help us identify and fix weaknesses.

We operate a formal incident response plan, including escalation, containment, forensics, and user notification where legally required. We log incidents and learn from them to improve resilience.

If a notifiable breach were ever to occur, we would contact the ICO and affected users in line with UK GDPR and ICO guidance.

Data minimisation and retention

We keep your data only as long as needed to process your enquiry, maintain accurate records, and meet legal or audit requirements. Typical retention for enquiry records is up to 24 months, unless you ask us to delete sooner and no legal basis requires retention.

We minimise the data we collect and share and avoid sensitive categories unless required for finance assessment by a provider. You can ask us to correct or delete information at any time, subject to legal obligations.

When data is no longer needed, we securely erase or anonymise it following industry best practice.

Marketing preferences and cookies

We only send marketing with your consent, and you can opt out instantly via email footer or by contacting us. Our site uses cookies to function and to understand usage patterns.

Analytics is configured with privacy in mind and, where required, we will seek your consent before setting non‑essential cookies. You can change your cookie preferences at any time.

Your choices, rights and how to get started safely

Your privacy rights under UK GDPR

You have the right to access, correct, or delete your personal data, and to restrict or object to processing in certain circumstances. You can also request a copy of your data in a portable format.

Where processing relies on consent, you may withdraw it at any time. If you have concerns about our handling of your data, you can contact us or lodge a complaint with the ICO.

To exercise your rights, email hello@bestbusinessloans.ai and we will respond promptly.

Transparency, fairness and regulatory expectations

We aim to keep all communications clear, fair and not misleading in line with the FCA’s expectations for financial promotions and the ASA’s advertising rules. We are not a lender and do not give regulated financial advice.

Any quotes, rates or eligibility outcomes are provided by lenders or brokers and are subject to change and their own assessment. We do not guarantee approval or the lowest rate.

We may receive a commission from our partners if you proceed, but there is no obligation to accept any offer presented to you.

How to proceed with confidence

Before we share your details with any provider, we will explain the purpose of the introduction and who will contact you. We only introduce to partners who are relevant to your sector, loan type and funding need.

You can ask us to pause, delete or amend your enquiry at any time. If you want your details shared with only one provider, or none at all, just tell us.

When you’re ready, you can complete a Quick Quote in minutes. It’s free, secure, and there is no obligation to proceed.

Key takeaways

We use your data to match you with relevant UK finance providers and to manage your enquiry.
We never sell your data and only share it with vetted partners with your permission.
Your data is encrypted, access is restricted, and we follow UK GDPR best practice.
You control your preferences and can exercise your rights at any time.
Our AI suggests options; lenders and brokers make lending decisions.

Updated: October 2025

Ready to explore options? Submit your Quick Quote to see which providers may be a good fit. It’s fast, secure and without obligation.