How is my data used, shared and kept secure during the AI matching process?

Short answer: we use only the data we need to match you with suitable UK lenders and brokers, share it only with relevant, vetted partners, and protect it with strong security controls. We never sell your data, and you remain in control of how it’s used.

Why this matters

Best Business Loans is an independent introducer, not a lender, and our role is to help you find the right finance providers faster. That means handling your business information responsibly, fairly, and transparently. This page explains exactly what we collect, why we collect it, who may see it, and how we keep it secure.

Important notices

We aim to follow the FCA’s “clear, fair and not misleading” standard for financial promotions. We also follow UK GDPR and the Data Protection Act 2018. Nothing on this page constitutes financial advice; you stay in control and there is no obligation to proceed.

Updated

Updated October 2025.

1) What data we collect and why

Core business details

When you complete a Quick Quote, Decision in Principle, or Eligibility Check, we request core facts about your company. Typical fields include business name, company number, trading address, sector, time trading, and contact details. These are essential to confirm who you are and to assess lender fit.

Finance needs and purpose

We ask what you need funding for, how much you seek, and indicative timeframe. Lenders and brokers match appetite and products to these details. Clear purpose data helps reduce mis-matches and speed up introductions.

Financial snapshot

We may ask for turnover, profit range, VAT status, number of employees, existing borrowing, and any credit events such as CCJs. These signals help our AI narrow options to providers that are actively lending to similar profiles. We do not collect more than we need for matching.

Directors and ownership

Some lenders require director names, shareholdings, and contact details. This allows early-stage screening and smooth handover if you choose to proceed. We will never publish this information.

Optional documents and Open Banking

In some cases, lenders or brokers may request management accounts, bank statements, or VAT returns. If Open Banking is relevant, it is always optional and handled via a regulated provider with your explicit consent. We never ask for online banking passwords.

Lawful basis

Our primary lawful basis is legitimate interests: to assess eligibility and introduce you to suitable finance providers. Where required by law or best practice, we seek your consent, for example for marketing or Open Banking. You can withdraw consent for marketing at any time.

2) How the AI matching uses your information

Purpose-built matching, not surveillance

Our AI uses the information you submit to compare your profile with lenders’ typical criteria. It looks at signals such as sector, trading history, loan purpose, amount, and affordability indicators. The goal is to prioritise relevant, actively-lending providers, not to make credit decisions.

Data minimisation by design

The system works with the least data required to rank suitable routes. We avoid sensitive categories unless they are strictly necessary for matching and you provide them knowingly. We do not use your identifiable data to train publicly accessible models.

Human-in-the-loop

Where appropriate, a human review can verify or refine the AI’s suggestions. This blended approach helps reduce errors and makes outcomes more explainable. You can request human review at any time before proceeding.

No hard credit checks at quote stage

The initial Quick Quote and Eligibility Check use self-declared information and public sources. Some partners may conduct a soft search with your permission, which does not affect your credit score. A hard credit check only occurs if you proceed with a specific application and provide explicit consent to that lender or broker.

Soft vs hard searches

A soft search is visible to you but not to other lenders and does not impact your score. A hard search is visible to other lenders and may affect your score. We will always make it clear if a hard search is proposed and who will carry it out.

Performance and improvement

We may use aggregated, anonymised data to improve our matching logic and reporting. This helps us understand which introductions lead to good outcomes by sector and loan type. We do not sell personal data and we do not release identifiable data for commercial “data brokerage.”

3) Who we share your data with and when

Finance providers and brokers

Once you authorise us to proceed, we share only the information needed for a provider to assess your eligibility and contact you. We select providers based on your profile, sector, and finance needs. We make clear who we are introducing and why they are relevant.

Service providers acting on our behalf

We use trusted processors for secure hosting, CRM, email delivery, security monitoring, and analytics. These providers are bound by contracts aligned to UK GDPR Article 28 and can only process data under our instructions. We assess their security and privacy controls before engagement.

Transfers outside the UK/EEA

If any processing involves data leaving the UK/EEA, we use an appropriate safeguard such as the UK International Data Transfer Agreement or ICO-approved Standard Contractual Clauses. We aim to keep your data in the UK or EEA wherever feasible. We do not permit sub-processors to use your data for their own purposes.

Legal and compliance disclosures

We may share information if required by law, regulation, or to protect our rights or the rights of others. This could include responding to law enforcement with proper authority. We always assess the scope and necessity of any disclosure.

Industry relevance

If you operate in a specialist sector, we prioritise lenders that understand your operations and assets. For example, building contractors may prefer providers with experience in staged invoicing and equipment finance. See our sector guide for building services funding: Building Services Loans.

Your control over sharing

You can ask us not to share your details with a particular party or to pause introductions. If you withdraw your enquiry, we stop sharing and follow our retention policy. You may also request deletion where applicable.

4) How your data is protected

Security in transit and at rest

We encrypt data in transit using TLS 1.2+ and at rest using strong encryption. Access to systems is protected by role-based permissions and multi-factor authentication where applicable. We segment environments and follow least-privilege access principles.

Operational safeguards

We log access and changes, and we monitor for suspicious activity. Staff who handle data are trained in confidentiality, phishing awareness, and data protection standards. We operate change controls and periodic reviews of suppliers and permissions.

Vulnerability and patch management

Our technology stack is patched regularly in line with vendor guidance and risk. We use reputable security tooling to help identify vulnerabilities. Where issues are found, we remediate promptly and document actions taken.

Incident response

We maintain a data incident plan aligned to UK GDPR. If we identify a notifiable personal data breach, we will assess risk and notify the ICO within 72 hours where required. We will also inform affected users without undue delay when legally necessary.

Data retention and deletion

We keep enquiry data only for as long as needed for matching, audit, and legal purposes. Typical retention for declined or withdrawn enquiries is limited and reviewed periodically. When you request deletion and no lawful basis requires us to retain data, we will securely erase it.

Children and sensitive data

Our services are for UK businesses, not for children. We do not intentionally collect special category data. If such data is inadvertently submitted, we will delete it unless there is a clear legal basis to retain it.

5) Your choices, rights, and how to proceed safely

Your privacy choices

You can update your details, opt out of marketing, or limit sharing to specific providers. You may request a copy of your data, ask us to correct inaccuracies, or request deletion where applicable. You can object to or restrict certain processing, including profiling for matching, and request human review.

How to exercise your rights

To make a privacy request, contact hello@bestbusinessloans.ai with your company name and contact details. We will verify your identity before acting on the request. We respond within the timeframes set by UK GDPR.

Clear, fair and not misleading

We are an independent introducer that connects you with relevant finance providers. We do not guarantee offers, approvals, or the lowest rates, and we do not charge you for submitting an enquiry. Any quotes or decisions in principle are subject to provider checks, documentation, and credit assessment.

FAQs

Will my credit score be affected? A Quick Quote or Eligibility Check does not involve a hard credit search. A hard search can only occur with your explicit consent if you proceed with a provider.

Do you sell my data? No. We never sell personal data. We share only with relevant lenders, brokers, and service providers under contract to deliver the services you request.

Do you use my data to train AI? We do not train public models on your identifiable information. We may use aggregated, anonymised data to improve our matching logic.

Where is my data stored? We aim to store and process data in the UK or EEA. If transfers are necessary, we use approved safeguards.

Can I delete my data? Yes, subject to legal obligations and legitimate interests. Contact us to request deletion and we will action your request where applicable.

Safe next steps

If you are ready to explore funding, complete a Quick Quote for a no-obligation eligibility view. We will show you relevant next steps and, with your permission, introduce you to suitable providers. You decide whether to proceed and who to engage with.

Key takeaways

  • We collect only what’s needed to match you to suitable lenders and brokers.
  • Your data is encrypted, access-controlled, and never sold.
  • We share data only with relevant, vetted partners, and only with your permission.
  • No hard credit search occurs unless you choose to proceed with a provider.
  • You control your data and can request access, corrections, or deletion at any time.

Start your secure enquiry

Get a free Quick Quote or Eligibility Check in minutes. It’s fast, secure, and there is no obligation to proceed. Make smarter finance decisions with Best Business Loans — powered by AI, guided by good practice.

Compliance notes: We aim to align with the FCA’s “clear, fair and not misleading” standard, the ASA’s advertising rules, and Google’s financial services policies. Best Business Loans is an independent introducer and does not provide loans, credit decisions, or financial advice.

Contact: hello@bestbusinessloans.ai | www.bestbusinessloans.ai

Share your love

Related Posts