No. Best Business Loans never sells your data. We only share the minimum necessary information with relevant lenders or brokers to progress your enquiry, and only with your permission.

Will you run a credit check?

We do not run credit checks. Some providers may conduct a soft search to pre-screen you, which does not affect your credit score, but this only happens with your explicit consent. A hard search is carried out by a provider only if you agree to proceed.

How do you keep my information secure?

We use TLS encryption for data in transit, strong encryption at rest, role-based access controls, multi-factor authentication, audit logging, vendor due diligence, and UK GDPR–compliant processes. We also minimise data collection and apply defined retention and deletion schedules.

Where is my data stored?

We aim to store data in the UK or EEA. If secure processing outside these regions is required, we use approved transfer mechanisms such as the UK International Data Transfer Agreement or Standard Contractual Clauses, with appropriate safeguards.

How can I exercise my UK GDPR rights?

You can request access, correction, deletion, restriction, portability (where applicable), and object to certain processing by emailing hello@bestbusinessloans.ai. We may ask for basic verification to protect your data and will respond within statutory timeframes.

How do you keep my business information secure and who will see my data?

Q: Who will see my data?

Your data may be accessed by trained Best Business Loans staff, trusted technology providers under contract, and carefully selected UK lenders or brokers that match your enquiry. Sharing with finance providers occurs only with your consent and is limited to what they need to assess suitability.

Short answer: your data stays private, is encrypted, and is only shared with relevant, vetted finance providers when you ask us to

Best Business Loans protects your information using secure encryption, strict access controls, and UK GDPR–compliant processes. We never sell your data, and we only share the minimum necessary details with carefully selected lenders or brokers that match your enquiry — and only when you give us permission. We act as an independent introducer, not a lender, and your information is handled with confidentiality at every step.

Below you’ll find a plain-English breakdown of our security measures, how we use your data, who can see it, and the choices and rights you have as a UK business.

Security by design — how we protect your information end-to-end

We apply layered security across our platform and partners

Your data is protected in transit using modern Transport Layer Security (TLS 1.2+), and at rest using robust encryption (e.g., AES‑256). We adopt a “least privilege” policy, meaning only authorised personnel who need access to support your enquiry can view your details. Multi-factor authentication, role-based access, and activity logging further reduce risk.

We complete due diligence on our technology suppliers, ensure contractual data protection obligations, and routinely review their certifications and controls. Systems are monitored for unusual activity to help detect and prevent unauthorised access.

We minimise the data we collect — and keep it only as long as needed

We ask only for information needed to match your business to suitable funding providers and to enable an eligibility check. Data is retained for defined periods aligned to legal, regulatory, and business needs, after which it is securely deleted or anonymised. This reduces exposure and keeps your information footprint as small as possible.

If you request deletion and there’s no legal reason for us to retain your information, we will securely erase it. Where we need to keep records (for example, to meet compliance or audit requirements), we will restrict access and store them securely.

Optional open banking and document sharing are strictly consent-based

If a lender or broker suggests open banking or document sharing to speed up your decision in principle, that will only happen with your explicit consent. Where open banking applies, it is delivered via FCA-authorised providers, and we never store your banking credentials. Access can be revoked at any time.

Supporting documents you upload are scanned with antivirus tools, encrypted, and shared only with shortlisted providers that you authorise us to introduce. We do not transmit unnecessary or unrelated documents.

Key technical safeguards we use

HTTPS/TLS 1.2+ for all data in transit; AES‑256 at rest where applicable.
Role-based access controls, multi-factor authentication, and session timeouts.
Audit logging, IP and device monitoring, and anomaly detection.
Regular backups, secure key management, and least-privilege security principles.
Vendor due diligence, UK GDPR–compliant data processing agreements, and ongoing reviews.

Who will see your data — clearly explained

1) Our small UK-based support and operations team

Only trained team members who need access to progress your enquiry will see your information. All staff follow internal confidentiality policies and complete regular data protection and security awareness training. Access is logged and reviewed.

We will not share your details internally for unrelated activities. Marketing contact is permission-based, and you can opt out at any time.

2) Trusted technology providers (as data processors)

We use reputable third-party tools for secure hosting, CRM, email delivery, analytics, and form processing. These providers act under written agreements that require them to protect your data and use it only under our instructions. They are not permitted to use your data for their own marketing.

Data is primarily stored in the UK or EEA. If information is ever transferred outside the UK/EEA, we rely on appropriate safeguards such as UK International Data Transfer Agreements or Standard Contractual Clauses.

3) Carefully selected UK lenders and brokers (as controllers of the data you approve us to share)

Once you submit a Quick Quote or Eligibility Check, our AI matching process identifies finance providers that are active in your sector and likely to support your requirements. With your permission, we share only the details those providers need to assess suitability and next steps. We prioritise relevance over volume to reduce unnecessary sharing.

Example: If you run a distribution fleet and seek asset finance for vehicles, we will focus on providers with a track record in logistics and transport. For more industry context, see our page on logistics business loans.

Credit searches: soft checks vs hard checks

We will never authorise a credit search on your behalf. A soft credit check may be used by some providers to pre-screen without affecting your credit score, but this only happens with your consent. A hard search can leave a footprint on your credit file and is only carried out by a lender or broker after you explicitly agree to proceed.

If a provider needs additional documentation to progress your case, they will request it transparently and explain why it is needed. You remain in control of what you share and when.

How we use your information — lawful basis, fairness, and transparency

Lawful basis for processing under UK GDPR

We process your information primarily under consent (when you submit an enquiry) and legitimate interests (to operate and improve our service as an introducer). Where we send service-related communications (for example, to update you on your matches), this is necessary to fulfil your request. Marketing messages are permission-based and easy to disable.

If we ever rely on a different lawful basis for a specific activity, we will state this and explain what it means for you. We aim to make our privacy notices straightforward and accessible.

How your information supports your finance journey

Your business details help our AI and team to identify relevant finance types, shortlist active providers, and introduce you to decision-makers. This reduces time spent chasing unsuitable solutions and helps you compare realistic options. We share only what is required at each stage to keep your information exposure low.

We do not promise the lowest rate or guaranteed approval. Our focus is on relevance, transparency, and helping you make an informed choice.

Fair, clear, and not misleading — our communications promise

We follow the spirit of FCA, ASA, and Google Ads standards for financial promotions, even though Best Business Loans does not itself provide regulated credit. That means we avoid exaggerated claims, make limitations clear, and always present risks and conditions in a balanced way. Where provider terms apply, we will signpost them.

Any quotes, eligibility views, or decisions in principle are subject to provider assessment, your credit status, and the information you supply. We will not make claims that could mislead businesses about costs or likelihood of approval.

What we do not do with your data

We do not sell your information to third parties.
We do not share details with unrelated advertisers.
We do not permit unauthorised credit checks.
We do not send sensitive documents without your knowledge.

Your choices and control — consent, permissions, and your UK GDPR rights

You decide how we contact you and who we introduce

You can choose email, phone, or both for updates, and you can change your preferences at any time. If you want us to pause or stop introductions, just tell us and we will halt further sharing. You can also ask which lenders or brokers we are considering before any introduction is made.

Where you grant consent, you can withdraw it at any time. We will record and honour your choices promptly.

Your data rights and how to use them

Under UK GDPR and the Data Protection Act 2018, you can request: access to your data, correction of inaccuracies, deletion in appropriate cases, restriction of processing, data portability (where applicable), and the right to object to certain processing. We respond within statutory timeframes and will explain any legal grounds if we cannot meet a specific request in full.

If you have concerns about our handling of your data, you can contact us first so we can resolve the issue quickly. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

How to exercise your rights

Email: hello@bestbusinessloans.ai with your request and the email address you used to enquire.
Identity check: we may ask for basic verification to protect your data from unauthorised access.
Response time: we aim to respond as soon as possible and no later than one month from receipt.

Retention, incident response, and compliance standards

How long we keep your information

Enquiry details are kept only as long as needed to provide our service, meet legal obligations, and maintain accurate records of introductions. We periodically review and securely delete data that is no longer required. Aggregated analytics are anonymised wherever possible to prevent re-identification.

If you ask us to delete your information and there is no legal reason to retain it, we will comply and confirm when deletion has been completed.

How we handle security incidents

We maintain an incident response plan, including rapid containment, investigation, and remediation steps. If a notifiable data breach occurs, we will contact the ICO within required timeframes and inform affected users when necessary. Post-incident reviews help us strengthen controls and prevent recurrence.

We regularly test our readiness, review logs, and apply patches and updates to keep systems secure. Where appropriate, we undertake Data Protection Impact Assessments (DPIAs) for higher-risk processing.

International transfers and data location

We aim to keep your data in the UK or EEA. If a secure service provider processes data elsewhere, we rely on approved transfer mechanisms and undertake due diligence to confirm equivalent protections. We keep a record of such transfers and the safeguards used.

We will update our privacy information if providers or locations change, and we will tell you where this meaningfully affects your rights or risks.

Regulatory and advertising standards we follow

We align with UK GDPR and the Data Protection Act 2018.
We follow the spirit of FCA “clear, fair and not misleading” rules for financial promotions.
We comply with ASA/CAP guidance on transparent advertising.
We respect Google Ads financial services policies.

Important: Best Business Loans is not a lender and does not provide financial advice. We introduce UK businesses to relevant finance providers and make no guarantees of approval, rates, or timing. Provider terms and eligibility apply.

Ready to move forward — with confidence

If you are comfortable with how we protect your data and want to explore funding, you can start with a free, no-obligation Quick Quote. We will match you to relevant providers and keep you in control throughout. Your information remains confidential, secured by strong technical and organisational measures.

Get Your Free Quick Quote Now

Key takeaways

Your data is encrypted, access-controlled, and handled under UK GDPR.
We never sell your data and share only with relevant providers you approve.
Soft or hard credit checks only occur with your explicit consent.
You have full control over introductions, contact preferences, and your rights.
We act as an introducer, not a lender, and follow fair, clear, and not misleading standards.

Updated: October 2025