How is my data kept secure, and who will have access to it?
The short answer
Your data is protected using industry‑standard security practices, including encrypted transmission, secure storage, strict access controls, and continuous monitoring for misuse. We only share your information with carefully selected lenders or brokers who are relevant to your enquiry, and with trusted technology providers who help us deliver our service. We never sell your data, and you remain in control of your preferences and rights under UK GDPR.
BestBusinessLoans.ai is an independent introducer, not a lender. We help you find suitable finance providers, and we only disclose the minimum information needed to facilitate an eligibility check or introduction. We aim for communications that are fair, clear and not misleading, and we encourage you to make informed decisions with transparent, accurate information.
If at any time you want to access, correct, limit, or erase your data, you can contact us at hello@bestbusinessloans.ai. You can also opt out of marketing at any time, without affecting any service messages related to your enquiry.
What we collect, why we collect it, and the lawful basis
Data we collect during your Quick Quote
When you complete a Quick Quote, we ask for basic business information, contact details, funding needs, sector, and limited financial context to assess potential eligibility. We do not ask for bank logins or card details, and we do not intentionally collect special category data. Please avoid sharing sensitive personal information that is not relevant to a finance enquiry.
We may also collect technical data, such as device type, browser, IP address and cookies, to secure our service and improve user experience. Cookie controls allow you to manage analytics and marketing preferences where applicable. Service-critical cookies may be required for site functionality and security.
Where appropriate, we may enrich your enquiry with publicly available business information, such as Companies House records. This helps us validate details, reduce fraud risk, and match you with suitable finance providers more effectively and efficiently.
Why we collect it
We collect your data to understand your finance objectives, identify suitable funding routes, and introduce you to relevant lenders or brokers. Our aim is to save you time, reduce repeat form-filling, and make smarter, better‑informed matches. We may also use aggregated, de‑identified data to improve our matching logic and user experience.
We do not claim to include every lender, and we cannot guarantee approval or the lowest rate. Our role is to introduce you to providers who appear relevant to your business profile and stated needs. The final decision, terms and affordability assessments rest with the finance providers.
We may send you service messages about your enquiry, and if you opt in, occasional updates about relevant finance options. You can opt out of non-essential communications at any time using the unsubscribe link or by emailing our team.
Lawful basis under UK GDPR
We typically rely on legitimate interests to process your enquiry, because we need to use your details to provide the service you requested. Where required, we may rely on your consent for certain marketing communications or cookie usage. If we introduce you to a finance provider, they will become an independent controller of your data under their own privacy policy.
We retain your data only for as long as necessary to provide our service, comply with legal obligations, resolve disputes, and improve security. Typical retention for unsuccessful enquiries is limited and proportionate; if you ask us to erase your data, we will do so unless we must keep certain records for compliance.
We do not target or knowingly collect data from anyone under 18, and our service is intended for UK business users only. If we discover minors’ data, we will delete it promptly and take appropriate steps to prevent recurrence.
How we protect your data: security by design and by default
Encryption in transit and at rest
All data sent between your browser and our platform uses HTTPS with modern TLS protocols to protect it in transit. We use secure hosting in reputable UK or EEA data centres to support UK GDPR compliance. Data at rest is protected with strong encryption and technical controls designed to reduce the risk of unauthorised access.
We maintain separate environments for development and production, and we restrict access to production data to authorised personnel under the principle of least privilege. Where feasible, we apply role‑based access controls and audit logs to track administrative changes and access patterns.
Backups are safeguarded using secure storage and restricted access. Backup retention windows are set to support continuity and recovery needs while staying proportionate to privacy requirements.
Access controls, authentication and monitoring
Only team members who need to handle your enquiry can access your data, and access is reviewed regularly. We use strong authentication measures internally, including multi‑factor authentication where appropriate. Staff receive training on data protection, secure handling, phishing awareness and incident reporting.
We monitor our systems for suspicious activity and enforce password hygiene, session timeouts, and device security requirements. Where appropriate, we apply IP-based restrictions, rate limiting, and bot mitigation to help prevent abuse. We regularly assess our suppliers for security, privacy and reliability before onboarding them.
We aim to patch vulnerabilities promptly, following a risk‑based approach. We maintain change‑control practices to reduce the chance of configuration errors. We also minimise data collection to what is necessary, which reduces overall risk exposure.
Data minimisation and privacy by default
We design our forms and internal tools to collect the minimum information necessary to match you with relevant providers. We avoid retaining unnecessary copies or exporting data to unmanaged locations. We regularly review input fields and workflows to eliminate redundant entries and reduce the time data is retained.
Where possible, we pseudonymise or aggregate data for analytics and service improvements. This helps us learn and iterate without exposing personal information to broader teams or systems. We treat security as a continuous commitment rather than a one‑off exercise.
If you want more detail on our current technical and organisational measures, contact us at hello@bestbusinessloans.ai. We will respond to reasonable requests and may share high-level summaries of supplier controls and our data handling practices.
Who will have access to your data, and when we share it
Carefully selected lenders and brokers
We only share your details with lenders or brokers who appear relevant to your business profile, sector and funding needs. We disclose the minimum information required for an initial eligibility assessment or introduction. You remain free to choose whether to proceed with any provider we introduce.
If you operate in retail or eCommerce and are exploring finance options, you may find our specialist pages helpful. For example, see our information for retailers here: retailers business loans.
Finance providers will conduct their own checks and assess affordability under their policies and applicable regulations. Their use of your data is covered by their privacy notices, and they may ask you for additional information to progress your application.
Trusted technology partners (processors)
We use reputable technology providers for hosting, email delivery, analytics, customer support and CRM. These partners act under data processing agreements and are bound to use your data only on our instructions. We assess their security practices and data protection commitments before onboarding them.
We do not sell personal data to third parties. We will not share your details for unrelated marketing, and we avoid any secondary uses that do not align with your enquiry. If a new purpose arises, we will explain it clearly and seek consent where required.
We may disclose data if required by law, to protect our legal rights, prevent fraud, or respond to law enforcement requests supported by valid process. We scrutinise such requests and aim to disclose only what is strictly necessary.
International transfers and location
Our core hosting is in the UK or EEA where practicable. If limited processing outside the UK/EEA is unavoidable, we will use appropriate safeguards such as Standard Contractual Clauses. We work to keep transfers minimal and proportionate to the service being provided.
We monitor changing rules on data transfers and update our supplier arrangements where necessary. We aim to give you transparency about where your data is stored and processed. If you have location questions about a specific tool, please get in touch.
We keep an up‑to‑date record of our processors and can provide a current list on request. This supports accountability and helps you understand how your information flows through our service.
Your choices, rights and how to stay in control
Your data rights under UK GDPR
You can request access to your personal data, ask for corrections, request deletion, or object to certain processing. You can also request restriction or data portability where the law applies. To exercise any of these rights, contact hello@bestbusinessloans.ai and we will respond promptly.
If you withdraw marketing consent, we will stop non‑essential messages while still sending service updates about your enquiry where needed. We do not penalise you for exercising your rights. If you are unhappy with our response, you can contact the UK Information Commissioner’s Office.
We aim to be helpful, reliable and people‑first in our approach to privacy. Clear choices and practical explanations help you make informed decisions about your data. We keep our notices under review and update them when things change.
Marketing preferences, cookies and analytics
We only send marketing when permitted by law, and you can opt out at any time. Cookie controls let you decide on analytics and marketing cookies where used. Essential cookies that keep the site secure and functional may be required.
Analytics help us understand how our site is used so we can improve content and navigation. We use aggregated reporting where possible to reduce personal data exposure. Where a tool uses cookies, we will present you with the option to manage your preferences.
We avoid intrusive tracking and do not use data for unrelated profiling. Our goal is to balance useful insights with the least amount of personal information. If you prefer no analytics beyond essential safeguards, you can decline.
Retention and deletion
We keep enquiry data only as long as needed to provide our service, handle follow‑ups and comply with legal obligations. For unsuccessful or paused enquiries, we apply reasonable retention limits and periodic reviews. If you ask us to delete your data, we will do so unless we have a compelling legal reason to keep specific records.
Where we have introduced you to a provider, their retention periods will be described in their own policy. We encourage you to review any provider’s privacy and terms before proceeding. You remain in control of whether to continue, compare offers, or disengage.
If you would like us to close your case and remove your details, just email hello@bestbusinessloans.ai. We will confirm once complete and let you know if lawful retention still applies to limited items.
Fair, clear, and not misleading: important compliance notes
About our role and regulatory position
BestBusinessLoans.ai is an independent introducer that uses technology and a professional network to connect UK businesses with suitable finance providers. We do not offer loans directly, give regulated advice, or guarantee approval or the lowest rates. Where an activity requires FCA authorisation, introductions are made only to firms that are authorised or otherwise permitted to carry on that activity.
Any examples, rates or eligibility guidance are illustrative and subject to change. Your terms, fees and borrowing costs will depend on your circumstances and the lender’s assessment. This page is for information only and is not a recommendation or advice.
Our promotions aim to be fair, clear and not misleading in line with FCA, ASA and Google policies. If anything is unclear, please let us know so we can improve transparency and clarity.
Security incidents and how we respond
We maintain an incident response process designed to contain, investigate and resolve issues quickly. If a data breach affecting your personal information were to occur, we would assess the risk and notify you and regulators where legally required. We also conduct root‑cause analysis and strengthen controls to prevent recurrence.
We regularly test our processes and review supplier assurances to keep our standards high. Security is a shared responsibility, so please keep your devices and email secure. If you suspect any suspicious communication claiming to be from us, contact us immediately.
For guidance or to start your funding journey, complete your Quick Quote. It is fast, secure and without obligation, and it helps us introduce you to relevant providers more efficiently.
Ready to take the next step?
Submit your Quick Quote to get matched with suitable finance providers who understand your sector. We will only share what is necessary to progress your enquiry, and we will keep you informed at every step. Make a confident, informed start on your finance journey today.
Updated: October 2025