Privacy Policy

1. Who we are

BrokerTools is the data controller for the personal data described in this policy. Contact us at admin@morebroking.com.

2. Data we collect

We collect the minimum data necessary to provide our service:

• Email address — provided during signup, used for account management and billing.
• Usage metrics — API call counts and costs, stored for billing and spending limits.
• Session cookies — HttpOnly cookies for web authentication. Not accessible to JavaScript.
• Analytics data — anonymised page views and performance metrics collected via Vercel Analytics. No personal data is collected and no cookies are used for analytics.

3. Legal basis for processing

We process your data under the following legal bases (UK GDPR Article 6):

• Contractual necessity — processing your email, session, and usage data is necessary to provide the BrokerTools service you signed up for.
• Legitimate interests — collecting anonymised analytics to improve the service, and maintaining billing records for accounting purposes.

4. Documents you upload

When you use BrokerTools (Blotter, Bordereaux, or Runner), your documents are processed as follows:

• Files are parsed in memory on our Vercel servers and sent to AWS Bedrock for AI analysis.
• Zero retention: We do not store your uploaded files. They are processed and discarded.
• AWS Bedrock: Your document content is sent to Claude (Anthropic) via AWS Bedrock. Under the AWS Bedrock service terms, your data is not used to train AI models and is not retained after processing.
• Regional processing: All AI processing occurs in AWS EU (Frankfurt, eu-central-1).

5. How we use your data

• To provide the BrokerTools service (file processing, extraction, merging, reconciliation).
• To manage your account, billing, and spending limits via Stripe.
• To send service-related communications (e.g. billing notifications).
• To monitor and improve service performance via anonymised analytics.

6. Data storage, security, and retention

• Account data (email, API key, spending) is stored in Upstash Redis (encrypted at rest) and Stripe. Account data is retained until you request deletion of your account.
• Document data is not stored. It is processed in memory and discarded.
• All connections use HTTPS/TLS encryption in transit.
• Session cookies are HttpOnly, Secure, and SameSite=Lax.

7. International data transfers

AI processing occurs exclusively within AWS EU (Frankfurt). However, some of our service providers (Vercel, Stripe, Upstash) may process data outside the UK. These transfers are protected by appropriate safeguards including Standard Contractual Clauses and the providers' respective data processing agreements.

8. Your rights (UK GDPR)

Under UK data protection law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Object to processing of your personal data.
• Data portability — receive your data in a structured format.

To exercise any of these rights, contact admin@morebroking.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Third-party services

• Stripe — Payment processing. See Stripe Privacy Policy.
• AWS Bedrock — AI processing (EU Frankfurt). See AWS Privacy Notice.
• Vercel — Hosting and analytics. See Vercel Privacy Policy.
• Upstash — Database (Redis). See Upstash Privacy Policy.

10. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.