Divvio

Privacy Policy

Last Updated: 25/11/2025

Divvio ("we", "us", or "our") is committed to protecting your privacy. We understand that you are trusting us with your most sensitive personal and financial information during a difficult time. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application (the "Service").

By accessing or using Divvio, you agree to the collection and use of information in accordance with this policy.

1. Important Information and Who We Are

Controller

Kintela Ltd is the controller and responsible for your personal data.

Email: support@divvio.co.uk

Address: Unit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE

The Data We Collect

We collect various types of personal data to generate your Form E (Financial Statement). This includes:

  • Identity Data: First name, last name, username, marital status, title, date of birth.
  • Contact Data: Billing address, home address history, email address, telephone numbers.
  • Financial Data: Detailed information on your bank accounts, pensions (CETV), property holdings, investments, business interests, liabilities, income, and monthly expenditure.

Special Category Data:

  • Health Data: Details of any medical conditions or disabilities (required for Form E Section 1.11).
  • Children's Data: Names, dates of birth, and health/educational needs of your children (required for Form E Section 1.10).

Other Data Types:

  • Document Data: Files you upload, such as bank statements, P60s, mortgage statements, and property valuations.
  • Technical Data: IP address, browser type and version, time zone setting, operating system, and platform.
  • Transaction Data: Details about payments to and from you (processed via Stripe).

2. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we use your personal data in the following circumstances:

PurposeType of DataLawful Basis for Processing
To register you as a new userIdentity, ContactPerformance of a contract
To generate your Form E PDFIdentity, Financial, Special Category, DocumentsPerformance of a contract; Explicit Consent (for special category data)
To provide AI Co-pilot assistanceIdentity, Financial, User QueriesConsent; Legitimate Interests (to improve service accuracy)
To process paymentsContact, Financial, TransactionPerformance of a contract
To manage our relationship with youIdentity, ContactPerformance of a contract; Legal obligation

A Note on "Special Category" Data

Because Form E requires details about health and children, we process this sensitive data based on your Explicit Consent given when you sign up and begin the questionnaire. You may withdraw this consent at any time by deleting your account, though this will prevent us from generating a complete Form E.

3. AI and Automated Processing

Divvio uses Artificial Intelligence (OpenAI) to assist you.

How it works

When you ask the "Ask Divvio" assistant a question, or when we generate summaries of your finances, relevant snippets of your questionnaire data (e.g., "Total Assets", "Employment Status") may be sent to our AI provider, OpenAI.

Data Privacy

We use OpenAI's API, which is governed by strict enterprise privacy policies. OpenAI does not use your data to train their models. Your data is retained by OpenAI for a maximum of 30 days for abuse monitoring purposes and then deleted.

No Automated Decision Making

The AI provides information and drafting assistance only. It does not make legal decisions or automated judgments about your case.

4. Data Security

We have put in place appropriate security measures to prevent your personal data from being lost, used, or accessed in an unauthorized way.

  • Encryption: All data is encrypted at rest (in our database) and in transit (between your browser and our servers) using TLS/SSL and AES-256 encryption.
  • Access Control: We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
  • Database Security: We utilize Supabase (a robust PostgreSQL provider) which implements Row Level Security (RLS), ensuring that your data is cryptographically isolated from other users.

5. Disclosures of Your Personal Data

We may share your personal data with the parties set out below for the purposes set out in Section 2:

Service Providers:

  • Supabase: For database hosting and authentication services (Data stored in the EU/UK where possible).
  • OpenAI: For providing AI-generated guidance and summaries (Data processed in the US under standard contractual clauses).
  • Stripe: For payment processing. We do not store your full credit card details; they are handled directly by Stripe.
  • Vercel: For website hosting and infrastructure.

Professional Advisers:

Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services (only if strictly necessary).

Legal Authorities:

HM Revenue & Customs, regulators, and other authorities if required by law.

We do not sell your data to third parties.

6. Data Retention

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Active Accounts: We retain your financial data while your account is active to allow you to edit and re-export your Form E.
  • Inactive Accounts: If you have not logged in for 12 months, we will notify you via email. If no action is taken, we will permanently delete your financial and special category data. We may retain basic Identity and Transaction Data for 6 years for tax and legal compliance purposes.

7. Your Legal Rights

Under the UK GDPR, you have rights in relation to your personal data, including:

  • Request access to your personal data (a "data subject access request").
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data. You can do this directly within your dashboard or by contacting us. Note: This action is irreversible.
  • Object to processing of your personal data.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us at support@divvio.co.uk.

8. Third-Party Links

This website may include links to third-party websites (e.g., Gov.uk, MoneyHelper). Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

9. Changes to This Privacy Policy

We keep our privacy policy under regular review. This version was last updated on 25/11/2025. Historic versions can be obtained by contacting us.

Questions?

If you have any questions about this Privacy Policy, please contact us.