Last Updated: November 27, 2025
Effective Date: November 27, 2025
Guardian Volt Ltd ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Guardian Volt platform ("Service").
This policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Guardian Volt Ltd is the data controller responsible for your personal data.
We collect the following categories of personal data:
| Category | Data Types | Purpose |
|---|---|---|
| Identity Data | Name, email address, phone number | Account creation and communication |
| Contact Data | Billing address, email | Billing and correspondence |
| Financial Data | Bank account details, transaction history, balances | Generating court reports, transaction tracking |
| Ward/P Data | Name, DOB, address, care information | Court reporting requirements |
| Guardianship Data | Court case number, appointment date, reporting periods | Compliance and reporting |
| Technical Data | IP address, browser type, device information | Security and service improvement |
| Usage Data | Features used, pages visited, time spent | Service improvement |
| Audit Data | All actions taken, timestamps, changes made | Compliance and security |
| Document Data | Uploaded files (receipts, invoices, care plans) | Court report documentation |
Under UK GDPR, we process your data based on the following lawful bases:
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contractual Necessity (Article 6(1)(b)) |
| OPG/Court reporting compliance | Legal Obligation (Article 6(1)(c)) |
| AI transaction categorisation | Consent (Article 6(1)(a)) |
| Fraud prevention and security | Legitimate Interests (Article 6(1)(f)) |
| Service improvement | Legitimate Interests (Article 6(1)(f)) |
| Marketing communications | Consent (Article 6(1)(a)) |
We share your data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| TrueLayer | Bank account connectivity | Bank credentials (via OAuth), transaction data | UK/EU |
| Anthropic (Claude AI) | Transaction categorisation, narrative generation | Transaction descriptions, merchant names | USA |
| OpenAI | Backup AI processing | Transaction descriptions, merchant names | USA |
| Stripe | Payment processing | Billing information, payment method | UK/EU |
| Clerk | Authentication | Email, name, authentication tokens | USA |
| Amazon Web Services (AWS) | Cloud hosting and storage | All data | eu-west-2 (London) |
| Resend | Email delivery | Email address, notification content | USA |
All third-party processors are bound by data processing agreements that require them to protect your data and only process it according to our instructions.
Important: Our Service uses artificial intelligence (AI) to process your data.
AI providers process transaction descriptions to suggest categorisations (e.g., "Food & Groceries", "Medical Expenses"). These are suggestions only. You have the right to review and modify all AI-generated categorisations before they appear in reports.
Under Article 22 of the UK GDPR, you have the right to:
To exercise these rights, contact privacy@guardianvolt.com.
Some of our third-party processors (Anthropic, OpenAI, Clerk) are based in the United States. When we transfer your data outside the UK/EEA, we ensure adequate protection through:
You can request a copy of the safeguards we use by contacting privacy@guardianvolt.com.
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Duration of account + 30 days | Service provision |
| Transaction Data | 7 years from transaction date | Court/tax compliance requirements |
| Generated Reports | 7 years from generation | Legal compliance, audit requirements |
| Audit Logs | 7 years | Regulatory compliance, dispute resolution |
| Uploaded Documents | 7 years or until account deletion | Court documentation requirements |
| Bank Access Tokens | Until disconnected or 90 days inactive | Service functionality |
| Marketing Preferences | Until consent withdrawn | Consent-based marketing |
After retention periods expire, data is securely deleted or anonymised. You can request earlier deletion, subject to our legal obligations.
Under UK GDPR, you have the following rights:
To exercise your rights: Email privacy@guardianvolt.com or use the data export/deletion features in Settings. We will respond within one month.
We implement robust security measures to protect your data:
In the event of a data breach that affects your personal data:
We use cookies and similar technologies to provide our Service. For detailed information about our cookie usage, please see our Cookie Policy.
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
For privacy-related questions or to exercise your rights: