Privacy Policy
Last updated: July 2026
1. Who we are
BrokerTools is the data controller for the personal data described in this policy. Contact us at admin@morebroking.com.
2. Data we collect
We collect the minimum data necessary to provide our service:
- Email address — provided during signup, used for account management and billing.
- Usage metrics — API call counts and costs, stored for billing and spending limits.
- Session cookies — HttpOnly cookies for web authentication. Not accessible to JavaScript.
- Analytics data — anonymised page views and performance metrics collected via Vercel Analytics. No personal data is collected and no cookies are used for analytics.
3. Legal basis for processing
We process your data under the following legal bases (UK GDPR Article 6):
- Contractual necessity — processing your email, session, and usage data is necessary to provide the BrokerTools service you signed up for.
- Legitimate interests — collecting anonymised analytics to improve the service, and maintaining billing records for accounting purposes.
4. Documents you upload
When you use BrokerTools (Blotter, Bordereaux, Runner, or Specimen), your documents are processed as follows:
- Files are parsed in memory on our Vercel servers and sent to AWS Bedrock for AI analysis.
- Short retention: Uploaded files and extracted document text are retained for up to 24 hours, then automatically deleted. We do not retain them beyond that window.
- AWS Bedrock: Your document content is sent to Claude (Anthropic) via AWS Bedrock. Under the AWS Bedrock service terms, your data is not used to train AI models and is not retained after processing.
- Regional processing: All AI processing occurs within the AWS Europe (EU) region.
5. How we use your data
- To provide the BrokerTools service (file processing, extraction, merging, reconciliation).
- To manage your account, billing, and spending limits via Stripe.
- To send service-related communications (e.g. billing notifications).
- To monitor and improve service performance via anonymised analytics.
6. Data storage, security, and retention
- Account data (email, API key, spending) is stored in Upstash Redis (encrypted at rest) and Stripe. Account data is retained until you request deletion of your account.
- Document data (uploaded files and extracted document text) is retained for up to 24 hours, then automatically deleted.
- All connections use HTTPS/TLS encryption in transit.
- Session cookies are HttpOnly, Secure, and SameSite=Lax.
7. International data transfers
AI processing occurs within the AWS Europe (EU) region. However, some of our service providers (Vercel, Stripe, Upstash) may process data outside the UK. These transfers are protected by appropriate safeguards including Standard Contractual Clauses and the providers' respective data processing agreements.
8. Your rights (UK GDPR)
Under UK data protection law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Object to processing of your personal data.
- Data portability — receive your data in a structured format.
To exercise any of these rights, contact admin@morebroking.com.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Third-party services
- Stripe — Payment processing. See Stripe Privacy Policy.
- AWS Bedrock — AI processing (AWS Europe, EU). See AWS Privacy Notice.
- Vercel — Hosting and analytics. See Vercel Privacy Notice.
- Upstash — Database (Redis). See Upstash Privacy Policy.
10. Changes to this policy
We may update this policy from time to time. Changes will be posted on this page with an updated date.
11. Manage cookie preferences
You can review or change your cookie consent at any time. Withdrawing consent is as easy as giving it — use the link below to clear your current decision; the consent banner will reappear on the next page load so you can decide again.