SECURITY & DATA HANDLING

How we protect
your data.

When you share sensitive documents with IceTree as part of pre-vetting — processing statements, bank statements, ID, ownership structure, licence copies — we treat them with the same care we'd expect from any partner we work with. Here's exactly how that works.

OUR PRINCIPLES

Six things we promise about your data.

End-to-end encryption

Documents are encrypted in your browser before they leave your device. They remain encrypted in transit and at rest. Only authorised IceTree team members can decrypt them, and only when you have explicitly shared access.

EU / UK data residency

Your files are stored in EU or Swiss data centres operated by a security-certified provider. We never transfer your data outside the UK / EU / EEA without your explicit consent.

Need-to-know access

Documents are scoped to the engagement they belong to. Only the team members directly involved in matching you with PSP partners can view them — never a wider audience.

Time-limited retention

We retain pre-vetting documents only as long as needed to complete an introduction, with a default ceiling of 12 months after engagement ends. After that, files are securely deleted unless you ask us to keep them on file.

Provider-side certification

The document platform we use is independently certified to ISO 27001 and SOC 2 Type II — globally recognised standards for information security management. We inherit those controls for your data.

GDPR controller, full audit trail

IceTree Group Ltd is the data controller for your information under UK GDPR. Every access to your documents is logged. You can request a full audit, export, or deletion of your data at any time.

CERTIFICATION ROADMAP

Independently verified,
step by step.

TODAY

Encrypted document platform

Live

All sensitive documents flow through an ISO 27001 / SOC 2 Type II certified document platform with end-to-end encryption, EU data residency, and full audit trails. We are the data controller; the platform is the data processor.

Q3 2026

Cyber Essentials

In progress

Cyber Essentials is the UK government-backed baseline for cyber security — covering firewalls, secure configuration, access control, malware protection, and patching. We're working toward submission to make IceTree's underlying security posture independently verified.

Q1 2027

Cyber Essentials Plus

Planned

The certified-assessor version of Cyber Essentials, including an independent technical audit. Stronger trust signal for regulated buyers and a logical next step once the baseline is in place.

Future

ISO 27001

Planned

ISO 27001 is the international standard for information security management systems. We'll pursue certification when IceTree's team and engagement footprint justify the audit and ongoing maintenance.

YOUR RIGHTS

What you can ask us to do at any time.

  • Access

    Receive a full export of the documents and personal data we hold about you.

  • Rectification

    Correct any inaccurate or outdated information.

  • Erasure

    Request deletion of your documents and personal data, subject to legal-retention obligations we explain at the time.

  • Restriction

    Ask us to limit how we use your data while a query is being resolved.

  • Audit log

    Receive a record of every access to your documents — who viewed what, and when.

  • Withdraw consent

    Withdraw any consent you previously gave, at any time, for any specific use of your data.

To exercise any of these rights

Email [email protected]. We respond within 30 days under UK GDPR, and usually much sooner.

Privacy PolicyContact

Questions about how we handle your data?

We're happy to walk you through our setup before you share anything sensitive — no commitment.

Get in touchRead full Privacy Policy

We use cookies to analyse site performance and measure the effectiveness of our outreach. Privacy policy