Privacy Policy

Effective: February 26, 2026 · Last updated: February 26, 2026

1. Introduction

Untie is a private financial scenario platform operated by LRARE Holdings Ltd (“we”, “us”, “our”). We provide structured financial modelling tools for individuals considering separation.

We understand the sensitivity of this subject. This policy explains what data we collect, why we collect it, how we protect it, and your rights. We have designed our platform with privacy as a foundational principle, not an afterthought.

Untie operates in the United Kingdom and follows the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our Privacy Commitment

2.1 Discretion by design

All payment transactions appear on bank and credit card statements under the name LRARE. The name Untie does not appear on any financial statement. We do not send marketing emails, promotional materials, or any communication that identifies the nature of the platform unless you explicitly request it.

2.2 We do not disclose your use of the platform

We will never confirm or deny that any individual has used Untie. This includes to partners, legal representatives, employers, family members, or any third party. We will not respond to informal enquiries about whether a specific individual holds an account.

2.3 One-time email addresses

We encourage the use of one-time or alias email addresses where practical. Our authentication system is compatible with email alias services. You do not need to provide a primary personal email address to use Untie.

3. Data We Collect

3.1 Account data

When you create an account, we collect an email address, a first name (used for personalisation only), and an authentication credential. Authentication is handled by Supabase, which operates on Amazon Web Services (AWS) infrastructure. We do not require your legal name, home address, phone number, or any other identifying information to create an account.

3.2 Financial modelling data

When you use the platform, you may enter financial information including property values, income figures, pension values, savings, debts, dependant information (ages only, no names), and monthly expenditure. This data is stored in our database hosted on Supabase (AWS) and is associated with your account. It is used solely to power the scenario modelling tools and generate your clarity report. We do not analyse, aggregate, profile, or use this data for any other purpose.

3.3 Payment data

Payments are processed by Stripe. We do not store your full card number, CVV, or bank account details on our servers. Stripe processes and stores payment credentials in accordance with PCI DSS Level 1 standards. The billing descriptor on your statement will read LRARE. We receive only a payment confirmation and a truncated card reference from Stripe for our transaction records.

3.4 Analytics data

We use Google Analytics to understand how the platform is used in aggregate. This includes page views, session duration, device type, and general geographic region. We have configured Google Analytics with the following privacy protections:

  • IP anonymisation is enabled
  • User-ID tracking is disabled
  • Data sharing with Google advertising products is disabled
  • Data retention is set to 2 months
  • Granular location and demographic reporting is disabled

Analytics data cannot be linked to individual user accounts or financial modelling data. Analytics cookies are only loaded after you provide consent via our cookie banner.

3.5 Data we do not collect

We do not collect: your legal name (unless you choose to provide it as your first name), home address, phone number, date of birth, national insurance number, employment details, information about your partner or spouse (beyond the financial figures you choose to enter for modelling purposes), names of your children, or any biometric data. We do not require identity verification to use the platform.

4. How We Use Your Data

We use your data for the following purposes only:

  • To provide account authentication (Supabase / AWS)
  • To personalise the platform experience using your first name
  • To power the financial scenario modelling tools you use
  • To generate and deliver your downloadable clarity report
  • To process your payment (Stripe)
  • To understand platform usage in aggregate (Google Analytics)

We do not use your data for marketing, profiling, behavioural targeting, credit scoring, or sale to third parties. We do not build user profiles. We do not use your financial modelling data to train algorithms, models, or any form of artificial intelligence.

5. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

Contract performance (Article 6(1)(b)): Account data and financial modelling data are processed to deliver the service you have purchased.

Legitimate interest (Article 6(1)(f)): Anonymised analytics data is processed to improve the platform. We have conducted a legitimate interest assessment and concluded that this processing does not override your rights, given the anonymisation measures in place.

Consent (Article 6(1)(a)): Where we use cookies beyond those strictly necessary for platform operation, we obtain your consent via a cookie banner. You may withdraw consent at any time.

6. Data Sharing and Third Parties

We share data with the following third-party processors, and only to the extent necessary to operate the platform.

6.1 Supabase (authentication and database)

Supabase provides our authentication infrastructure and database hosting. Data is stored on Amazon Web Services (AWS) infrastructure. Supabase acts as a data processor under a Data Processing Agreement. Our database is hosted in the AWS Frankfurt region (eu-central-1).

6.2 Stripe (payment processing)

Stripe processes payment transactions. Stripe is certified to PCI DSS Level 1 and acts as an independent data controller for payment data it processes. Stripe's privacy policy governs its handling of card data. We receive only a payment confirmation and truncated card reference.

6.3 Google Analytics (anonymised usage analytics)

Google Analytics receives anonymised usage data as described in Section 3.4. Google acts as a data processor. [INSERT: Confirm Google Analytics Data Processing Terms are accepted in GA admin settings.]

6.4 No other sharing

We do not share, sell, rent, or disclose your personal data or financial modelling data to any other third party. This includes solicitors, mediators, financial advisors, advertising networks, data brokers, or any other commercial entity.

If you choose to use our optional solicitor referral directory in future, any contact you initiate with a listed solicitor is between you and that solicitor directly. We do not share your account data, financial modelling data, or any platform activity with referral partners. Untie does not receive referral fees from solicitors. We have no financial incentive to encourage legal escalation.

7. Data Storage and Security

Your data is stored on AWS infrastructure via Supabase in Frankfurt (eu-central-1).

We implement the following security measures:

  • Encryption at rest and in transit (TLS 1.2+)
  • Row-level security on database tables via Supabase, ensuring no user can access another user's data at the database level
  • Authentication tokens with appropriate expiry periods
  • No server-side logging of financial modelling inputs or outputs
  • No personal data (including email addresses) in application logs
  • Content Security Policy (CSP) headers to prevent cross-site scripting
  • Access to production data restricted to [INSERT: number] authorised personnel

[INSERT: Confirm whether Untie/LRARE has completed or is pursuing any security certifications, e.g. Cyber Essentials.]

8. Data Retention

Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.

Financial modelling data: Retained for the duration of your account. Permanently deleted within 30 days of account deletion request. You may also delete individual scenarios at any time from within the platform.

Clarity reports: Generated on demand as downloadable PDFs. Stored temporarily with signed URLs that expire after 24 hours. Reports are not permanently stored on our servers.

Payment records: Retained for 7 years as required by UK tax and accounting regulations (HMRC). These records are held by Stripe and contain no financial modelling data.

Analytics data: Retained by Google Analytics for 2 months from the date of collection.

Inactive accounts: Accounts inactive for 12 months receive an email notification. Accounts inactive for 13 months are automatically deleted along with all associated data.

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your account and all associated data. We will comply within 30 days, subject to any legal retention obligations.
  • Right to data portability: Request your financial modelling data in a structured, machine-readable format (JSON export available from your Settings page)
  • Right to restrict processing: Request that we limit how we use your data
  • Right to object: Object to processing based on legitimate interest (e.g. analytics)
  • Right to withdraw consent: Where processing is based on consent (e.g. non-essential cookies), withdraw consent at any time via the cookie banner

To exercise any of these rights, contact us at privacy@untie.lrare.co.uk. We will respond within one calendar month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

Strictly necessary cookies: Required for authentication and platform operation. These do not require consent.

Analytics cookies: Used by Google Analytics to collect anonymised usage data. These require your consent and can be declined or withdrawn via the cookie banner.

We do not use advertising cookies, tracking pixels, social media cookies, or any third- party marketing technology.

11. International Data Transfers

Core account and modelling data is hosted in AWS Frankfurt (eu-central-1) via Supabase. Some processors we use, including Stripe and Google Analytics, may process limited data in other jurisdictions under their applicable cross-border transfer safeguards.

12. Children

Untie is not designed for, marketed to, or intended for use by individuals under the age of 18. We do not knowingly collect data from children. If we become aware that data has been collected from a person under 18, we will delete it promptly.

13. Law Enforcement and Legal Requests

We will not voluntarily disclose your data to any third party, including law enforcement, unless legally compelled to do so by a valid UK court order or statutory obligation. In the event that we receive a legally binding request, we will disclose only the minimum data required to comply with the specific order. Where legally permitted, we will notify you before any disclosure.

We will not respond to informal requests, solicitor letters, or subject access requests made by third parties on behalf of your partner, spouse, or any other individual. Your data is yours.

14. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via the email address associated with your account before the changes take effect. The effective date at the top of this document will always reflect the most recent version.

15. Contact

If you have any questions about this privacy policy or your data, contact us at:

privacy@untie.lrare.co.uk
LRARE Holdings Ltd
The Stamp Exchange, Newcastle-upon-Tyne, NE1 1SA
[INSERT: ICO registration number]