Avagance Advisor App — Privacy Policy
Last updated: 6 July 2026
Avagance Advisor for iOS and Android — for UK financial advisers and their firm staff.
This policy covers the Avagance Advisor mobile app. It sits alongside our Website Privacy Notice, Cookie Notice and Compliance & Data Protection page, which govern the wider platform, the full sub-processor list, international transfers and cookies. Where this app policy and those pages differ, the wider-platform detail applies.
1. Who we are
Bro In Finance Ltd (trading as Avagance, referred to here as "Avagance", "we", "us" or "our") provides the Avagance Advisor app. We are registered in England and Wales under company number 15991387, registered office 128 City Road, London, EC1V 2NX. We are a software provider for UK financial advice firms and are not FCA-authorised; we do not provide financial advice.
- For the adviser's own account data, Avagance is the data controller.
- For your clients' data that you view or handle through the app, your firm is the controller and Avagance is a data processor acting on your firm's instructions under our Data Processing Agreement (DPA) with the firm.
Data-protection / privacy contact: policy@broinfinance.com (person responsible for data protection: Mr Ranepura Ranepura).
The app is a companion to the Avagance web platform. Accounts are created by your firm on the web (invite only) — the app is sign-in only. New users cannot register in the app.
2. What the app is for
A read-and-light-action tool for advisers: view your client book, portfolios, meetings, escalations and compliance items; log calls, tasks and meetings; and use Ava, our AI assistant. It is a window onto the same platform your firm already uses on the web.
3. Data the app collects and processes
Your account data
Your name, email address, user ID, role and firm — used to sign you in and show your profile.
Authentication
When you sign in, your session is held as secure httpOnly cookies in the device's native cookie store — the app does not store your password. A copy of your profile (name, email, firm) is cached on the device so the app opens quickly; this is not a credential.
Your clients' data (processed on behalf of your firm)
Because you are an adviser, the app shows data about your clients — people who are not the app's user. This can include names, contact details and household make-up; financial data (portfolios, holdings, AUM, tax wrappers, risk profiles, goals); compliance and vulnerability information (which may touch health or capacity); and meetings, notes and escalations. We process this only to provide the service to your firm, on your firm's instructions.
Meeting recordings (only when your firm enables the feature)
If your firm enables meeting capture and you start a recording, the app records audio of the meeting on the device and uploads it to secure storage for transcription and an AI summary. Recording only proceeds after consent is captured (in line with FCA COBS 11.8 and UK GDPR), and it requires microphone permission. This feature is off by default.
Ava (AI assistant)
Your typed messages to Ava — and, if your firm enables Ava voice, your spoken messages — together with relevant on-screen context, are sent to our AI provider to generate answers. Please do not enter anything into Ava that you would not want processed by an AI service. Ava's output is assistive only and must be reviewed by a qualified adviser before it is relied on or sent to a client.
Device permissions the app may request
- Microphone — only for meeting recording (and, if enabled, Ava voice). Requested the first time you use the feature; you can decline or later revoke it in your device settings.
- Face ID / Touch ID / device biometrics — an optional on-device app lock. Biometric data never leaves your device — the operating system only returns a pass/fail result to the app.
- Notifications — used to show an "in-progress recording" notification while a meeting is being recorded (Android). The app does not send marketing push notifications.
What the app does NOT collect
No location, no contacts, no photos, no calendar, no camera, and no health-app data. No advertising identifier, no third-party analytics SDK, no crash-reporting SDK, and no tracking of you across other apps or websites.
4. Who we share data with
We use the processors below to run the app; each receives only the data its function needs. They act under contract and only on our instructions.
| Processor | Purpose | Data it receives |
|---|---|---|
| Google Cloud | Hosting, database & file storage; stores meeting recordings | Service data; meeting audio |
| OpenAI | Ava assistant (chat and, if enabled, voice) | Messages & on-screen context you send to Ava |
| Deepgram (EU region) | Meeting transcription (speech-to-text) | Meeting audio |
| Stripe | Firm subscription & billing | Firm billing data (not client holdings) |
| Resend | Transactional email (sign-in, invitations) | Email addresses & message content |
The app runs on the wider Avagance platform. The full, current sub-processor list — which also includes providers such as Modal (machine-learning compute) and Cloudflare (security) — and the applicable UK/EEA data-residency and international-transfer safeguards are set out in our Website Privacy Notice and our DPA.
We do not sell personal data.
5. How we protect data
Data is encrypted in transit (HTTPS/TLS) and at rest (provider server-side encryption). Sessions use httpOnly cookies with CSRF protection; any stored firm integration credentials are encrypted (AES-256-GCM). Access is role-based and least-privilege, and multi-tenant-isolated so each firm's data is kept separate. The optional biometric app-lock is enforced entirely on the device. Customer data is backed up regularly (encrypted), and we test our ability to recover it as part of business-continuity planning.
6. How long we keep data
We keep personal data only for as long as necessary for the purposes above and to meet legal, regulatory (including FCA record-keeping), tax and accounting obligations. In outline:
- Adviser account data — for the life of the account and a limited period afterwards.
- Firm billing / transaction records — for the period required by tax and accounting law (generally at least 6 years).
- Meeting recordings, transcripts and other client data — these are your firm's data; the retention period is set by your firm and governed by our DPA with it. FCA record-keeping rules set minimum periods for certain records.
When personal data is no longer needed, we securely delete or anonymise it.
7. Your rights (UK GDPR)
Subject to the conditions and exemptions in UK data-protection law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability. Because adviser accounts are created and managed by your firm:
- To delete your account and personal data, use the in-app request (Settings → Delete account) or email us at policy@broinfinance.com. We verify the request with your firm and process it in line with this policy; some records may be retained where the law (e.g. FCA rules) requires.
- Clients whose data a firm processes through Avagance should contact their adviser firm, which is the controller of that data. If we receive such a request directly, we will refer it to the firm and assist the firm as its processor.
You may also complain to the UK supervisory authority, the Information Commissioner's Office (ICO) — ico.org.uk, helpline 0303 123 1113.
8. Children
The app is a professional tool and is not directed at children or intended for anyone under 18. Any data about a firm's clients (who may in limited cases include minors, e.g. a Junior ISA) is processed only as a processor on the firm's instructions.
9. Changes to this policy
We may update this policy from time to time. When we do, we will change the "Last updated" date above and, where appropriate, notify you.
10. Contact us
Bro In Finance Ltd (trading as Avagance) · Company number 15991387 (England and Wales) Registered office: 128 City Road, London, EC1V 2NX Person responsible for data protection: Mr Ranepura Ranepura · policy@broinfinance.com ICO registration reference: ZC187167