My Portal
Get started

Legal

Privacy Policy

Last updated: 22 May 2026

This Privacy Policy explains what personal information My Portal collects from you, how we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018. It applies to the My Portal mobile apps (iOS and Android), this website, and any associated services we operate.

My Portal is operated by Open Comparison Ltd ("we", "us", "our"), a company registered in England and Wales. We act as the data controller for the personal information we collect directly from you. Insurance policies you hold are administered by separate broker / insurer partners who act as their own data controllers for the underlying policy data.

What we collect

1. Information you give us

  • Account basics: your email address and name
  • Policy details you add manually: vehicle registration, address, premium, dates, documents
  • Anything you tell us via the in-app chat or "Speak to the team" support channel

2. Information we receive from broker partners

When you sign in with the email address your broker holds, we receive the policy data they have on file — policy number, product type, cover dates, insurer, premium, payment status, and policy documents. This sync happens automatically and is the core feature of the app.

3. Information we collect automatically

  • Device / app version, OS version, and general usage patterns
  • Crash reports and diagnostic logs
  • Anonymised session replay of your interactions with the app (input fields are masked — your typed values never leave your device)

4. Information we don't collect

We do not store raw payment-card details — Apple Pay or Stripe holds those. We do not track your location in the background. We do not sell, rent, or trade your personal information.

How we use your information

  • Show your policies, payments, documents and reminders in one place
  • Authenticate you (via magic-link email or biometric on device)
  • Send notifications you've opted into — MOT and tax reminders, renewal alerts, claim updates, payment alerts
  • Power the Broll-e AI assistant (see "Broll-e AI assistant" below)
  • Communicate with you about your account, important service updates, or in response to a support request
  • Improve the product — anonymised analytics and crash reports help us find and fix bugs

Lawful bases (UK GDPR Article 6)

  • Contract — when we process your information to provide the service you signed up for (e.g. showing your policies, sending payment reminders)
  • Legitimate interests — for product improvement, fraud prevention, and ensuring our service runs reliably. We balance these against your rights
  • Consent — for notifications, location access, biometric login, and optional analytics. You can withdraw consent any time in Profile → Settings
  • Legal obligation — for record-keeping and reporting requirements imposed by UK law and the Financial Conduct Authority

Who we share data with

We share the minimum information needed with carefully-chosen processors, each contractually bound to handle it in line with this policy:

  • Broker / insurer partners — to retrieve your policy data and act on policy changes you make in the app
  • Finance providers (Close Brothers Premium Finance and PremFina) — to manage direct-debit instalments where you've opted in
  • Stripe and Apple Pay — for payment processing
  • Firebase (Google) — analytics and crash reporting. We identify you via a SHA-256 hash of your email, never the email itself
  • Smartlook — anonymised session replay. Text-input fields are masked at the SDK level; identifier is a SHA-256 hash of your email
  • Gleap — in-app support chat. Identifier is a SHA-256 hash of your email; raw email and name are not shared
  • OneSignal — to deliver push notifications you've opted into
  • Broll-e AI chat backend (Insuretec) — to power the assistant. Chat content is processed to generate answers; we don't use customer conversations to train AI models

We may also disclose information when required by law (e.g. a court order, regulatory request, or law-enforcement inquiry).

Broll-e AI assistant

Broll-e is an AI chat assistant that can answer questions about your policies, the app, and general insurance / household admin topics. When you chat with Broll-e:

  • Your messages are sent to our AI provider's servers to generate a response
  • Where you're signed in, a limited view of your policies is included so the assistant can give policy-specific answers
  • We retain the conversation on your device so you can pick up where you left off. The on-device copy is wiped when you sign out
  • We do not use your conversations to train AI models

Broll-e can make mistakes. Treat its answers as a helpful starting point, not a substitute for the policy wording, your broker, or qualified professional advice. See our Terms & Conditions for details.

Where your data is stored

Personal data is stored on cloud infrastructure within the UK and the European Union. A small subset of analytics data may transit through US-based servers (Firebase / Google) under Standard Contractual Clauses approved by the UK ICO.

How long we keep it

  • Account data — as long as you have an active account, then deleted within 30 days of account closure
  • Policy records — UK financial-services regulations require us to retain underlying policy records for up to 7 years after a policy ends, even if you delete your My Portal account. These are held by your broker, not by us
  • Support conversations — retained for up to 2 years after the last reply
  • Anonymised analytics — retained for up to 14 months

Your rights

Under UK GDPR you have the right to:

  • Request a copy of the personal data we hold about you (Subject Access Request)
  • Ask us to correct inaccurate information
  • Ask us to delete data we no longer need to hold
  • Ask us to restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent for optional processing at any time
  • Lodge a complaint with the Information Commissioner's Office (ico.org.uk) if you believe we've mishandled your data

To exercise any of these rights, tap Speak to the team in the app or use our website support form. We'll respond within 30 calendar days as required by law.

Security

We protect your data with industry-standard measures: authentication tokens are stored in the device Keychain (iOS) or Keystore (Android), never in plain text; transit encryption is TLS 1.2+ end to end; production access is restricted to a small group of named engineers under multi-factor authentication; we run independent security reviews before each major release.

No system is perfectly secure. If you believe an account has been compromised, contact us via the in-app Speak to the team channel or our website support form immediately.

Children

My Portal isn't intended for use by anyone under 18. We don't knowingly collect personal data from children. If you believe a child has provided data to us, contact us via the in-app Speak to the team channel and we'll delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be highlighted in-app or by email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

Contact us

Open Comparison Ltd · Registered in England & Wales

The fastest way to reach us is to tap Speak to the team in the My Portal app — our support team handles privacy and security queries from there. You can also use the support form on this website.