Skip to content
Prompted chat coming soon

Privacy Policy

Privacy Policy for Prompted Limited, v2, updated 01.04.2026

1. Who We Are

This privacy notice explains how Prompted Ltd ("Prompted", "we", "our", "us") collects, uses, and protects your personal data when you use our services.

Prompted Ltd is registered in England and Wales (company number 16648304) with its registered office at Level 7 Founders Factory, 2 Arundel Street, 180 Strand, London, WC2R 3DA. We are authorised and regulated by the Financial Conduct Authority.

We are a data controller for the personal data we process in connection with our services.

If you have any questions about this notice, please contact us at support@prompted.com.

2. What We Do

Prompted is a non-advisory insurance intermediary. We help sole traders, small businesses, and individual consumers find and purchase insurance. Currently, our services cover:

  • Business insurance for sole traders and very small businesses, including public liability, professional indemnity, employers' liability, and related commercial covers; and
  • Travel insurance for individual consumers.

We provide tools that allow AI assistants (such as ChatGPT, Claude, or similar applications) and our own website to help you identify your insurance needs, review policy wordings, obtain quotes, and purchase or bind insurance policies. In some cases, we may refer you to an insurer or comparison website to complete your purchase.

Our services are available through our website (the "Direct Platform"), through AI assistants that connect to us via the Model Context Protocol ("MCP"), and through referrals to third-party providers. These are collectively our "Services" and the platforms through which they are accessed are our "Platforms."

3. What Personal Data We Collect

We collect the following categories of personal data, depending on how you interact with us and which products you are interested in.

Enquiry data (business insurance) Your name, contact details, date of birth, address, business type and activities, trade or profession, number of employees, annual turnover, claims history, and details of the cover you require (e.g. public liability limits, professional indemnity requirements).

Enquiry data (travel insurance) Your name, contact details, date of birth, address, trip destination(s), travel dates, number of travellers, indication of pre-existing medical conditions (no detail), and claims history.

Account data Sign-in details, email address, contact preferences, policy details, and renewal dates.

Financial data Payment details (processed securely by our payment provider) and, where relevant, information about your financial circumstances.

Usage data How you use our Platforms, pages viewed, IP address, device type, browser information, and the website or AI assistant from which you accessed our Services.

Communications data Records of correspondence with us, including chat logs and emails.

Identity data Identification documents where required to verify your identity.

Health and medical data: Travel insurance requires us to identify if you may have pre-existing medical conditions, for which you would be referred to a third party. This is "special category data" under data protection law. We process this data because it is necessary to arrange your insurance contract, and we may share it with our insurer partners for the same reason. We will make clear when we are collecting this type of information.

Criminal convictions data: Some business insurance products may require us to ask whether you have any unspent criminal convictions. We only collect this where it is necessary for the insurance product and where we have a lawful basis to do so.

Information from third parties: We may receive personal data from our insurer partners (e.g. about products you have purchased), credit reference agencies, fraud prevention databases, and (where relevant to your policy) public registers.

Children: We do not knowingly collect personal data from children under 18. Where a travel insurance policy covers children, we ask the adult policyholder to provide the necessary information on their behalf.

4. How We Use Your Personal Data

We use your personal data for the purposes set out below. For each purpose, we have identified the lawful basis we rely on.

To assess your insurance needs, provide quotes, review policy wordings, and arrange or bind insurance on your behalf Data used: Enquiry data, account data, financial data Lawful basis: Contract; Legitimate interest

To set up and manage your account Data used: Account data Lawful basis: Contract

To process payments Data used: Financial data Lawful basis: Contract

To refer you to an insurer or comparison website where appropriate Data used: Enquiry data, account data Lawful basis: Contract; Legitimate interest

To verify your identity and prevent fraud Data used: Identity data, enquiry data Lawful basis: Legal obligation; Legitimate interest

To process health and medical data for travel insurance underwriting Data used: Enquiry data (travel) Lawful basis: Necessary for an insurance contract; Explicit consent where required

To generate AI-powered responses to help you research products and understand your options Data used: Enquiry data, account data, communications data Lawful basis: Legitimate interest

To send you service communications (e.g. renewal reminders, policy updates) Data used: Account data, enquiry data Lawful basis: Legitimate interest

To send you marketing about similar products and services Data used: Account data, usage data Lawful basis: Consent; Legitimate interest (soft opt-in)

To improve our Services, conduct research, and develop new products Data used: Usage data, enquiry data Lawful basis: Legitimate interest

To comply with legal and regulatory obligations Data used: All categories as necessary Lawful basis: Legal obligation

5. Use of AI and the Model Context Protocol

Our Services may be accessed through AI assistants (such as ChatGPT, Claude, or similar tools) that connect to our systems via the Model Context Protocol (MCP). When you use our Services in this way:

  • Your data is processed by us once it reaches our secure server environment. We are not responsible for data processing that occurs within the third-party AI platform before your data reaches us, or after our response is received by the AI assistant.
  • The third-party AI provider's own privacy policy applies to your use of their platform. You should review their terms before connecting an AI assistant to our Services.
  • Information you provide through an AI assistant may pass through systems outside our control. You accept the associated risks.

We may use AI tools (including large language models) to help you research insurance products, analyse your needs, and review policy wordings. We use the minimum personal data necessary for these purposes. We do not use your data to train AI models.

Where our Services process health or medical data (for example, pre-existing conditions for travel insurance) through an AI assistant, that sensitive data may pass through the third-party AI provider's infrastructure. You should satisfy yourself that the AI provider's data handling meets your expectations before providing sensitive information through their platform. You can always use our Direct Platform as an alternative.

6. Who We Share Your Data With

We may share your personal data with:

  • Insurers and underwriters on our panel, to obtain quotes, arrange policies, handle claims, and administer renewals for your business or travel insurance.
  • Referred providers (insurers, brokers, or comparison websites) to whom we may direct you to obtain a quote or complete a purchase. Once your data is shared with a referred provider, their privacy notice governs their use of it.
  • Fraud prevention databases and credit reference agencies, to verify your identity and detect or prevent fraud.
  • Payment service providers to process transactions securely. We do not store your payment card details on our systems.
  • Service providers who help us operate our Platforms, including IT hosting, customer support, analytics, and marketing services. These providers act on our instructions and cannot use your data for their own purposes.
  • Regulators, law enforcement, and government bodies, where required or permitted by law (including the FCA and the ICO).
  • Prospective buyers of our business or assets, in connection with a sale, merger, or restructuring.

7. International Transfers

We may transfer your personal data outside the UK where necessary to provide our Services. Where we do so, we ensure appropriate safeguards are in place, such as the UK's international data transfer agreement or standard contractual clauses. You can request details of these safeguards by contacting us.

Where you access our Services through a third-party AI platform, your data may also be transferred internationally by that platform under its own privacy terms.

8. How Long We Keep Your Data

We keep your personal data only for as long as necessary for the purposes it was collected, taking into account legal, regulatory, and contractual requirements. As a general guide:

  • Account and enquiry data: up to 7 years from the end of our relationship with you, in line with insurance regulatory guidance.
  • Usage data: no longer than 36 months.

When we no longer need your data, we securely delete or anonymise it.

9. Cookies

We use cookies and similar technologies on our website to understand how you use our Platforms, remember your preferences, and improve our Services. For full details, please see our Cookie Policy.

10. Your Rights

Under UK data protection law, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data where there is no good reason for us to continue processing it.
  • Restrict processing of your personal data in certain circumstances.
  • Object to processing based on legitimate interests or for direct marketing.
  • Data portability: receive your personal data in a machine-readable format where processing is based on consent or contract.
  • Withdraw consent at any time where we rely on consent to process your data. This will not affect any processing we carried out before you withdrew consent.

These rights are not absolute and exceptions may apply. We will explain this in our response to you if relevant.

To exercise any of these rights, please contact us at support@prompted.com. We aim to respond within one month. There is no fee unless your request is manifestly unfounded or excessive.

11. Marketing Preferences

You can opt out of marketing communications at any time by using the unsubscribe link in our emails, updating your account preferences, or contacting us. Please allow a short period for changes to take effect, as communications may already be in transit.

12. Complaints

If you have concerns about how we handle your personal data, please contact us at support@prompted.com. We'd appreciate the chance to address your concerns directly, but you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

13. Contact Us

Prompted Ltd Level 7 Founders Factory, 2 Arundel Street, 180 Strand, London, WC2R 3DA Email: support@prompted.com

14. Changes to This Notice

We may update this privacy notice from time to time. Any changes will be published on our website. If we make significant changes, we may also notify you directly. Please check back regularly for the latest version.