Privacy policy
PMIflo (“we”, “us”) operates this website and the PMIflo automation platform for UK health-insurance brokerages. This policy explains what personal data we handle, why, and the rights you have over it. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
You can reach us about anything in this policy at alain@escoproperty.co.uk.
1. Demo requests made on this site
When you submit the “Request a demo” form we collect your name, brokerage name, email address and any message you include.
- Why we process it — to respond to your enquiry and arrange the demonstration you asked for. Our lawful basis is our legitimate interest in responding to a business enquiry you initiated (UK GDPR Article 6(1)(f)).
- What we don't do with it — we do not add you to a mailing list, share your details with third parties, or use them for anything beyond arranging and following up the demo.
- How long we keep it — enquiry details are kept for up to 12 months after our last contact with you, then deleted. Ask us at the address above and we will delete them sooner.
2. Client data we process for brokerages
The PMIflo platform processes information about a brokerage's clients — referral details, contact information, dates of birth, meeting transcripts, fact-finds (which may include health-related information), insurer quotes, policies and renewal documents.
- Special category data — health information captured in fact-finds is processed on the instructions of the brokerage, which is responsible for establishing an Article 9 condition (typically the client's explicit consent, which the platform records).
- Where it lives — PMIflo is operated from the United Kingdom and hosted on secure servers in the European Union. Data is encrypted in transit and at rest. Transfers from the UK to the EEA are permitted under the UK's adequacy regulations for the EEA. Each brokerage's data is held in its own isolated tenant and is never visible to any other brokerage. Where a brokerage enables optional integrations (for example email delivery or audio transcription), data passes to those providers under the brokerage's configuration.
- Retention — client records are retained for as long as the brokerage instructs, in line with its regulatory record-keeping obligations, and deleted or returned on its instruction.
- If you are a brokerage's client — please direct privacy questions or rights requests to your brokerage or adviser first; they control your data. We will assist them in fulfilling your request.
3. Dashboard accounts and cookies
Signing in to the operations dashboard sets a single session cookie (ifaflo_session) used purely to keep you signed in. It contains a random identifier, is marked HttpOnly and Secure, and is deleted when you sign out. We use no analytics, advertising or tracking cookies.
4. Security
All traffic to this site is encrypted (HTTPS with HSTS). Dashboard access requires sign-in, inbound integrations require a shared secret, actions are recorded in an audit trail, and the database is backed up daily with a 14-day retention cycle.
5. Your rights
Under UK GDPR you have the right to access, rectify and erase personal data we hold about you, to restrict or object to its processing, and to data portability. To exercise any of these rights, email alain@escoproperty.co.uk — we respond within one month. You also have the right to complain to the Information Commissioner's Office at ico.org.uk.
6. Changes to this policy
If we change this policy we will update this page and revise the date at the top. Significant changes affecting demo enquirers will be notified by email where we hold an address for you.