logo
icebrg
Register interest

Privacy Policy

Icebrg Limited
Last updated: 24 April 2026

1. Introduction

This privacy policy explains how Icebrg Limited (“Icebrg”, “we”, “us” or “our”) collects, uses and protects personal information that you provide to us, or that we collect about you, when you use our website at icebrg.co (the “Website”), our Icebrg wealthtech platform (the “Platform”), our Icebrg iOS application (the “App”) and any related services (together, the “Services”).

This policy also explains how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of applicable data protection law, Icebrg Limited is the data controller in respect of the personal information described in this policy. Where we process personal data on behalf of our business clients (for example, investment managers, wealth advisers and multi-family offices who use the Platform to serve their own customers), we act as a data processor and those business clients act as the data controller. In those cases, the data controller’s own privacy policy will apply in addition to this one.

2. Who we are

Icebrg Limited is a company registered in England and Wales with company number 12462061. Our registered office is at 33 Broadwick Street, London, England, W1F 0DQ.

We are registered with the Information Commissioner’s Office (ICO) under registration reference ZC084328. You can verify our registration on the ICO website at https://ico.org.uk/ESDWebPages/Entry/ZC084328.

Our contact details are set out in section 16 of this policy.

3. What information do we collect about you?

We may collect and process the following categories of personal information about you, depending on how you interact with us:

3.1 Information you give us directly
  • Identity and contact details: name, job title, company, email address, postal address and telephone number, provided when you register on our Website, sign up for our newsletter, request a demo, or contact us.
  • Account credentials: username, password and, where enabled, biometric authentication identifiers (such as Face ID or Touch ID), used to sign in to the Platform or the App. Biometric identifiers are stored on your device and are not transmitted to us.
  • Onboarding and verification information: where you open or are given access to an account via a business client using the Platform, information required to meet Know Your Customer (KYC), anti-money laundering (AML) and suitability requirements, such as date of birth, nationality, identity document details, source of funds and financial circumstances.
  • Investment account information: account numbers, portfolio holdings, transaction history, valuations, performance information, asset allocations and instructions you submit through the Platform or App.
  • Communications: records of correspondence between you and us, including emails, in-app messages, support tickets and telephone call notes.
  • Feedback: any information you provide when responding to surveys, leaving feedback or participating in research.
3.2 Information we collect automatically

When you use the Website, the Platform or the App, we and our service providers may collect certain information automatically, including:

  • Device and technical information: device model and identifier, operating system and version, mobile network information, browser type, language settings, time zone, screen resolution and IP address.
  • Usage information: pages visited, features used, session duration, referral URLs, timestamps, crash reports and diagnostic logs.
  • Location information: approximate location derived from your IP address. The App does not collect precise GPS location.
  • Cookies and similar technologies: the Website uses cookies and similar technologies. Please see section 11 for more information.
3.3 Information we receive from third parties

We may receive personal information about you from third parties, including:

  • Our business clients (investment managers, wealth advisers, multi-family offices and similar organisations) who give you access to the Platform or App.
  • Identity, KYC and AML providers who help us and our business clients verify your identity and screen against sanctions and politically exposed person lists.
  • Custody, brokerage, market data and portfolio management partners such as Saxo Bank and Addepar, from whom we receive account, trading, pricing and portfolio information to display to you within the Platform and App.
  • Payment and banking providers involved in processing deposits and withdrawals.
  • Publicly available sources, such as Companies House and regulatory registers.

We do not routinely process special categories of personal data (such as health, religious, political or biometric data used for identification purposes) unless this is strictly necessary and you have given your explicit consent, or another lawful basis applies.

4. Why we collect your personal information and our legal basis

We only process your personal information where we have a lawful basis to do so under the UK GDPR. The main bases we rely on are:

  • Performance of a contract: to enter into and perform our contract with you, or to take steps at your request before entering into a contract — for example, to give you access to the Platform or the App, to process your instructions and to provide customer support.
  • Legitimate interests: where it is necessary for our legitimate interests, or those of our business clients or other third parties, and those interests are not overridden by your rights — for example, to operate and improve the Services, to secure our systems, to prevent fraud, to understand how our products are used and to market our services to business prospects.
  • Legal obligation: to comply with applicable laws and regulations, including anti-money laundering, financial services, tax and accounting rules, and to respond to requests from regulators, courts or law enforcement.
  • Consent: where you have given consent — for example, to send you marketing communications where required, or to set non-essential cookies. You may withdraw your consent at any time.

5. How we use your information

We use personal information for the following purposes:

  • To provide, maintain, secure and improve the Website, the Platform and the App.
  • To set up, administer and service your account and process your instructions.
  • To display your investment accounts, portfolios, valuations, asset allocations and transaction history within the App and Platform.
  • To communicate with you, including sending service messages, important notices and responding to your queries.
  • To comply with our legal and regulatory obligations, including KYC, AML, sanctions screening, record-keeping and reporting obligations.
  • To detect, investigate and prevent fraud, security incidents, unauthorised access and other harmful or unlawful activity.
  • To carry out analytics, measure the performance of our Services and develop new features.
  • To send you marketing about our products and services where you have agreed to receive it, or where we are otherwise permitted to do so.
  • To enforce our terms and protect our legal rights.

6. Who might we share your information with?

We do not sell your personal information. We only share your personal information where it is necessary for the purposes described in this policy, and we require recipients to treat it confidentially and in line with applicable law. The categories of recipient include:

  • Our business clients, where you access the Platform or App through them — for example, your investment manager, wealth adviser or family office.
  • Service providers and sub-processors who help us run the Services, including cloud infrastructure providers, hosting providers, software development partners, customer support tools, analytics providers, communication providers and professional advisers.
  • Platform integration partners, including custody, brokerage, trading, market data, portfolio management and reporting providers such as Saxo Bank and Addepar, to the extent needed to provide the Services.
  • Identity, KYC, AML and sanctions screening providers used to verify identity and meet regulatory requirements.
  • Regulators, courts, law enforcement and other authorities, where we are legally required to do so or where it is necessary to protect our rights, your safety or the safety of others.
  • Professional advisers, including lawyers, accountants, auditors and insurers.
  • Prospective purchasers or investors in connection with a sale, restructuring or financing of our business, subject to appropriate confidentiality obligations.

Where we appoint a third party as a data processor, we have a written contract in place that requires them to protect your information and to act only on our written instructions.

7. International transfers

Some of the service providers we use are based outside the UK. Where we transfer personal information outside the UK, we make sure that an appropriate safeguard is in place, such as:

  • Transfers to a country covered by UK adequacy regulations;
  • The UK International Data Transfer Agreement or the International Data Transfer Addendum to the EU Standard Contractual Clauses; or
  • Another valid transfer mechanism recognised under UK data protection law.

You can contact us using the details in section 16 for more information about the safeguards used for specific transfers.

8. How long do we keep your information?

We do not keep your personal information for longer than necessary for the purposes for which it was collected. The retention period depends on the nature of the information and the purpose of processing. In particular:

  • Records relating to investment business and regulated financial services activity are generally retained for at least five years after the end of the relationship, in line with the record-keeping rules that apply to our adviser and business partners.
  • KYC, AML and sanctions screening records are generally retained for five years from the end of the business relationship or from the date of the transaction.
  • Tax and accounting records are generally retained for at least six years.
  • Marketing preferences are retained until you withdraw your consent or opt out.
  • Security, technical and log data is retained only for as long as required for security, diagnostic and audit purposes.

We may retain information for longer where we are required or permitted to do so by law, or where it is necessary to defend legal claims. When information is no longer required, we will securely delete, anonymise or destroy it.

9. Your rights

Under UK data protection law, you have a number of rights in relation to your personal information. Subject to certain conditions and exemptions, you have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Rectification: ask us to correct information that is inaccurate or incomplete.
  • Erasure: ask us to delete personal information in certain circumstances.
  • Restriction: ask us to restrict the processing of your information in certain circumstances.
  • Portability: ask us to transfer information you have provided to us to another organisation, where our processing is based on consent or contract and is carried out by automated means.
  • Objection: object to processing based on our legitimate interests, or to direct marketing.
  • Withdraw consent: where we rely on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing carried out before you withdrew consent.
  • Automated decision-making: not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We do not currently take such decisions in relation to you.

To exercise any of these rights, please contact us using the details in section 16. We may need to verify your identity before responding. We aim to respond within one month and there is usually no charge, although we may charge a reasonable fee or refuse to act if your request is manifestly unfounded or excessive.

10. Marketing

We would like to send you information about our products and services that may be of interest to you. We will only do so where you have opted in or where we are otherwise permitted to do so by law.

You can opt out of marketing at any time by clicking the “unsubscribe” link in any marketing email, by updating your preferences in your account, or by contacting us using the details in section 16. Opting out of marketing will not affect service-related communications that we need to send you.

11. Cookies and similar technologies

Our Website uses cookies and similar technologies to help the Website function, to understand how it is used and to improve your experience. Cookies are small text files placed on your device when you visit a website.

We use strictly necessary cookies that are required for the Website to function. We will only use analytics or other non-essential cookies where you have given your consent, which you can do (or withdraw) through our cookie banner or browser settings.

Most browsers allow you to control cookies through their settings. For more general information on cookies and how to manage them, visit www.allaboutcookies.org. Please note that if you block or delete cookies, some features of the Website may not work as intended.

The App itself does not use browser cookies but may use similar technologies (such as local storage, device identifiers and software development kits) for authentication, security, crash reporting and diagnostics.

12. How we protect your information

We take the security of your personal information seriously. We use a combination of technical and organisational measures to protect personal information against unauthorised access, loss, alteration or disclosure, including:

  • Encryption of data in transit and, where appropriate, at rest;
  • Strong authentication controls, including support for multi-factor and biometric authentication;
  • Role-based access controls and the principle of least privilege;
  • Regular patching, vulnerability management and security monitoring;
  • Background checks and confidentiality obligations for staff;
  • Secure development practices and regular testing of our systems.

No method of transmission over the internet or electronic storage is completely secure, so while we strive to protect your information, we cannot guarantee absolute security.

13. Other websites and services

The Website, Platform and App may contain links to, or integrations with, other websites and services operated by third parties, such as Saxo Bank and Addepar. This policy only applies to personal information collected by us. When you use a third-party website or service, you should read its privacy policy to understand how it handles your information.

14. Complaints

If you are unhappy about how we have handled your personal information, please contact us first using the details in section 16 so that we can try to resolve the issue.

You also have the right to lodge a complaint with the UK’s data protection authority, the Information Commissioner’s Office. You can contact the ICO at:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate)
Website: https://ico.org.uk

15. Changes to this Privacy Policy

We keep this Privacy Policy under regular review. We will post any updates on the Website and, where the changes are significant, we will notify you by email or through the App or Platform. This Privacy Policy was last updated on 24 April 2026.

16. How to contact us

If you have any questions about this Privacy Policy, or if you wish to exercise any of your rights, please contact us using any of the following methods:

Icebrg Limited
33 Broadwick Street, London, England, W1F 0DQ
Email: info@icebrg.co
Telephone: +44 7591 297358
Website: https://icebrg.co
Company number: 12462061 (England and Wales)
ICO registration reference: ZC084328