Looking after your data

Cybersecurity overview

We know how important your data is to you. At Path, protecting your data is one of our highest priorities. We have robust cybersecurity measures in place to ensure your information remains safe and secure at all times.

Access control

We strictly limit access to your data. Only authorised team members who require access to perform their job duties are permitted to view or handle sensitive client information.

Email and phishing protection

To prevent fraud, we never act on sensitive requests (e.g., transfers or account changes) based solely on email. We always verify such requests through a secondary communication channel before taking any action.

Proactive communication

We keep clients informed about digital risks and incorporate guidance on fraud prevention into our customer onboarding documentation.

Training and awareness

All of our staff must complete cybersecurity training each year. We also work with an external security provider to deliver ongoing training and simulated phishing exercises to ensure our team stays alert and informed.

Device and network security

We enforce strict security controls across all devices and networks used by our team, helping prevent unauthorised access and ensuring data integrity.

Mandatory VPN use for all staff ensures secure, encrypted access protecting sensitive data from cyber threats and maintaining data integrity regardless of location. This is essential for preventing data breaches, particularly for remote workers and for creating a consistent, secure network across our office locations.

Data storage and transmission

Your data is only stored and transmitted using secure, company-approved platforms—such as encrypted portals or secure cloud services. We never send sensitive information via unencrypted email.

Regular updates and patching

We keep all our systems—including operating systems, applications and web browsers—up to date with the latest security patches to protect against emerging threats.

Incident response

Internal procedures are in place to respond swiftly to any suspected data breach. Our goal is to minimise risk and ensure full transparency where appropriate.

If a breach occurs affecting your personal data, we will notify you promptly, investigate and take steps to mitigate harm.

Artificial Intelligence (AI)

We actively monitor and restrict the use of AI-powered tools within the company to ensure responsible and compliant usage.

Video meeting platform

Our internal policies require that clear, informed consent is obtained from all participants before a meeting begins when an AI note-taker or similar tool will be used, along with a transparent explanation of its purpose.

Our online meeting platform does not use your audio, video, chat, screen sharing, attachments or any other communication content to train its own or any third-party AI models.

To further protect your privacy, all AI-generated summaries, telephone call recordings and voicemails are subject to a 30-day retention policy, after which they are deleted from the provider system.

We comply with UK GDPR and the Data Protection Act to ensure your data rights are respected.

Registered with the Information Commissioner’s Office, reference ZA613446.

Let us know if you have any questions or concerns about our cybersecurity practices or AI policy by emailing hello@thepath.co.uk.

A COLLECTIVE CALL FOR CHANGE

Our accreditations and memberships

RISK WARNING
As always with investments, your capital is at risk. The value of your investment can go down as well as up, and you may get back less than you invest. This information should not be regarded as financial advice.