Manage NHS Client Finances
at Practice Scale
Stop juggling inboxes and one-off file shares. Give your team one place to onboard NHS clients, capture compliant consent, and work from the same pension and pay evidence — so you deliver advice faster and look as professional as larger firms.
From zero to client dashboard in under an hour
No complex integrations. Your team is up and running the same day.
Set up your organisation
Create your firm's workspace in minutes. Invite your accountancy team, assign roles, and configure your white-label branding.
Invite NHS staff clients
Send secure invitation links to your NHS clients. They join via a guided flow and explicitly consent to share their financial documents with your firm.
Access consented data
Your team's dashboard shows all consented clients and their documents — pension statements, payslips, P60s — ready for analysis.
What your practice gains
Built for firms that already advise doctors, nurses, and NHS managers — where pension complexity and payroll evidence are part of every engagement.
Less time chasing paperwork
Pension statements, payslips, and P60s land in one dashboard — fewer email threads and ad-hoc attachments.
NHS-specific depth, not generic filing
AI-assisted reads on NHS pension and pay documents help your team prep reviews faster and answer client questions with evidence in front of you.
A client experience under your brand
White-label options mean NHS staff see your practice — building trust and retention, not a third-party logo they do not recognise.
Defensible consent and audit records
Explicit consent, revocation, and access logging support your GDPR posture and professional standards — with a clear trail if you need it.
Clients stay in control — your firm stays compliant
The consent model is built around the data subject. Your NHS clients decide exactly what they share, when, and with whom. They can revoke access at any moment from their own account — no phone call to you required.
Every consent event, document access, and team action is written to an immutable audit log. If the ICO ever asks, you have a complete, timestamped record.
How client consent works
- Client invited by your team
- Client creates account (if needed)
- Client reviews & grants consent
- Your team accesses consented documents
- Client can revoke consent at any time
Consent is explicitly granted and separately logged from membership — no grey areas.
Everything your practice needs
Purpose-built for accountancy firms advising NHS professionals — not a generic SaaS tool bolted together.
Team & role management
Invite colleagues, assign member and admin roles, and transfer ownership. Seat-based billing means you only pay for your team.
- Owner / Admin / Member roles
- Seat-based billing
- Instant invite links
GDPR-compliant consent
Every client explicitly grants consent before your firm can see any data. They can revoke it at any time from their own account — no grey areas.
- Explicit opt-in per client
- Revocable at any time
- Audit trail of grants & revocations
Unified client dashboard
See all consented NHS clients, their uploaded documents, and AI-extracted analysis in one place. No more chasing payslips and pension statements.
- Pension statements
- Payslips & P60s
- AI-extracted data
Secure API access
Integrate the platform with your existing practice management software using hashed API keys with optional expiry. Member-level access, scoped per organisation.
- SHA-256 hashed keys
- Optional expiry dates
- Throttled, audited calls
White-label branding
Replace NHS Financial Planner branding with your firm's colours, logo, and custom domain so clients experience a seamless practice environment.
- Custom colours & logo
- Subdomain or custom domain
- Email from-name
Complete audit trail
Every document access, consent event, and team action is logged with timestamp, IP address, and actor. Supports ICO compliance and professional indemnity requirements.
- Immutable audit log
- Per-document access records
- Consent change history
Built for the security expectations of NHS and regulated financial services
NHS client data carries the same sensitivity as medical records. We designed the platform with defence-in-depth from day one — not bolted on after launch.
- UK GDPR–compliant consent model — explicit opt-in from each data subject
- Row-level isolation — your clients' data is never visible to other organisations
- All document access is logged with timestamp, IP, and acting user
- API keys hashed with SHA-256 and never stored in plain text
- Signed JWT sessions via httpOnly cookies — no token exposure
- Stripe-separated org billing — firm subscription is distinct from client subscriptions
Common questions from compliance-conscious practices
GDPR, AML, data residency, and integration — answered honestly.
Yes. Every client data access is gated behind explicit, granular consent from the data subject — not just organisational membership. Clients can revoke access at any time from their own account; this is enforced immediately and written to an immutable audit log. The platform is designed to support your firm's obligations as a data controller under UK GDPR and the Data Protection Act 2018.
Your NHS clients are the data subjects. Your firm acts as data controller for your client relationships. NHS Financial Planner acts as a data processor, processing data only under instruction from your firm and within the bounds of each client's explicit consent. We provide a standard Article 28–style Data Processing Agreement — request a copy during onboarding or from our team before you go live.
A Data Protection Impact Assessment is recommended best practice for practices handling health-adjacent financial data at scale. Our platform provides the technical and organisational documentation you will need: audit logs, processing records, consent trails, and security architecture notes. Contact us and we will share our security documentation pack to support your DPIA.
Client data is stored on UK and EEA infrastructure. A full list of sub-processors — including their jurisdictions and the nature of processing — is included in the Data Processing Agreement. Contact us for a copy before onboarding if data residency is a condition of your engagement.
Identity verification and Customer Due Diligence under the Money Laundering Regulations 2017 remain your firm's responsibility. The platform's immutable audit trail — recording which team member accessed which client's documents, at what time, and from which IP address — supports your MLR record-keeping requirements. It does not substitute for your firm's AML policies or client identification procedures.
Yes. Admin users can generate hashed API keys (SHA-256, with optional expiry dates) for server-to-server requests. Keys carry member-level access — they can read consented client data but cannot perform administrative actions such as inviting members or modifying settings. Full API documentation is available on request.
When an organisation is closed, all active client consents are revoked in the same database transaction as the organisation soft-delete, and affected clients are notified by email. Your NHS clients keep their own accounts and their personal data. Organisation rows, memberships, and audit history are kept in soft-deleted form for audit integrity — not hard-deleted. Exact retention and erasure timelines for processor-held data are set out in our Privacy Policy and DPA; contact us if you need a bespoke schedule.
Yes. Organisation plans include white-label branding: custom primary colour, logo, and email from-name. Custom subdomain support is also available. Clients experience your practice's identity throughout their account — they will not see NHS Financial Planner branding unless you choose to retain it.
More questions? Get in touch — we are happy to discuss your firm's specific compliance requirements.
Seat-based pricing — simple and predictable
Pay for your team, not your clients. Your NHS clients can keep their own plans and own their data; your firm pays only for seats used by staff who need the practice workspace and client dashboard.
Ready to bring your NHS practice onto the platform?
Get in touch and we will walk you through setup, answer your compliance questions, and help you onboard your first clients.