ROSA
FAQ

The questions careful teams ask before sending a file.

Last updated 6 July 2026

These are the questions we hear from data protection, legal, risk and operations teams before a first file is sent. Short answers here, with links where another page goes deeper. If your due diligence needs more than you find on this page, ask us directly: [email protected].

Data and privacy

Do the tapes you receive contain personal data?

The tapes we receive carry no names, no full dates of birth and no full addresses. A loan is identified from facts fixed when it was written, and the check is designed so that we cannot identify any borrower. We still handle every tape with the care personal data requires. The security overview describes the controls.

What governs how you handle our data?

A written data agreement with each party. The agreement covers what we receive, what we may do with it, where it is held, how long we keep it, and the suppliers we rely on to run the service. Your own data protection questionnaire is answered directly as part of onboarding.

How long do you keep our data?

For the life of the engagement, plus a fixed run-off period, and then the data is deleted. We keep the original submitted tapes, encrypted and access-logged, because a finding is only defensible if the check can be re-run on exactly the data that produced it. Every tape is hashed on arrival, so a re-run can prove the inputs were untouched. The precise run-off period is set in the agreement with each party.

Where does our data live?

In the United Kingdom. Each party uploads to its own private folder on our file exchange, processing happens in a UK environment we control, and data is encrypted in transit and at rest.

Who can see our data?

Access is limited to named ROSA personnel on separately credentialed accounts, and every access is logged. Just as important is how little there is to see. The check runs on the minimum data that can prove its findings, the tapes carry no names, no full dates of birth and no full addresses, and each party's submissions sit in that party's own private folder. A report is scoped to its recipient at the moment the report is built, so no client can ever see another client's data.

What certifications do you hold?

None yet. ROSA is a young firm and we do not claim certifications we have not earned. Our security today rests on the design decisions described in the security overview: minimal data, separate private channels, reports scoped to their recipient, and reproducible evidence. Certifications will follow as our controls and client base grow.

What we promise, and what we don't

What exactly do you promise?

That the stated procedures ran on exactly the tapes submitted, and that every finding follows from that data under our published method. Every tape is hashed on arrival. Every report carries a report id, the engine version and the hash of the evidence behind the report, so any report can be checked against the archive and any cycle can be re-run.

Is a ROSA report an audit?

No. We do not audit loans, express an assurance opinion, underwrite anything or guarantee that any party is honest, and a ROSA report does not replace your own diligence. A report states what the tapes show under a defined set of procedures. We keep the claim narrow so that it can be checked, reproduced and defended.

What if a party sends you a false tape?

The check does not depend on anyone's honesty. Each feed reaches us independently, so every tape acts as a witness to the others, and a false entry has to agree with every independent copy of the same loan to pass. Findings are graded on that standard: provisional on one feed, corroborated when independent feeds agree. Altering a field to dodge a match leaves the tape internally inconsistent, and we check for that too.

What can the check not see?

The check covers the feeds we receive. A funder outside ROSA sends us no feed, so the matching cannot see a pledge to that funder. Two safeguards close that gap. Tape submission can stand as a condition in the lender's standard funding terms, so every feed reaches us as a matter of course. And the funder registry lets any funder check what it believes: ask how many funders sit behind an originator, and a signed count comes back the same day. When a new funder joins, every existing funder is told. Within the feeds we do receive, a missing tape holds the affected findings open; a finding is never quietly closed because a feed went silent.

Sending files and receiving reports

What data do we send?

The loan tape you already produce, untouched. For most lenders and funders that is the standard Bank of England or European DataWarehouse format, but the format does not need to be exact: we read your tape as it comes, quirks included, and never ask for new fields, a special extract or a change to your systems. The lender sends its full book; each funder passes on its own copy of the feed the lender already sends it. Each copy reaches us straight from the party that holds it, so the lender's book is checked against what its funders were actually told.

How do we get files to you?

Through your own private folder on our file exchange, on a single login that works two ways: a secure web upload with email sign-in for a person with a file, or SFTP for an automated pipeline. Never by email. The file name does not matter, and if you spot a mistake before the cutoff you simply upload the corrected file again; the latest copy wins.

How do reports come back to us?

Through the same private folder. Each month's report lands in the Reports area of your folder, the newest folder is the latest cycle, and you receive an email the moment the report is ready. The report itself never travels by email; only the notification does. There is nothing to install and no shared portal.

Timings and cadence

How often does the check run?

Monthly. Each party drops its month-end tape in its own folder, the engine runs, and each party collects its report from the same folder. Findings carry over from month to month, tracked as new, persisting, escalated or resolved.

How quickly do reports come back?

Within three working days of the final tape arriving, or of the submission deadline if a feed does not arrive. In practice we aim to run on the day the last tape lands and release the day after.

How long does onboarding take?

There is no integration project. You send the tape you already produce to your own private folder; we validate your first tape, confirm what we read back to you, and you are live from your next monthly cycle.

Confidentiality between funders

Do other funders ever see our data or our reports?

Never. Each party submits through its own private channel and receives its own report; there is no shared portal. A funder's report covers that funder's funding line against the lender's master record and nothing else. The scoping happens when the report is built: the engine refuses to build a funder report that carries anything beyond that funder's own line.

If double-pledging is found at our lender and our loans are not involved, do we hear about it?

No. A finding that does not touch your loans is not in your report. You never learn another funder's exposure, and no funder ever learns yours. The rule is deliberate: the check only works because every funder can join knowing its book is never shown to anyone else. In return, your own book is independently verified against the lender's master record every month.

Can we find out who else funds our lender?

Yes, through the funder registry. Any funder, existing or prospective, can ask how many funders currently fund an originator and receive a signed answer the same day. Identities are shared where the originator consents. When a new funder joins, every existing funder is told.

Anything we missed

Ask. A short conversation is usually faster than a questionnaire: [email protected]. If you need this page as a document for your files, we will send a dated copy rendered directly from this page, so the two never differ.