Privacy Policy

What Information We Collect

Running a financial platform means we need certain information to make things work properly. Here's what we gather and why it matters:

Account Information

When you sign up, we collect your name, email address, and chosen password. Pretty standard stuff. If you're using our business features, we might also need your company name and registration details.

Financial Data

This is where things get more specific. Depending on which tools you're using, we collect:

• Transaction records and payment history
• Bank account details for integration purposes
• Financial goals and budgeting preferences
• Investment patterns and portfolio information
• Credit score data if you opt into that feature

Technical Information

Like most online platforms, we automatically collect some technical bits: your IP address, browser type, device information, and how you interact with our tools. This helps us spot problems and improve performance.

How We Use Your Information

Everything we collect has a purpose. We're not hoarding data for the sake of it.

Operating Our Services

The main reason we need your information is to actually run the platform. This includes processing transactions, generating financial reports, syncing with your bank accounts, and providing personalised insights based on your financial behaviour.

Security and Fraud Prevention

Financial platforms are targets for fraud. We analyse patterns and behaviour to spot suspicious activity before it becomes a problem. Sometimes this means flagging unusual transactions or login attempts from unexpected locations.

Improvement and Development

We look at how people use our tools to figure out what works and what doesn't. This might mean analysing which features get used most, where people get stuck, or what kinds of reports are actually helpful.

Communication

We'll send you service updates, security alerts, and information about your account. You can opt out of marketing emails, but we'll still need to send essential notifications about your account.

Legal Basis for Processing

Under UK GDPR, we need legitimate reasons to process your data. Here's where we stand:

Who We Share Data With

We don't sell your information. Full stop. But we do work with some third parties to make our services function.

Service Providers

We use external companies for things like cloud hosting, payment processing, and customer support tools. These providers only get access to what they need to do their job, and they're bound by strict confidentiality agreements.

Banking Partners

When you connect your bank accounts, we work with regulated financial data providers. These are FCA-authorised firms that specialise in secure banking connections.

Legal Requirements

Sometimes we're legally required to share information with regulators, law enforcement, or courts. We only do this when we have a valid legal basis and we'll notify you unless we're legally prohibited from doing so.

Your Rights

UK data protection law gives you several rights over your personal information. Here's what you can do:

Access Your Data

You can request a copy of all personal data we hold about you. We'll provide this in a commonly used format within one month.

Correction

If something's wrong or outdated, you can ask us to correct it. Most account information can be updated directly in your settings.

Deletion

You can request deletion of your data, though we might need to keep some records for legal or regulatory reasons. We'll explain if that's the case.

Portability

You can get your data in a machine-readable format to transfer to another service. This covers data you've provided to us directly.

Object to Processing

You can object to certain types of processing, particularly for direct marketing or where we're relying on legitimate interests.

Restrict Processing

In some situations, you can ask us to temporarily restrict how we use your data while we resolve a concern.

To exercise any of these rights, contact us using the details at the bottom of this page. We'll respond within one month and won't charge you unless your request is excessive or repetitive.

Data Security

Financial data needs serious protection. Here's what we do:

Encryption

All data transfers use TLS encryption. Your data at rest is encrypted using AES-256 standards. Your passwords are hashed and salted, which means we can't see them even if we wanted to.

Access Controls

Not everyone on our team can access everything. We use role-based permissions and two-factor authentication for internal systems. Access logs are monitored regularly.

Infrastructure Security

We host on secure cloud infrastructure with regular security audits. Our systems are patched and updated consistently, and we run vulnerability scans frequently.

Incident Response

We have procedures for handling security incidents. If there's a breach affecting your data, we'll notify you and the ICO within 72 hours as required by law.

Data Retention

We don't keep data forever. Here's how long we hold different types of information:

Active Account Data

While your account is active, we keep all your data to provide the service. This includes transaction history, reports, and preferences.

After Account Closure

When you close your account, we delete most data within 90 days. We might keep some records for up to seven years if required by financial regulations or for legitimate legal purposes.

Marketing Data

If you've opted into marketing communications, we keep that consent record until you withdraw it. After you opt out, we delete non-essential marketing data within 30 days.

Legal Records

Some information must be kept longer for tax, accounting, or legal reasons. This typically includes financial transaction records and compliance documentation.

International Transfers

Your data is primarily stored and processed within the United Kingdom. If we need to transfer data outside the UK, we use appropriate safeguards:

• Standard contractual clauses approved by the ICO
• Adequacy decisions for countries with equivalent protection
• Additional technical and organisational security measures

We don't transfer data to countries without adequate protection unless absolutely necessary and with your explicit consent.

Cookies and Tracking

We use cookies to keep you logged in, remember your preferences, and understand how people use our platform. Essential cookies are necessary for the service to work. Analytics and preference cookies are optional, and you can control these through your browser settings.

We don't use invasive tracking or sell data to advertisers. Any analytics we collect are used solely for improving our own service.

Children's Privacy

Our services aren't designed for anyone under 18. We don't knowingly collect data from children. If we discover we've accidentally collected information from someone under 18, we'll delete it promptly.

Changes to This Policy

We update this policy occasionally as our services evolve or regulations change. We'll notify you of significant changes by email or through the platform. The date at the top shows when we last updated it.

We keep previous versions archived, so you can see what's changed if you're curious.