← Back to Home

Privacy Policy

Last updated: 21 December 2025

1. Introduction

Finaap ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial wellness platform and related services.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. This policy applies to all users of our services in the United Kingdom.

By using Finaap, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Data Controller

Finaap is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@finaap.com

Data Protection Officer: dpo@finaap.com

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, password, phone number
  • Financial Information: Income details, expense records, debt information, bank account details (where you choose to provide them)
  • Tax Information: National Insurance number, UTR (Unique Taxpayer Reference), self-assessment data when you connect to HMRC
  • Identity Verification: Documents required to verify your identity where applicable
  • Communication Data: Messages you send us, support requests, feedback

3.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on the platform, clickstream data
  • Cookies and Tracking: Information collected through cookies and similar technologies (see Section 9)

3.3 Information from Third Parties

  • HMRC: Tax calculations, obligations, and submission status when you authorise the connection
  • Credit Reference Agencies: Credit score and report data when you request this service
  • Payment Processors: Transaction confirmations and payment status from Stripe
  • Connected Services: Financial data from third-party services you choose to connect (e.g., via Zapier)

4. Special Category Data

We do not intentionally collect special category data (such as health information, religious beliefs, or political opinions). However, some financial transactions you record may indirectly reveal such information. We treat all your data with the highest level of security regardless of its nature.

5. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance (Article 6(1)(b) UK GDPR)

Processing necessary to provide our services, including account management, financial tracking, debt management, and tax automation features.

Consent (Article 6(1)(a) UK GDPR)

Where you have given explicit consent, such as connecting to HMRC, receiving marketing communications, or enabling optional features.

Legitimate Interests (Article 6(1)(f) UK GDPR)

For fraud prevention, security, service improvement, and analytics, where our interests do not override your fundamental rights.

Legal Obligation (Article 6(1)(c) UK GDPR)

Where we are required to process data to comply with UK laws, including anti-money laundering regulations and tax reporting requirements.

6. How We Use Your Information

  • To create and manage your account
  • To provide financial tracking, budgeting, and debt management services
  • To connect with HMRC for Making Tax Digital compliance
  • To generate financial reports and insights
  • To process payments for subscription services
  • To send service-related communications and updates
  • To provide customer support
  • To improve our services and develop new features
  • To detect and prevent fraud and security threats
  • To comply with legal obligations
  • To send marketing communications (only with your consent)

7. AI and Automated Processing

We use artificial intelligence to enhance our services, including:

  • Expense Classification: Automatically categorising your transactions using AI models
  • Financial Insights: Generating personalised recommendations based on your financial data

These automated processes do not make decisions that significantly affect you without human oversight. You can request human review of any automated decision by contacting us.

8. Data Sharing and Disclosure

We may share your personal data with:

8.1 Service Providers

  • HMRC: When you authorise connection for Making Tax Digital (data transferred within the UK)
  • Stripe: For payment processing (Privacy Shield certified)
  • Cloud Hosting: Our infrastructure providers who store data securely
  • AI Providers: For expense classification (data is anonymised where possible)

8.2 Legal Requirements

We may disclose your data if required by law, court order, or government request, or to protect our rights, privacy, safety, or property.

8.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change and your choices regarding your data.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for the platform to function (authentication, security)
  • Analytics Cookies: To understand how users interact with our platform
  • Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

10. Data Retention

We retain your data for as long as necessary to:

  • Provide our services while your account is active
  • Comply with legal obligations (e.g., tax records must be retained for 6 years)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

11. International Data Transfers

Your data is primarily processed within the United Kingdom and European Economic Area. Where we transfer data outside these regions, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions where the destination country provides adequate protection
  • Your explicit consent for specific transfers

12. Your Rights

Under UK GDPR, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent at any time (where consent is the legal basis)

Rights Related to Automated Decisions

Not be subject to solely automated decisions with significant effects

To exercise these rights, contact us at privacy@finaap.com. We will respond within one month.

13. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication mechanisms including password hashing
  • Regular security assessments and penetration testing
  • Access controls limiting data access to authorised personnel
  • Incident response procedures for potential data breaches
  • Employee training on data protection and security

14. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

15. Complaints

If you have concerns about how we handle your data, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: ico.org.uk

Helpline: 0303 123 1113

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. Your continued use of our services after such modifications constitutes acceptance of the updated policy.

17. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact:

Finaap Data Protection Team

Email: privacy@finaap.com

Data Protection Officer: dpo@finaap.com

Terms & Conditions | Back to Home