Finaap
Get Started Free

Privacy Policy - United Kingdom

Last updated: 11 January 2026

1. Introduction

Finaap ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial wellness platform and related services in the United Kingdom.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. This policy applies to all users of our services in the United Kingdom.

By using Finaap, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Data Controller

Finaap is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@finaap.com

Data Protection Officer: dpo@finaap.com

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, password, phone number
  • Financial Information: Income details, expense records, debt information (in GBP)
  • Tax Information: National Insurance number (NINO), Unique Taxpayer Reference (UTR), HMRC-related data when you connect
  • Identity Verification: Documents required to verify your identity where applicable
  • Communication Data: Messages you send us, support requests, feedback

3.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on the platform
  • Cookies and Tracking: Information collected through cookies and similar technologies

3.3 Information from Third Parties

  • HMRC: Tax calculations, obligations, and submission status when you authorise the connection via Making Tax Digital (MTD)
  • Payment Processors: Transaction confirmations from Stripe and other payment providers

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on:

Consent

Where you have given explicit consent for specific processing activities.

Contract Performance

Processing necessary to provide our services, including account management and financial tracking.

Legal Obligation

Where we are required to process data to comply with UK laws, including HMRC tax reporting requirements.

Legitimate Interests

For fraud prevention, security, and service improvement.

5. How We Use Your Information

  • To create and manage your account
  • To provide financial tracking and debt tracking features
  • To connect with HMRC Making Tax Digital for tax compliance
  • To calculate UK taxes (Income Tax, National Insurance, VAT)
  • To process payments in GBP via Stripe
  • To send service-related communications
  • To provide customer support
  • To improve our services
  • To detect and prevent fraud
  • To comply with legal obligations

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Service Providers

  • HMRC: When you authorise connection for Making Tax Digital
  • Stripe: For payment processing
  • Cloud Hosting: Our infrastructure providers

6.2 Legal Requirements

We may disclose your data if required by UK law, court order, or government request.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the ICO
  • Transfers to countries with adequate data protection standards
  • Binding Corporate Rules where applicable

8. Data Retention

We retain your data for as long as necessary to:

  • Provide our services while your account is active
  • Comply with legal obligations (tax records retained for 6 years as required by HMRC)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

9. Your Rights

Under UK GDPR, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to processing of your data

Right to Withdraw Consent

Withdraw consent at any time

To exercise these rights, contact us at support@finaap.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls limiting data access to authorised personnel

11. Complaints

If you have concerns about how we handle your data, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: ico.org.uk

Helpline: 0303 123 1113

12. Contact Us

For any questions about this Privacy Policy, please contact:

Finaap Data Protection Team

Email: support@finaap.com

Terms & Conditions | Back to Home