Privacy Policy

Effective Date: August 10, 2025

Last Updated: August 27, 2025

Version: 2.0

We protect your privacy like our own. This policy explains how we handle your information at GoSavesum.

1. Who We Are

GoSaveSum Ltd is a private limited company registered in England and Wales.

Company Registration Number: 12514788

Registered Office: 1 Quality Court, Chancery Lane, London WC2A 1HR

Regulatory Information:

Authorized and regulated by the Financial Conduct Authority
(FCA) Firm Reference Number (FRN): 822499
You can verify our regulatory status at: https://register.fca.org.uk/

Data Controller Details:

Data Controller: GoSaveSum Ltd
Email: support@gosavesum.com
Postal Address: GoSaveSum Ltd, 1 Quality Court, Chancery Lane, London WC2A 1HR

2. About This Policy

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the GoSaveSum mobile application and related services (collectively, "our Services").

Key Principles:

We are committed to protecting your privacy and complying with all applicable data protection laws.
We only collect data that is necessary for providing our financial services.
We implement robust security measures to protect your information.
You have full control over your personal data and can exercise your rights at any time.

Legal Framework: This policy is designed to comply with:

UK General Data Protection Regulation (UK GDPR).
Data Protection Act 2018
Payment Services Regulations 2017
Electronic Commerce Regulations 2002
FCA Principles for Businesses
Open Banking Implementation Entity (OBIE) standards

3. What Personal Data We Collect

3.1 Data You Provide Directly

Account Information: Full name, email address, phone number, date of birth
Identity Verification: Government-issued ID, proof of address, biometric data (if applicable)
Financial Goals: Savings targets, spending categories, budget preferences
Communications: Messages, feedback, support inquiries
Marketing Preferences: Communication preferences, consent records

3.2 Banking and Financial Data (via Open Banking)

Account Details: Bank account numbers, sort codes, account types
Transaction History: Payment details, merchant information, transaction amounts, dates
Balance Information: Current account balances, available funds
Direct Debits/Standing Orders: Payment arrangements, beneficiary details
Credit Information: Credit scores, credit history (where consented)

3.3 Technical Data

Device Information: Device type, operating system, unique device identifiers
App Usage Data: Features used, time spent in app, user interactions
Performance Data: App crashes, loading times, error logs
Network Information: IP address, connection type, location data (if enabled)

3.4 Special Categories of Personal Data

We may process special categories of data only where:

You have given explicit consent, or
Processing is necessary for substantial public interest purposes
Examples: Health-related spending data (with consent), accessibility requirements

4. How We Use Your Personal Data

4.1 Lawful Basis Table

Purpose of Processing	Lawful Basis	Data Categories
Core app functionality & account management	Contractual Necessity (Art. 6(1)(b))	Account info, financial data, technical data
Identity verification & fraud prevention	Legal Obligation (Art. 6(1)(c))	Identity documents, biometric data
FCA regulatory compliance & reporting	Legal Obligation (Art. 6(1)(c))	All relevant data as required
Product improvement & analytics	Legitimate Interests (Art. 6(1)(f))	Usage data, performance data
Customer support	Legitimate Interests (Art. 6(1)(f))	Account info, communications
Marketing communications	Consent (Art. 6(1)(a))	Contact details, preferences
Security monitoring & threat detection	Legitimate Interests (Art. 6(1)(f))	Technical data, access logs
Legal proceedings & dispute resolution	Legal Obligation (Art. 6(1)(c))	All relevant data as required

4.2 Legitimate Interests Assessment

Where we rely on legitimate interests, we have balanced these against your rights:

Our Interest: Providing secure, reliable financial services
Your Impact: Minimal, with strong safeguards in place
Balancing Test: Regular reviews ensure proportionality

5. Data Sharing and Third Parties

5.1 Open Banking Provider - Salt Edge

We use Salt Edge Limited as our Account Information Service Provider (AISP).

Salt Edge Details:

Company: Salt Edge Limited
Regulation: Authorized by the Financial Conduct Authority
FRN: 800448
Policies:
- Salt Edge Terms of Service
- Salt Edge Privacy Policy

Data Shared: Account information, transaction data (as consented by you)

Purpose: Open Banking connectivity and account aggregation

Safeguards: EU adequacy decision, contractual safeguards

5.2 Other Third-Party Categories

Category	Purpose	Examples	Safeguards
Cloud Infrastructure	Data hosting & processing	AWS, Microsoft Azure	Data Processing Agreements, encryption
Analytics Providers	App Improvement	Firebase Analytics	Anonymization, limited data sharing
Customer Support	Help desk services	Zendesk	Access controls, training
Legal/Regulatory	Compliance requirements	Law enforcement, regulators	Legal necessity only
Service Providers	Operational support	Email services, SMS providers	Contractual protections

5.3 International Transfers

Primary Processing: Data processed within the UK/EEA
Third Country Transfers: Only where adequate protection exists
Safeguards: EU adequacy decisions, Standard Contractual Clauses (SCCs)
Your Rights: You can request details of any international transfers

6. Data Security Measures

6.1 Technical Safeguards

Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
Access Controls: Multi-factor authentication, role-based access
Network Security: Firewalls, intrusion detection systems, VPN access only
Regular Updates: Security patches applied promptly
Monitoring: 24/7 security monitoring and incident response

6.2 Organizational Safeguards

Staff Training: Regular data protection and security training
Background Checks: Enhanced vetting for all staff with data access
Policies: Comprehensive data protection and security policies
Incident Response: Established procedures for data breaches
Third-Party Management: Due diligence on all service providers

6.3 App-Specific Security

App Store Guidelines: Full compliance with Apple App Store and Google Play security requirements
Biometric Authentication: Face ID, Touch ID, fingerprint authentication
Session Management: Automatic logout, secure session handling
Local Data: Minimal local storage, encrypted where necessary

7. Your Privacy Rights

7.1 Your Rights Under UK GDPR

Right	What this Means	How to Exercise
Access (Art. 15)	Request a copy of your personal data	Submit request via support@gosavesum.com
Rectification (Art. 16)	Correct inaccurate or incomplete data	Through app settings or contact DPO
Erasure (Art. 17)	Request deletion of your data	Contact DPO (subject to legal obligations)
Restrict Processing (Art. 18)	Limit how we use your data	Contact DPO with specific restrictions
Data Portability (Art. 20)	Transfer your data to another device	Request via DPO (machine-readable format)
Object (Art. 21)	Object to processing based on legitimate interests	Opt-out through app or contact DPO
Withdraw Consent	Remove consent for specific processing	App settings or contact DPO
Lodge Complaint	Complain to supervisory authority	Contact ICO (details below)

7.2 Response Timeframes

Standard Requests: 1 month from receipt of valid request
Complex Requests: Up to 3 months (we'll inform you of any delay)
Urgent Requests: Prioritized where appropriate

7.3 Identity Verification

For your security, we may need to verify your identity before processing rights requests.

8. Data Retention

8.1 Retention Periods

Data type	Retention Period	Legal Basis
Account information	6 years after account closure	FCA regulatory requirements
Transaction data	6 years from transaction date	Payment Services Regulations
Identity verification	5 years after relationship ends	Money Laundering Regulations
Marketing consents	Until withdrawn or 3 years inactive	PECR requirements
Technical logs	12 months	Security and performance needs
Support communications	3 years from resolution	Customer service needs

8.2 Deletion Process

Automated Deletion: Systems automatically delete data when retention periods expire
Manual Review: Some data may require manual review before deletion
Secure Deletion: All deleted data is permanently removed using industry-standard methods

9. Cookies and Tracking

9.1 How We Use Cookies

We use cookies and similar technologies for:

Essential Functionality: Login sessions, security features
Analytics: Understanding app usage and performance
Preferences: Storing your settings and preferences

9.2 Cookie Categories

Strictly Necessary: Cannot be disabled (essential for app function)
Performance: Help us improve the app (can be disabled)
Functional: Remember your preferences (can be disabled)

9.3 Your Choices

You can manage cookie preferences through:

App settings (for mobile app cookies)
Browser settings (for website cookies)
Third-party opt-out tools where applicable

10. Age Restrictions

Minimum Age: 18 years old

GoSaveSum is designed for adults only
We do not knowingly collect data from individuals under 18
If we discover underage usage, we will immediately delete the account and data
Parents/guardians should monitor device usage to prevent underage access

11. Changes to This Policy

11.1 Policy Updates

We may update this policy to reflect legal, regulatory, or business changes
Material Changes: We'll provide at least 30 days' notice via email and app notification
Minor Changes: Updated version will be posted with revision date
Continued Use: Using our services after changes indicates acceptance

11.2 Version Control

Each policy version is dated and archived
Previous versions available on request
Change log maintained for transparency

12. Legal Basis for Financial Services

12.1 FCA Compliance

As an FCA-regulated entity, we process data to:

Meet regulatory capital and reporting requirements
Conduct proper conduct of business oversight
Ensure market integrity and consumer protection
Comply with senior management accountability requirements

12.2 Open Banking Compliance

Under PSD2 and Open Banking regulations:

We act as a Third Party Provider (TPP)
We maintain regulatory permissions for account information services
We comply with Strong Customer Authentication (SCA) requirements
We adhere to data minimisation principles

13. Contact Information

13.1 Data Protection Officer

Email: support@gosavesum.com

Post: Data Protection Officer, GoSaveSum Ltd, 1 Quality Court, Chancery Lane, London WC2A 1HR

Response Time: We aim to respond within 48-72 hours

13.2 General Inquiries

Email: privacy@gosavesum.com

Support: support@gosavesum.com

Website: www.gosavesum.com

13.3 Regulatory Authorities

UK Information Commissioner's Office (ICO)

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: www.ico.org.uk

Phone: 0303 123 1113

Financial Conduct Authority (FCA)

Address: 12 Endeavour Square, London, E20 1JN

Website: www.fca.org.uk

Phone: 0800 111 6768

Financial Ombudsman Service

Address: Exchange Tower, London, E14 9SR

Website: www.financial-ombudsman.org.uk

Phone: 0800 023 4567

14. Additional Protections

14.1 Vulnerable Customer Protections

Enhanced support for customers in vulnerable circumstances
Additional safeguards for processing sensitive financial data
Specialised support channels for accessibility needs

14.2 Breach Notification

To ICO: Within 72 hours of becoming aware (where legally required)
To You: Without undue delay if high risk to your rights and freedoms
Records: Comprehensive breach register maintained

14.3 Privacy by Design

Data protection considerations built into all new features
Regular Privacy Impact Assessments (PIAs) conducted
Minimal data collection principles applied throughout

This privacy policy demonstrates our commitment to transparency and regulatory compliance. By using GoSaveSum, you can trust that your personal and financial data is protected by industry-leading security measures and handled in accordance with the highest legal standards.