Privacy Notice

This notice applies to users of services of iSpent19 Ltd (iSpent19) in the United Kingdom, including users of iSpent19’s App, website, features, or other services. This notice describes how iSpent19 and its affiliates collect and use personal data.
Who we are

We are iSpent19 Ltd, a company registered in England under the Companies House registration number 12146051. We are also registered with the Financial Conduct Authority (FCA) via TrueLayer Ltd (901096) and our registration number is 928953.

We are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), the Data Protection Act 2018 (and regulations made thereunder) or any successor legislation.

We are the data controller for the personal data we collect from you in connection with your use of iSpent19’s services in the United Kingdom. This means that we are responsible for deciding how we hold and use personal information about you.

We created this App so that you can avoid the frustrations that we experienced in trying to manage bank transactions in ways personal to ourselves and enjoy the freedom of managing shared spend easily within your social circles.

We will make our App evolve with your needs, under the following guiding principles:

  • It offers you better VISIBILITY of all your daily transactions across all your bank accounts
  • It gives you the CONVENIENCE you need to interact with your banking transactions where and when it happens
  • It enables you to take more CONTROL over your financial matters

These are the values of User Centricity that we hope to deliver to you when you use our services. We aim to achieve them through transaction personalisation!

By providing you with our services, we will inevitably come to handle some of your personal data so that we can provide you with the best services we can. We encourage you to read this document as it makes transparent how we process your data.

What information we collect about you
Personal data you give us:

You may give us personal data about you by filling in forms on, or interacting with the App, our website, or by corresponding with us by phone, email or otherwise. This includes:

  • Name, address, email address and phone number
  • Information we require to comply with our legal and regulatory obligations (such as “Know-Your-Customer” or KYC). This includes copies of personal identification documents (e.g. your Passport or Driving License)
  • Any other personal information required to identify you and verify the information you give us.

Personal data from connected banks:

If you connect one of your banks to our App, we will collect data from your connected banks, such as:

  • Bank account details such as your sort codes and account numbers;
  • Information identifying the account you have with your connected bank;
  • Transactions made on those accounts;
  • Balances available on those accounts;
  • Your direct debits and standing orders;
  • We will not profile you solely on the basis of this data and we will not use this data for any other purposes than providing our services as detailed hereunder.

Personal data we collect from you:

When you use the App or our website we may collect information such as:

  • location data such as IP address;
  • Device details;
  • Your login information;
  • Information about your interaction with the app or our website;
  • Information to verify the data you give us;
  • Information from your phone (like contact details in your address book or photos) if you give us consent to use that data to perform particular functionalities of our app.
Why we need to process your information
We need to process your information for the following purposes.

Contractual performance:

If you download our App and want us to deliver you our services, we can only perform these services if we can process your personal data as part of our contractual agreement as per our App Terms.

Your consent:

We rely on your consent to process and use your personal data for the following purposes:

  • Using personal information we have collected to identify you and to verify your identity to validate the data we hold about you and enrich your data visibility;
  • Provide information on your Accounts to allow you to interact with your transactions in ways relevant to your needs;

Legitimate interest:

We use your personal data on the basis of our legitimate interest and to your benefit so that we can:

  • Deliver to you the benefit of our App and connect you to our services;
  • Improve your experience of our service including bug fixing or introducing new features;
  • Assess the usage of the App;
  • Help us identify people like you that might enjoy and benefit from the App;
  • Make a secure connection between your device, the App and our data hosting services;
  • Take action if we need to defend our rights under the App Terms if you would misbehave or act in deviation of laws or regulations or our App Terms;
  • Track and examine the use of the App and the website to prepare reports on its activities and analyse that data;
  • Perform research and trend analysis to optimise your experience;
  • Create content using some personal data that will enable us to engage with you in a relevant way;
  • Engage with our users by providing relevant updates to our App and through social media or email communication channels;
  • Provide more detailed information on your transactional data. e.g. a weekly or monthly summary of personalised insights;

We will always use the minimum data required and will process to the minimum extent required.

Legal obligations:

We will also process your personal data where we are under a legal obligation to do so to:

  • Identify you and verify your identity to comply with our KYC obligations;
  • Prevent and detect fraud, money laundering, other crime, and security issues, and to reduce iSpent19’s risks;
  • Comply with laws and regulations, as well as any sector-specific guidelines and regulations;

Please be aware that if you do not want us to process the data for the purposes set out above, then we can not provide our services to you.

Who do we share your information with

We currently do not share your personal information with third parties, other than those who provide essential services enabling the operation of our App. These may include:

  • Secure data storage centres located in the UK or Western Europe
  • Identification and verification service providers who will check your identity
  • Email services whom we may use to communicate with you
  • Website and app analytics tools that will help us refine our service offerings to you and enhance your user experience

We may also share users’ personal data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing personal data with law enforcement officials, public health officials, other government authorities or other third parties as necessary to enforce our App Terms or other policies; to protect iSpent19’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services.

We may share a user’s personal data other than as described in this notice if we notify the user and they consent to the sharing. This may apply when we release new features over time where 3rd party support or involvement is necessary.

Secure keeping of your information

We are committed to ensuring that your personal data, including your Account Information and financial details (described in the App Terms), is secure. Your data is secured with the latest encryption technologies and saved in servers in the UK or Western Europe.

In order to prevent unauthorised access to or disclosure of it, we have put in place suitable physical, electronic and operational procedures to safeguard and secure the personal data we collect about you. In particular, we protect your personal data by deploying SSL and bank level encryption algorithms.

We will never ask for your PIN or other security credentials.

To help us protect your personal data, you agree to comply with our security policies and procedures that we notify you through our App’s Terms from time to time. You also agree to take all reasonable steps to prevent the unauthorised or fraudulent use of your username or password, or other security credentials.

If you find out or suspect that your App’s User Login, PIN code, or Password has been lost, stolen, or someone has used it without your permission, you must tell us as soon as possible as per our App Terms.

Cookies and third-party technologies
Cookies are small text files that are stored on browsers or devices by websites, Apps, online media, and advertisements. iSpent19 and its partners may use cookies and other identification technologies on our Apps and websites for purposes described in this notice:

  • Authenticating users
  • Remembering user preferences, usage of our services and settings
  • Determining the popularity of content
  • Delivering and measuring the effectiveness of advertising campaigns
  • Analysing site traffic and trends, and generally understanding the online behaviours and interests of people who interact with our services
  • Personalising your experience or financial product offers

We may also allow others to provide analytics services for us, to serve advertisements on our behalf across the Internet, and to track and report on the performance of those advertisements. These entities may use cookies, web beacons, SDKs, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services.

How long do we store your data
We retain user profile, transaction, and other personal data for as long as a user maintains their iSpent19 account.

We may retain certain user data after receiving an account deletion request if necessary, such as to comply with legal requirements. A user may request deletion of their account at any time through the Settings menu in the iSpent19 App. Following such requests, iSpent19 deletes the data after 30 days as long as it is not required for further retention for purposes of regulatory, tax, insurance, litigation, or other legal requirements. Such compliance related data is retained for a minimum of 5 years after the deletion request is received.

We also retain such data for purposes of safety, security, fraud prevention and detection, and research and development. For example, if iSpent19 deactivates a user’s account because of unsafe behaviour or security incidents, iSpent19 may retain certain information about that account to prevent that user from opening a new iSpent19 account in the future.

In certain circumstances, iSpent19 may be unable to delete a user’s account, such as if there’s any unresolved claim or dispute. Upon resolution of the issue preventing deletion, iSpent19 will delete the account as described above.

Transfer outside the EEA
We do not share any of your data with 3rd parties outside the EEA.

Our operational teams have presence in countries outside of the EEA. All parties are bound by the same European data protection rules as we are. We also have operational procedures that restrict access by team members on a strictly “as needed” basis, hence minimising sharing of your data regardless of national boundaries.

Your rights
The right to stop iSpent19 processing your data (right to object):

Our App is designed to provide you with benefits in managing your bank transactions such as better Visibility, stronger Control and a great deal of Convenience, which were the reasons why we created this App. At any point, if we no longer provide you with sufficient value, we welcome your feedback so that we can improve and continue to add value. However, should you decide not to continue using our services, you can withdraw your consent by:

  • Deleting one or more connected banks of yours
  • Deleting your user account with us entirely
  • Sending us an email with the request to be forgotten if any of the above does not work or if you cannot connect to the App.
  • You have the right to object to us processing information about you where we do so on the basis of a legitimate interest. If you do exercise this right, it could mean that we may not be able to provide you with the App or any of its service functionalities at all.

You also have the right to ask us not to process your personal data for marketing purposes by unsubscribing from our mailing list.

This would not invalidate any processing of the personal data prior to your withdrawal of consent.

Right of access and data portability:

All data that you have provided us is accessible in the App.

You can request a copy of all personal data you have provided us through the App or via the email-address you have provided us at registration.

If technically possible, we will help you export this data.

We can only give you the data we hold ourselves.

Right to rectification:

You can control your data through the App. Where you cannot change this data through the App, you have the right to ask us to rectify inaccurate or incomplete personal data which we have about you.

Right to erasure:

You have the right to ask us to erase your personal data:

You can request us to delete your iSpent19 account entirely through the App. This will automatically delete all information we have about you after 30 days, provided we are not required to hold your data longer for any legal reasons.

Right to object to automated processing:

You don’t need to object because we don’t subject you to decisions based solely on automated processing which significantly affect you.

All of the above rights can be exercised subject to successful checking of your ID to ensure we will only share data with yourself.

Our contacts and complaints
You can exercise any of the rights under this Privacy Notice by contacting us at

You also have the right to complain to the privacy regulator the Information Commissioner’s Office (the “ICO”). The ICO can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane


Cheshire, SK9 5AF

Telephone: 0303 123 1113


Changes to our Privacy Notice
We may occasionally update this notice. If we make significant changes, we will notify users in advance of the changes through the iSpent19 Apps or through other means, such as email.

We encourage users to periodically review this notice for the latest information on our privacy practices. After such notice, continued use of our services by users will be understood as consent to the updates to the extent permitted by law.