Privacy Policy
Last updated: 26 May 2026 · MoneyMind Ltd, London, United Kingdom
1. Data Controller
The data controller within the meaning of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 is:
MoneyMind Ltd
22 Canary Wharf, Level 4
London E14 5AB
United Kingdom
Email: [email protected]
Phone: +44 20 7946 0123
2. Principles of Data Processing
We process personal data only where necessary to provide our services or where a lawful basis under Article 6 UK GDPR exists. We do not collect banking credentials and have no access to your bank accounts. We are registered with the Information Commissioner's Office (ICO) under registration number ZA123456.
3. Categories of Data Processed
- Registration data: First name, email address, encrypted password
- Usage data: Self-entered expenses, categories, budget settings
- Technical data: IP address, browser type, operating system, access timestamps (server logs)
- Cookie data: Session cookies, preference cookies (only with consent)
4. Lawful Bases for Processing
| Purpose | Lawful basis |
|---|---|
| Account creation and contract performance | Art. 6(1)(b) UK GDPR |
| Security, fraud prevention | Art. 6(1)(f) UK GDPR (legitimate interests) |
| Email marketing (newsletter) | Art. 6(1)(a) UK GDPR (consent) |
| Statutory retention obligations | Art. 6(1)(c) UK GDPR |
| Technically necessary cookies | Regulation 6, PECR 2003 |
5. Cookies
Our website uses cookies. Strictly necessary cookies are set without your consent. For all other cookies, we obtain your explicit consent via our cookie banner, in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR).
| Name | Type | Purpose | Duration |
|---|---|---|---|
| mm_session | Strictly necessary | Maintain login status | Session end |
| mm_cookies | Preference | Store cookie consent choice | 12 months |
| _ga | Analytics (opt-in) | Google Analytics | 24 months |
You can disable or manage cookies at any time through your browser settings.
6. Data Storage and Security
All data is stored exclusively on servers located in the United Kingdom. Transmission is via encrypted HTTPS connections (TLS 1.3). Stored data is encrypted with AES-256. Passwords are stored only as bcrypt hashes and are never accessible to us in plain text.
7. Disclosure to Third Parties
We do not share your personal data with third parties unless you have expressly consented, there is a legal obligation, or it is necessary for contract performance. We use the following processors, bound by UK GDPR-compliant data processing agreements:
- Amazon Web Services (AWS) UK (server hosting, UK data centre region)
- Stripe Inc. (payment processing, UK Standard Contractual Clauses)
8. International Transfers
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (IDTAs) or UK addendums to EU Standard Contractual Clauses, in accordance with Chapter V UK GDPR.
9. Retention Period
We store personal data only for as long as required for the stated purposes or as required by law (generally 6 years under UK tax law — HMRC requirements). After account cancellation, your personal data is deleted within 30 days, unless we are legally required to retain it.
10. Your Rights under UK GDPR
- Right of access (Art. 15 UK GDPR) — request a copy of your data
- Right to rectification (Art. 16 UK GDPR) — correct inaccurate data
- Right to erasure (Art. 17 UK GDPR — "right to be forgotten")
- Right to restriction of processing (Art. 18 UK GDPR)
- Right to data portability (Art. 20 UK GDPR) — export as CSV/JSON
- Right to object (Art. 21 UK GDPR)
- Right to withdraw consent (Art. 7(3) UK GDPR)
- Rights related to automated decision-making (Art. 22 UK GDPR)
To exercise your rights, please contact: [email protected]. We will respond within one month in accordance with our obligations under UK GDPR.
11. Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
www.ico.org.uk
ICO Helpline: 0303 123 1113
12. Changes to This Policy
We reserve the right to update this Privacy Policy as needed to reflect changes in our practices or applicable law. The current version is always available on this page. For material changes, we will notify you by email with at least 30 days' notice.