Privacy Policy

Last Updated: August 20th 2025.

1. Introduction & Data Controller

Gains App is the Data Controller for the personal data processed, unless otherwise stated in this privacy notice. Our Company registration Number is 16565380. and Information Commissioners Office (ICO) registration Number is ZB958381. Our registered Office is 27 Emerald Avenue, Fleet, GU51 5DG.

Gains App (“we,” “us,” “our”) operates stg-gainsapp-staging.kinsta.cloud and provides AI-powered read-only insights into your financial activity via Open Banking. We are the data controller for personal data processed under this policy. If you’d like to contact our Data Protection Officer (“DPO”) to exercise your rights or ask questions, please email privacy@gainsapp.com, or contact us at our Contact Us page.

We may update this policy to reflect legal or operational changes, and will notify users of material updates.

2. Information we may collect and how it’s collected

When using our website or app we may collect, use and store the information set out below. 

Some personal data is necessary for us to comply with law or perform our contract with you, so without it we may not be able to provide our service to you. We will tell you when this is the case, and for the purposes of this privacy notice these types of personal data are marked with an asterisk (*). 

Our services are not intended for use by anyone under 18 years of age, and if we identify any customers who are under 18 we will delete the personal data associated with their account.

1. Referral data*

If you refer a customer to the app then we shall send you a confirmation email or notification when the person you referred signs up and when they start using the service, and when they are activated for earning the referral reward. 

If you are the referee, the emails sent to the referrer will contain your first name only. We retain referral data (of both the referee and the referrer) within the app, including any bonus rewards that you or the person that referred you receives. We process personal data for this purpose on the basis of our legitimate interests to grow our business through customer referrals.

2. Registration data*

When you create an account, we collect your full name, email address, mobile number, device ID, operating system, app version (where relevant), login activity and referral tracking for your account. We process personal data for this purpose in order to perform our contract with you.

3. Open Banking data*

When you connect your bank account via a regulated Open Banking provider, we collect read-only transaction information, including merchant details, transaction dates, categories, and amounts. We process this personal data on the basis of your explicit consent in order to provide AI-powered financial insights and summaries within the app. We do not have access to or store your banking login credentials.

4. AI interaction data

When you use our AI features, we collect the questions you ask, the responses generated, and your feedback. This may include references to your financial transactions when you chat with the AI.

We process this personal data in order to:

• provide personalised financial insights,
• improve the AI’s accuracy, and
• enhance your overall user experience.

Our lawful bases for this processing are:

• Performance of a contract (to deliver the service you requested), and
• Legitimate interests (to improve and maintain our AI systems in a way that benefits all users).

We do not use AI to make automated decisions that have a legal or similarly significant effect on you. All outputs are advisory in nature, and you may request a human review at any time if you believe an AI-generated insight is inaccurate or unfair.

We also implement safeguards to minimise risks of bias or unintended profiling, and we do not deliberately use AI to infer special category data (such as health, religion, or political beliefs).

5. Device and operational data*

When using our website or app, we may also record your device type, OS version, crash logs, app version, location (if shared), and session activity as part of normal request processing and diagnostics. We process this personal data on the basis of our legitimate interests in providing a secure platform and ensuring service stability.

6. General communications data*

Information is also stored when you communicate with us via email, in-app chat, or other means. This is usually limited to your name, email address and/or account details depending on how you contact us and any correspondence needed to resolve your enquiry. We process this personal data on the basis of our contract with you and/or our legitimate interests in providing an efficient service to you.

7. Marketing data

If you choose to opt in, we will send you marketing communications about new features, offers and updates. These are separate from any service-related or transactional messages.

Marketing communications may be sent by email, SMS, or push notification depending on your preferences.

We will only send marketing where we have your consent. You can withdraw this consent at any time by updating your preferences in the app, using the unsubscribe link in emails, or contacting us at privacy@gainsapp.com.

In some cases, if you are an existing customer, we may rely on the “soft opt-in” under the Privacy and Electronic Communications Regulations (PECR). This means we may send you marketing about similar services that you have previously used or purchased from us, provided that you were given a clear opportunity to opt out at the time of data collection and in every message.

We never sell or share your personal data with third parties for their marketing purposes.

8. Survey and feedback data

In order to better understand our customers, we may also collect anonymised data in surveys and feedback forms. Participation in surveys is optional and anonymous. Where you choose to participate, we process this data on the basis of our legitimate interests in understanding your experience and improving our service.

9. Sensitive data

We do not request any sensitive personal data (also known as special category data) from you. Nor do we collect any information about criminal convictions and offences.

3. AI Usage & Transparency

Our AI analyses your Open Banking data to generate insights, categorise spending, and respond conversationally to save you time and improve your understanding of your finances. The logic is informed by spending patterns and clustering algorithms. We regularly evaluate our AI models to reduce bias, enhance accuracy, and ensure fairness—but please be aware automated suggestions may not always be perfect.

As part of the FCA’s Consumer Duty and “appropriate transparency and explainability” principle, we commit to plain-language explanations of how our AI works.

We carry out regular testing for accuracy and bias in line with FCA/ICO guidance.

We focus entirely on ensuring our AI is completely compliant under FCA guidelines and regulations.

If you believe an AI-generated insight is incorrect or unfair, you can request a human review by contacting our support team.

3a) Automated decision-making and AI outputs

Our AI features are designed to be assistive only. They analyse your transaction data and generate insights or summaries to help you better understand your finances.

These AI-generated outputs are suggestions for your information and do not make binding decisions about you. We do not use AI to carry out automated decision-making that has a legal effect on you or that would otherwise significantly affect you within the meaning of UK GDPR Article 22.

You remain in control of how you act on the insights provided. Where any automated processes are used to personalise your experience (for example, categorising transactions or highlighting spending patterns), these are advisory in nature, and you may request a human review if you believe an output is inaccurate or unfair.

We also test and monitor our AI models to ensure that they remain fair, transparent, and non-discriminatory.

3b) AI Usage, Transparency and Consumer Duty

Our AI analyses your Open Banking data to generate insights, categorise spending, and respond conversationally to help you better understand your finances. These outputs are advisory and designed to save you time and improve financial awareness.

In line with the FCA’s Consumer Duty, we are committed to ensuring that:

• Our use of data and AI is always in the best interests of customers,
• AI outputs are fair, balanced and not misleading,
• Insights are presented in plain language that customers can understand, and
• We regularly conduct outcomes testing to check that the service provides fair value and supports customers, including those who may be vulnerable.

If you believe an AI-generated insight is unclear, misleading or unfair, you may request a human review, and we will act promptly to address your concerns.

4. Governance & Senior Accountability

Our senior management, including the DPO and our appointed AI Governance Lead, oversee AI deployments. We maintain strong internal controls, risk assessments, and audit trails throughout the AI lifecycle—consistent with FCA expectations under SYSC and SM&CR frameworks.

We also monitor third-party providers (e.g., AI infrastructure, analytics partners) to ensure they meet our standards. This aligns with the FCA’s increased focus on oversight of critical third-party providers.

5. Data Sharing & Third Parties

When you use our services, we may share your personal data with carefully selected third-party suppliers that help us deliver the Gains App. We only share the minimum data necessary for them to perform their role, and we remain responsible for protecting your data at all times.

The categories of third parties we use include:

• Open Banking provider – e.g. TrueLayer (for secure bank account connectivity and read-only transaction access).
• Cloud hosting and storage provider – e.g. Amazon Web Services (AWS)
• Analytics and crash reporting tools – e.g. Google Analytics
• Customer support systems
• Email/SMS/push notification provider

Where we transfer personal data outside the UK or EU (for example, if our cloud or communications provider stores data in the US), we ensure this is protected with appropriate safeguards, such as the UK Addendum to the EU Standard Contractual Clauses and Transfer Risk Assessments (TRAs).

We do not sell your personal data to any third party for their marketing purposes.

We remain responsible for data protection in line with GDPR/UK GDPR—even when third parties process your data. Any international data transfers are safeguarded via Standard Contractual Clauses or equivalent mechanisms.

5a) International data transfers

Some of our service providers are located outside the UK or the European Economic Area (EEA). Where we transfer your personal data internationally, we take steps to ensure it receives an equivalent level of protection as required under UK data protection law.

This includes:

• Using the UK Addendum to the EU Standard Contractual Clauses (SCCs) or other approved safeguards for international transfers.
• Conducting a Transfer Risk Assessment (TRA) before relying on any transfer mechanism, to assess the laws and practices of the destination country and ensure your data remains protected.
• Applying additional technical and organisational measures (such as encryption and strict access controls) where needed.

You can request more information about our international transfer safeguards by contacting us at privacy@gainsapp.com.

6. Security

Your data is encrypted in transit (TLS/HTTPS) and at rest. We employ strict access controls, regular penetration testing, and follow best practices in cybersecurity and “privacy by design” throughout our systems.

7. Retention & Deletion

• Transaction data: retained only while AI features remain active or as necessary for legal compliance.
• Summarised insights: stored for up to 6 months for performance improvements.
• After you delete your account, we will erase your personal data unless regulations require longer retention (e.g., for audits).

Details on retention timelines are available upon request.

8. Your Rights

You have the right to:

• Access, correct, erasure of your personal data
• Restrict or object to processing
• Data portability
• Withdraw consent for processing or marketing at any time
• Request human review of AI outputs
• Lodge a complaint with the ICO if dissatisfied with our handling of your data

Contact us at privacy@gainsapp.com to exercise any of these rights.

9. Open Banking & Compliance

Gains App is registered as a Third-Party Provider (TPP) compliant with PSD2/Open Banking standards. We do not hold your login credentials—access is secured via Strong Customer Authentication (SCA) directly with your bank.

10. Open Finance & Future Integration

As the UK evolves toward Open Finance, enabling secure access to savings, pensions, and investments, we may expand our services accordingly. We remain committed to obtaining consent, protecting data, and upholding regulatory standards in all new data-sharing contexts.

11. Policy Updates & Contact Information

You’ll be informed of any significant policy changes via our app or email. For questions, data subject requests, or privacy concerns, reach out to privacy@gainsapp.com. You may also contact the Information Commissioner’s Office (ICO) for independent oversight.

12. Age restrictions and vulnerable customers

Our services are intended for users aged 18 and over. We do not knowingly collect or process personal data relating to anyone under 18.

To help prevent underage use, we implement age assurance measures such as requiring date of birth at registration and monitoring for indicators of underage activity. If we become aware that a user is under 18, we will promptly delete their personal data and close their account.

In line with the FCA’s Consumer Duty, we also recognise that some adult users may be considered vulnerable customers due to circumstances such as financial hardship, disability, or low digital confidence. We design our service to be clear, fair, and not misleading, and we provide additional support on request to ensure vulnerable customers can make informed decisions.