Privacy Policy

Last Updated: 04/03/2026

SuperFi Finance Ltd ("SuperFi", "we", "us", "our") is a company registered in England and Wales. We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, store and protect your personal data when you:

• Use the SuperFi mobile application

• Visit our website

• Connect your bank account via Open Banking

• Participate in surveys

• Use our debt triage tool

• Interact with us for customer support

SuperFi acts as a data controller for most app-related processing. For certain services (such as debt triage flows operated on behalf of advice organisations), we act as a data processor. These roles are explained below.

————————————————————————————————————————————————

1. What Information We Collect

We may collect the following types of personal data:

Account Information

• Name

• Email address

• Phone number

• Date of birth (if provided)

Financial Data (via Open Banking)

• Account type

• Account number and sort code

• Account balances

• Transaction history

• Merchant descriptions

Survey Data

• Demographic information

• Survey responses

• Free-text answers (where applicable)

Technical Information

• Device information

• App usage data

• IP address

• Diagnostic and performance data

Customer Support Data

• Messages sent via Intercom or email

• Support enquiries

———————————————————————————————————————————————

2. How We Use Your Information

We use your personal data to:

• Provide and operate the SuperFi app

• Deliver budgeting and financial insights

• Identify potential cashback opportunities

• Process survey participation and rewards

• Provide customer support

• Improve app performance

• Prevent fraud and abuse

• Comply with legal obligations

We do not sell your personal data.

———————————————————————————————————————————————

3. Open Banking and Financial Data

SuperFi uses Open Banking technology to allow you to securely connect your bank accounts.

When you choose to connect your account:

• You are redirected to our regulated Open Banking provider, TrueLayer.

• TrueLayer is authorised and regulated by the Financial Conduct Authority (FCA).

• You authenticate directly with your bank.

• SuperFi does not see or store your bank login credentials.

What Data We Access

With your explicit consent, we may access:

• Account information (such as account type, account number and sort code)

• Account balances

• Transaction history

• Transaction descriptions and merchant information

We use this data to:

• Categorise your spending

• Provide budgeting insights

• Help you understand upcoming bill affordability

• Identify potential cashback opportunities

• Provide cashflow information within the app

We do not use Open Banking data to make automated decisions that have legal or similarly significant effects on you.

Open Banking data is used solely to provide financial insights and services within the SuperFi app and is not used for unrelated commercial profiling or advertising.

———————————————————————————————————————————————

Your Open Banking Consent

Open Banking access is based entirely on your explicit consent.

You can withdraw your consent at any time by disconnecting your bank account within the SuperFi app.

When you withdraw consent:

• SuperFi immediately loses access to your bank data via TrueLayer.

• We cannot retrieve new transaction or balance data from your bank.

Open Banking permissions typically expire after 90 days unless you re-confirm your consent, in line with UK Open Banking regulations.

———————————————————————————————————————————————

Open Banking Data Retention

When you disconnect a bank account or delete your SuperFi account:

• We stop accessing your financial data via Open Banking immediately.

• Stored Open Banking data is deleted or anonymised in accordance with our data retention policy and applicable legal or regulatory obligations.

Where required for regulatory compliance, fraud prevention, or financial record-keeping obligations, limited data may be retained for the minimum period required by law.

SuperFi does not sell Open Banking data or share identifiable transaction data with advertisers or marketing partners.

———————————————————————————————————————————————

4. Surveys

SuperFi may offer voluntary surveys within the app. Surveys are provided in partnership with third-party survey platforms and clients.

Participation in surveys is entirely voluntary.

Survey responses:

• May be shared with survey providers or their clients in pseudonymised form

• May include demographic information

• May include optional free-text responses

Survey participation does not affect your access to SuperFi’s core financial tools or features.

SuperFi does not combine Open Banking data with survey responses and does not use survey responses to make financial eligibility decisions within the app.

Survey providers and their clients may use responses for research, analysis, product development or statistical purposes in accordance with their own privacy policies.

SuperFi does not use survey responses to train artificial intelligence models for unrelated commercial purposes.

———————————————————————————————————————————————

5. Special Category Data

We do not intentionally collect special category personal data (such as health information, political opinions, religious beliefs, trade union membership, sexual orientation or biometric data) as part of the core SuperFi app experience.

However, certain third-party surveys may include demographic or sensitive questions determined by the survey provider or their client. Participation in such surveys is voluntary, and you may skip questions where possible.

———————————————————————————————————————————————

6. Debt Triage Tool (Processor Role)

For specific debt advice or triage services hosted on SuperFi subdomains (for example, services provided in partnership with advice organisations), SuperFi acts as a data processor.

In these cases:

• The advice organisation determines the purpose of data collection.

• The advice organisation defines the questions and logic.

• SuperFi processes personal data solely on their instructions.

• Identifiable personal data collected through the triage flow is deleted within 28 days of submission.

• We do not use identifiable triage data for analytics, profiling or commercial purposes.

Only anonymised, aggregated metrics (such as completion rates) may be retained.

———————————————————————————————————————————————

7. Fraud Prevention and Account Deletion

You may delete your SuperFi account at any time within the app.

When you delete your account:

• Your active account data is removed.

• Open Banking access is terminated immediately.

To prevent abuse of promotional offers or duplicate account creation, we may retain limited identifiers (such as email address or certain account reference information) for up to 30 days following account deletion.

This limited retention:

• Is used solely for fraud prevention.

• Is based on our legitimate interests in preventing abuse.

• Does not apply if you have only disconnected your bank account but continue using SuperFi.

After this period, retained identifiers are permanently deleted or anonymised.

———————————————————————————————————————————————

8. Cookies and Analytics

We may use cookies and similar technologies to operate our website and app.

Where required by law, non-essential cookies are only activated after you provide consent via our cookie settings tool.

For specific debt triage subdomains operated on behalf of advice organisations, we do not set analytics or advertising cookies for our own purposes.

———————————————————————————————————————————————

9. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom or European Economic Area.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK data protection law. This may include:

• Transfers to countries recognised as providing adequate protection

• The use of UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses

• Other lawful transfer mechanisms

We take reasonable steps to ensure your data remains protected to UK standards.

———————————————————————————————————————————————

10. Data Retention

We retain personal data only for as long as necessary to:

• Provide our services

• Comply with legal obligations

• Resolve disputes

• Prevent fraud

Where data is no longer required, it is securely deleted or anonymised.

———————————————————————————————————————————————

11. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Request correction

• Request deletion

• Restrict processing

• Object to processing

• Data portability (where applicable)

To exercise your rights, contact: support@joinsuperfi.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

———————————————————————————————————————————————

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published with an updated revision date.

———————————————————————————————————————————————

13. Contact Us

If you have questions about this Privacy Policy, contact:

SuperFi Finance Ltd
124 City Road, London, EC1V 2NX, UK
Email: support@joinsuperfi.com