Privacy Policy

earmarkIQ

Last updated: 22 February 2026

            Summary: We use Open Banking (read-only) to analyse your spending and help you manage your money. We never move your money, sell your data, or share your transactions with third parties. You can delete your data at any time.
        

1. Who We Are

earmarkIQ ("we", "us", "our") is a personal finance application operated by Caolan Preston, trading as earmarkIQ, registered in England. Our registered address is available on request.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.

Contact: privacy@earmarkiq.app

2. What Data We Collect

2.1 Account Information

When you register, we collect:

Full name
Email address
Password (stored securely using bcrypt hashing — we never store plaintext passwords)
Monthly income (self-reported, used for allocation suggestions)

2.2 Bank Transaction Data (via Open Banking)

When you connect your bank account, we access your transaction data through FCA-regulated Open Banking providers. This includes:

Transaction amounts, dates, and merchant names
Account balances
Transaction categories assigned by your bank

            Important: We use Account Information Service Provider (AISP) access only. This is read-only — we can never initiate payments, move money, or modify your accounts. You authenticate directly with your bank; we never see your banking credentials.
        

2.3 Data You Provide

Financial goals you create (e.g., "Save for holiday")
Debt information you enter (balances, interest rates)
Net worth accounts you add manually
AI chat conversations
Notification preferences

2.4 Automatically Collected Data

Device type and operating system
App usage patterns (screens visited, features used)
Push notification tokens (for delivering notifications)
IP address (for security purposes)

3. How We Use Your Data

Purpose	Legal Basis (UK GDPR)
Provide spending analysis and financial insights	Contract performance (Art. 6(1)(b))
Generate your financial profile and habit persona	Contract performance (Art. 6(1)(b))
AI-powered financial advice and chat	Contract performance (Art. 6(1)(b))
Personalised product recommendations (marketplace)	Legitimate interest (Art. 6(1)(f))
Send push notifications (insights, alerts)	Consent (Art. 6(1)(a))
Detect subscription price increases	Contract performance (Art. 6(1)(b))
Process subscription payments	Contract performance (Art. 6(1)(b))
Prevent fraud and ensure security	Legitimate interest (Art. 6(1)(f))
Improve our service and fix bugs	Legitimate interest (Art. 6(1)(f))

4. AI Processing

We use AI (powered by Anthropic's Claude) to analyse your transaction data and provide personalised financial insights. When you use the AI chat feature:

Your transaction data is sent to Anthropic's API for analysis
Anthropic does not retain your data for training purposes
AI responses are generated in real-time and not stored by Anthropic
We store your chat history so you can reference past conversations

No automated decisions with legal or similarly significant effects are made about you without human involvement.

5. Who We Share Data With

5.1 We Never:

Sell your personal data or transaction data to any third party
Share your individual transaction details with advertisers
Allow third parties to access your bank connection

5.2 We May Share Data With:

Recipient	Purpose	Data Shared
Open Banking provider (Yapily/TrueLayer/Finexer)	Retrieve your bank transactions	Bank connection tokens (not your credentials)
Anthropic (AI provider)	Generate financial insights and chat responses	Anonymised transaction summaries, chat messages
Railway (hosting provider)	Host our servers and database	All data (encrypted at rest and in transit)
Apple / Google (app stores)	Process subscription payments	Purchase receipts (not financial data)
Affiliate partners (via Awin)	Track product recommendation clicks	Anonymous click data only — never transaction data

6. Affiliate Disclosure

Our Smart Marketplace features product recommendations from financial service providers. Some of these are affiliate links — if you click through and sign up, we may receive a commission from the provider. This does not cost you anything extra.

Recommendations are ranked by relevance to your financial profile, not by commission amount. We clearly label affiliate links with an "Affiliate" badge.

7. Data Security

Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2+ (HTTPS)
Encryption at rest: Your data is encrypted at rest in our database
Password security: Passwords are hashed using bcrypt with salt — we cannot read your password
Bank credentials: We never receive, store, or have access to your bank login details. Authentication happens directly with your bank via Open Banking
Access controls: Only authorised personnel can access production systems
FSCS protection: Your bank deposits remain protected up to £85,000 — we don't hold your funds

8. Data Retention

Transaction data: Retained while your account is active. Deleted within 30 days of account deletion.
Account information: Retained while your account is active. Deleted within 30 days of account deletion.
AI chat history: Retained while your account is active. Deleted with your account.
Analytics data: Aggregated and anonymised after 12 months.
Payment records: Retained for 7 years as required by UK tax law.

9. Your Rights (UK GDPR)

You have the right to:

Access: Request a copy of all data we hold about you
Rectification: Correct inaccurate data
Erasure: Delete your account and all associated data ("right to be forgotten")
Portability: Receive your data in a machine-readable format
Restrict processing: Limit how we use your data
Object: Object to processing based on legitimate interest
Withdraw consent: Withdraw consent for notifications or marketing at any time

To exercise any of these rights, email privacy@earmarkiq.app. We will respond within 30 days.

You can delete your account directly in the app: Settings → Delete Account. This removes all your data within 30 days.

10. Open Banking Consent

When you connect your bank account:

You are redirected to your bank's secure login page
You explicitly consent to sharing transaction data with earmarkIQ
Consent is valid for 90 days (as per Open Banking standards) and must be re-authorised
You can revoke access at any time through your bank's app or through earmarkIQ settings
Upon revocation, we stop receiving new data immediately. Existing data is deleted within 30 days unless you request immediate deletion.

11. Children's Privacy

earmarkIQ is not intended for anyone under the age of 18. We do not knowingly collect data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

12. International Transfers

Your data is primarily stored on servers in the EU/UK. Where data is processed outside the UK (e.g., AI processing via Anthropic's US-based servers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO.

13. Cookies and Tracking

Our mobile app does not use cookies. Our website (earmarkiq.app) uses only essential cookies required for the website to function. We do not use advertising cookies or tracking pixels.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.

15. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

16. Contact Us

For any questions about this privacy policy or your data:

Email: privacy@earmarkiq.app
Website: earmarkiq.app