Privacy Policy

Last Updated: April 17, 2026

1. Introduction

ActualFinance ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your personal information when you use our services.

2. Information We Collect and Why

We collect different categories of data depending on how you interact with ActualFinance:

  • Waitlist email address — collected when you sign up for early access. Legal basis: consent (Article 6(1)(a) GDPR). Used solely to notify you when early access is available and to send relevant product updates. You can withdraw consent at any time by emailing us or clicking the unsubscribe link in any email we send.
  • Account information — email address, hashed password, and profile settings when you register. Legal basis: performance of a contract (Article 6(1)(b) GDPR).
  • Financial data — bank account details, transaction history, and balances fetched via GoCardless Open Banking. Legal basis: performance of a contract (Article 6(1)(b) GDPR). We use read-only access only — we cannot initiate payments or transfers.
  • Usage data — login history and interaction logs used to maintain security and improve the service. Legal basis: legitimate interests (Article 6(1)(f) GDPR).

3. Third Parties Who Receive Your Data

  • GoCardless (Nordigen) — processes open banking consent and retrieves bank data on our behalf. GoCardless is an FCA-authorised payment institution operating within the EU/UK.
  • Sentry — receives anonymised error and performance telemetry to help us diagnose technical issues.
  • Neon (database hosting) — stores account and financial data on servers located within the EU.

We do not sell your data to third parties and do not use it for advertising purposes.

4. International Data Transfers

We store and process your data within the European Union. Where any sub-processor is located outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or an adequacy decision). GoCardless processes data within the UK and EU under applicable transfer mechanisms.

5. Data Retention

  • Waitlist entries — retained until you unsubscribe or request deletion, and no longer than 24 months after collection if early access has not been granted.
  • Account and financial data — retained for the duration of your account and for up to 90 days after deletion, unless a longer period is required by law.

6. Your Rights Under GDPR

As a resident of the EU/EEA you have the following rights, exercisable by contacting us at the address in Section 7:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure— request deletion of your data ("right to be forgotten").
  • Right to restriction — ask us to limit how we process your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (AP) at autoriteitpersoonsgegevens.nl.

7. Contact Us

For any privacy-related questions or to exercise your rights, contact us at: privacy@actualfinance.app.

8. Cookies

We use strictly necessary cookies to maintain your session. We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under the Dutch Telecommunications Act (Telecommunicatiewet).