1. About us

This Privacy Policy explains how we handle your personal data, keeping things clear and compliant with the UK General Data Protection Regulation (UK GDPR), EU GDPR where applicable, and other data protection laws. By using the App, you agree to this policy. If you don’t agree, please don’t use the App.

We’re Fea Card Limited (Companies House number: 11620703). We’re the “controller” of the personal data that we collect about you through your use of our app, Bits AI (the “App”), helps you understand your finances through AI-powered insights, using bank account data accessed via Open Banking with Plaid. 

This means we decide the “what”, “why”, “how”, “who” and “where” of the processing.

We take the privacy of your information really seriously. We want to be clear and up-front with you about how we use your personal data. However, if you have any questions at all about this policy, please feel free to contact us using the follow details:

Address: Camden Gateway, 349 Royal College Street, London, England, NW1 9QS.

Email: hello@getbits.app.

2. What Data We Collect

We collect only what’s needed to make the App work for you:

• Personal Details: Your name, email, and information you provide to set up an account.

• Bank Data: Transaction history, balances, and account details from your bank, accessed through Plaid with your consent.

• Credit Reference Information: Your credit score and other credit bureau information, accessed with your consent when you connect to Equifax (see Section 14 CRAIN Notice). 

• Your Inputs: Information you share with our AI chatbot, like financial preferences or goals.

• App Usage: How you use the App, like features clicked or time spent.

• Device Information: IP address, device type, browser, and operating system.

• Location: General location (e.g., country) from your IP or bank data, to meet legal requirements.

• Communications with us: if you reach out to our Customer Service team requesting help with the App, or are otherwise contacted by us, we will keep a record of the exchange

3. How We Get Your Data

• From You: When you sign up, connect your bank, or chat with our AI.

  
  

• Via Plaid: Our Open Banking partner, Plaid, collects your bank data when you allow it. Check Plaid’s Privacy Policy.

• Via Equifax: When you connect your Equifax credit file to the app, our AI chatbot can give you personalised insights about your credit position. 

4. Purposes for Using Your Data

We use your data for specific reasons to make the App work and meet our obligations. These are:

• Delivering App Services: Provide AI-driven financial insights, spending tips, and account features based on your bank data and inputs.

• Managing Your Account: Set up and maintain your account, process logins, and handle your preferences.

• Connecting Bank Accounts: Access and process bank data via Plaid’s Open Banking services to enable App functionality.

• Improving the App: Analyze how you use the App to enhance its performance, AI accuracy, and user experience.

• Ensuring Security: Monitor for fraud, hacking, or unauthorized access to keep your data safe.

• Communicating with You: Send account updates, consent renewal reminders (e.g., every 90 days for Plaid access), or respond to your inquiries.

• Marketing: Send promotional messages about new App features, if you’ve agreed to receive them.

• Meeting Legal Requirements: Keep records and share data as required by laws, like FCA or UK GDPR rules.

• Handling Disputes: Use data to resolve complaints or legal claims, such as issues with bank data accuracy.

5. Lawful Bases for Using Your Data

We only use your data when we have a valid legal reason under UK GDPR:

Contract: To deliver the App as promised in our Terms:

• Generate AI-driven financial insights and spending tips using bank data.

• Manage your account and process your inputs to the AI chatbot.

• Provide access to App features and bank connections via Plaid.

Legitimate Interests: To run and improve our App, where our interests don’t override your rights:

• Analyse usage data to enhance App performance and AI accuracy.

• Monitor device information to detect fraud or unauthorized access.

• Send service-related updates, like account or consent renewal notices.

Consent: Where you’ve explicitly agreed:

• Send promotional messages about new App features (you can opt out anytime).

• Use non-essential cookies for analytics to improve the App.

Legal Obligation: To comply with laws and regulations:

• Keep records as required by FCA or UK GDPR (e.g., transaction logs).

• Respond to legal requests, like court orders or ICO inquiries.

6. Who We Share Data With

• Plaid: Handles bank data as our FCA-authorised partner, following their Privacy Policy.

• Service Providers: Trusted partners (e.g., cloud or analytics providers) process data for us under UK GDPR-compliant contracts.

• Legal Needs: We share data if required by law (e.g., court orders) or to protect our rights.

• Business Changes: If we’re sold or merged, your data may transfer to the new owner, with UK GDPR protections.

7. International Transfers

Some of the third parties that we need to share your personal data with are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK.

• We may use specific contracts (approved for use in the UK) which give personal data the same protection it has in the UK. Please contact us if you want further information.

8. Retention

• We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

• To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

9. Your Rights

You’ve got control over your data under UK GDPR:

• See It: Get a copy of your data.

• Fix It: Correct mistakes. Note we do not have authority to fix mistakes in data held on you by your bank or Equifax.

• Delete It: Ask us to remove your data, unless we need it for legal reasons.

• Limit It: Restrict how we use your data in some cases. This may result in you losing functionality of certain features or the whole app, depending on what data is being limited.

• Object: Say no to analytics or marketing.

• Move It: Get your data to take elsewhere.

• Withdraw Consent: Stop bank data access or marketing via App settings, though this may limit features.

Email us at hello@getbits.app to use these rights. We’ll reply within one month. If unhappy, contact the ICO (www.ico.org.uk) or your local EU authority.

10. Third Parties

Plaid, our Open Banking provider, handles bank data under their Privacy Policy. We oversee Plaid as their agent, but their practices are separate (see Terms, Clause 15). Other services, like payment processors, have their own policies.

11. No Kids Allowed

The App is for adults 18+ only (Terms, Clause 1.1). We don’t collect data from kids under 18. If we find any, we delete it fast, unless the law says otherwise.

12. Updates to This Policy

We may update this policy for new features, laws, or Plaid’s changes. We’ll notify you via the App or email about big updates. Using the App after changes means you consent to them.

13. Get in Touch

Questions or concerns?

• Email: hello@getbits.app

• Phone: 0207 438 2090 (9am - 6pm, Monday-Friday)

Any complaints?

You also have the right to lodge a complaint with the Information Commissioner's Office (“ICO”), the UK’s data protection regulator. The ICO's contact details can be found on their website at https://ico.org.uk/.

14. CRAIN Notice (Equifax Data)

In order to provide you with a better, more useful service, we allow you the option to connect to Equifax, giving the App access to your credit reference data. 

We will use this data to let the AI chatbot discuss with you:

• Your credit score details, including factors affecting it

• Your credit account details

• Possible improvements to your credit position

• Explanations behind score changes

• Red flags in your credit position

We will not share any of the data you share with us with CRAs (Credit Reference Agencies), nor can we change any of that data. You can get a copy of your Statutory Credit Report by visiting https://www.equifax.co.uk/Products/credit/statutory-report.