Privacy Policy – Accounts

Twiddlebit Software Ltd (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal and financial data. This Privacy Policy explains how we collect, use, store, and share information when you use our iOS mobile application (“the App”).

Information We Collect

When you use the App, we may collect the following information:

Personal Data

  • Email address

Financial Data

  • You will be required to provide consent in order to display bank account information within the App. The App will require you to renew consent periodically, normally every 90 days.
  • We do not directly collect or store any financial information such as account transactions associated with the accounts you access via the App on any of our servers.
  • We do rely upon a trusted FCA authorised, third party open banking Account Information Service Provider (AISP), to connect to your bank. They have access to personal data which may include your account information such as balances and transactions. Such access is needed only for the purposes of providing the Apps advertised functionality to you. We encourage you to review their privacy policies.

Device and Usage Information

  • Device type, operating system, app version and subscription
  • IP address and location data (approximate, for security)
  • Crash reports, performance logs, and usage analytics

Cookies and Similar Technologies

  • No advertising cookies of any kind are used.
  • We use local storage in the App for secure login, session management, and preference storage.

How We Use Your Data

We use your information to:

  • Provide, operate, and maintain the App
  • Authenticate and securely connect to your bank accounts
  • Display account balances, transactions, and other requested data
  • Detect, prevent, and respond to security threats and fraud
  • Improve the App and user experience
  • Comply with legal and regulatory obligations

Under GDPR, our processing of your data is based on:

  • Consent – You authorise access to your banking data.
  • Contractual necessity – To provide the App and its services.
  • Legal obligation – Compliance with financial regulations.
  • Legitimate interests – Security monitoring, fraud prevention, and service improvement.

Sharing Your Data

We do not sell your data. We may share information with:

  • Banks and Financial Institutions – To access your account data securely via Open Banking APIs.
  • Service Providers – Open banking AISP, or security providers under strict data protection agreements.
  • Regulators or Law Enforcement – When legally required, or in the event of fraud, breach, or other investigations.

All third-party providers are required to maintain appropriate technical and organizational safeguards to protect your data.

Data Storage and Security

  • Data is encrypted in transit using TLS 1.2+
  • No bank account data is stored on any of the servers we operate
  • Any sensitive data stored locally on your device by the App is encrypted
  • We encourage you to have a PIN on your device in order to ensure the operating system encrypts the underlying file system as an additional level of protection
  • Bank account data stored on open banking third party servers we rely upon is encrypted at rest
  • Access is limited to authorised personnel only, following a strict least-privilege policy
  • We conduct regular security audits, penetration tests, and monitoring to protect your data

Note: We do not store your bank credentials; all authentication is done via secure, token-based APIs.

Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct or update inaccurate data
  • Request deletion of your data
  • Restrict processing of your data
  • Withdraw consent at any time
  • Receive your data in a portable format
  • Lodge a complaint with a supervisory authority (e.g., the ICO in the UK)

To exercise any of these rights, contact us at support@twiddlebit.com.

Data Retention

  • We retain your personal and banking data only as long as necessary to provide the App and comply with legal obligations.
  • On user account deletion, your data will be securely deleted within 30 days, except for logs or regulatory records, which may be anonymized and retained for up to 6 years.
  • You may revoke consent for access to a bank account via your own bank. This will prevent any new transaction data being pulled from your bank but will not delete any existing banking data on your device or the open banking providers servers.
  • Deleting an individual bank account within the App will trigger the deletion of all banking data associated with that account, both on your device and the open banking providers servers.
  • If you uninstall the App and/or stop using the App we will delete your account and all associated data after an extended period of inactivity.

International Data Transfers

If your data is processed or stored outside your country of residence:

  • Transfers are made only to jurisdictions with adequate data protection laws
  • Appropriate safeguards (e.g., Standard Contractual Clauses) are implemented to ensure security and compliance

Third-Party Services

  • The App may connect with banks, payment providers, or analytics platforms.
  • We ensure that these providers comply with GDPR, PSD2, and local privacy requirements.
  • We are not responsible for the privacy practices of third-party services, and we encourage you to review their privacy policies.

Changes to This Privacy Policy

  • We may update this policy periodically to reflect legal, regulatory, or operational changes.
  • Any significant changes will be communicated via the App or email.
  • The “Effective Date” at the top reflects the latest version.

Contact Us

If you have questions, complaints, or requests regarding this Privacy Policy, contact:

Data Protection Officer / Privacy Contact
Email: support@twiddlebit.com
You may also contact your local data protection authority (e.g., ICO in the UK) for unresolved complaints.