Privacy Policy

Last updated: 7 March 2026

1. Introduction

KiwiK (“we”, “us”, “our”) is committed to protecting your privacy and being transparent about how we handle your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

KiwiK is the data controller responsible for your personal data. If you have any questions about this policy, please contact us at privacy@kiwik.app.

2. Definitions

  • Personal Data: any information relating to an identified or identifiable individual.
  • Special Category Data: sensitive personal information (e.g. health, biometric data) that receives enhanced legal protection under applicable data protection legislation.

3. Information We Collect

Data you provide directly

  • Name and email address when you create an account or join our waitlist
  • Date of birth and other profile information you choose to supply
  • Images you upload (e.g. receipts, profile photos)

Data from connected accounts

When you connect a bank account through our open banking integration (powered by Plaid), we may access:

  • Account details (name, type, balance)
  • Transaction history and categories
  • Recurring payment information
  • Investment and savings data

We access this information on a read-only basis and never initiate payments or modify your accounts.

Data collected automatically

  • Device type, operating system, and app version
  • Usage analytics (screens visited, features used)
  • IP address and approximate location (country/region level)

4. How We Use Your Data

We use the information we collect for the following purposes:

  • Service delivery: providing, maintaining, and improving the KiwiK app and its features (dashboards, spending analysis, financial tools)
  • Personalisation: customising your experience, including category suggestions and spending insights
  • Security & fraud prevention: detecting and preventing unauthorised access, fraud, and other financial crime
  • Legal compliance: meeting regulatory and legal obligations
  • Communication: sending service updates, security alerts, and (with your consent) marketing communications

5. Automated Decision-Making & Profiling

KiwiK may use automated processes to categorise transactions, detect unusual spending patterns, and generate personalised insights. These processes do not produce legal effects or significantly affect you in a similar way. You have the right to request human review of any automated decision by contacting us.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. After you close your account, we may retain certain data for up to seven years to comply with legal and regulatory obligations (e.g. anti-money laundering requirements).

Waitlist email addresses are retained until you unsubscribe or until the information is no longer needed for its original purpose.

7. Consent

Where we rely on your consent to process personal data (for example, connecting your bank accounts or receiving marketing emails), you may withdraw that consent at any time. You can do so by:

  • Disconnecting your bank accounts within the app
  • Updating your communication preferences in your profile settings
  • Contacting us at privacy@kiwik.app

Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.

8. Legal Bases for Processing

We process your personal data on the following legal bases:

  • Contract: processing necessary to provide the services you have requested
  • Legal obligation: processing required to comply with applicable laws and regulations
  • Legitimate interests: processing necessary for our legitimate business interests (e.g. improving our services, preventing fraud), provided these do not override your rights
  • Consent: processing based on your explicit consent (e.g. marketing communications, open banking connections)

9. Deletion of Personal Data

You may request deletion of your personal data at any time. We will process your request within 30 days. You can submit a deletion request by:

  • Using the “Delete Account” option in your profile settings
  • Emailing privacy@kiwik.app

Please note that we may be required to retain certain data for regulatory purposes, even after you request deletion.

10. Disclosure & Third Parties

We may share your personal data with the following categories of third parties:

Essential service providers

  • Plaid: open banking connectivity and account data retrieval
  • Cloud infrastructure: secure hosting and data storage
  • Firebase: authentication and user management

Regulatory & legal

  • Financial regulators when required by law
  • Law enforcement agencies pursuant to valid legal process

All third-party service providers are contractually bound to protect your data and process it only for the purposes we specify.

We do not sell your personal data to any third party.

11. Data Security

We implement appropriate physical, technical, and administrative safeguards to protect your personal data, including:

  • Encryption in transit (TLS) and at rest for all sensitive data
  • Read-only access to your bank accounts — we can never move your money
  • Regular security assessments and monitoring
  • Strict access controls and employee security training

12. Your Rights

Under applicable data protection legislation, you have the following rights:

  • Right to be informed: to know how your data is being used (this policy)
  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to have inaccurate data corrected
  • Right to erasure: to request deletion of your data (see Section 9)
  • Right to restrict processing: to limit how we use your data in certain circumstances
  • Right to data portability: to receive your data in a structured, commonly used format
  • Right to object: to object to processing based on legitimate interests
  • Rights regarding automated decisions: to request human review of automated decisions (see Section 5)

To exercise any of these rights, contact us at privacy@kiwik.app. We will respond within one month. For complex requests, this may be extended by a further two months, in which case we will notify you.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

13. Cookies

Our website uses cookies — small data files stored on your browser — to ensure the site functions correctly and to understand how visitors use it.

Strictly necessary cookies

Essential for the website to operate (e.g. session management, theme preference). These cannot be disabled.

Analytics cookies

Help us understand how visitors interact with the site by collecting anonymous usage data. You can opt out of these via your browser settings.

Disabling cookies may affect your experience on certain parts of the website. For assistance, contact privacy@kiwik.app.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by placing a prominent notice on our website. The “Last updated” date at the top of this page indicates when the policy was last revised.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

← Back to home