Fae100 Privacy Policy · Version 1.0

We respect
your privacy.

Fae exists to improve your financial wellbeing. To do that, it requires data about you. In fact, it's true to say that the more data it has, the more useful it will be to you. We understand that handling this data is a big deal.

We commit to doing everything we can to earn and maintain your trust in Fae, and we take our responsibility to protect your data extremely seriously.

We also know that talk is cheap and missteps are expensive. Both are undesirable, and it's in our best interests to avoid them. So:

  • We only access your data with your explicit consent.
  • You can decide which kinds of data you want to share.
  • We take various measures to keep your data safe.
  • We will never sell your data. Not now, not ever.
  • We will never use your data to advertise things to you.
  • You can delete your data at any time.

Please read our full Privacy Policy, which explains in detail what personal data we collect, why we collect it, what we do with it, and what rights you have over it.

Version 1.0  ·  Effective 22 April 2026  ·  hello@getfae.com

Read the full Privacy Policy

Privacy Policy.

Fae Technologies Ltd  ·  Version 1.0  ·  Effective 22 April 2026

A few things we want you to know up front:

  • We only access your data with your explicit consent.
  • You can decide which kinds of data you want to share.
  • We take various measures to keep your data safe.
  • We will never sell your data. Not now, not ever.
  • We will never use your data to advertise things to you.
  • You can delete your data at any time.

1.Who We Are

The plainspeak summary: These are our formal company details.

The Fae service is operated by Fae Technologies Ltd, a company incorporated in England and Wales (Company Number: 16753505), with its registered address at Unit D3, Curie House, Wallis Road, London, E9 5LN.

For the purposes of UK data protection law, Fae Technologies Ltd is the data controller for the personal data described in this policy. We are registered with the Information Commissioner's Office (ICO) under registration number ZC131995.

If you have any questions about this policy or how we handle your data, please contact us at: hello@getfae.com

2.What Data We Collect

The plainspeak summary: We collect some data that you give us directly (like your name and email), some financial data via open banking, some that you may choose to make available to us (like your emails), and some that we collect automatically (like how you use the app).

Fae connects to more sources of data than most services do — that's how it gives you a genuinely holistic picture. Below is a clear account of everything we collect and where it comes from.

2.1 Data You Give Us Directly

Account registration: your name, email address, and password (stored encrypted — we never see your actual password). Optionally, a phone number for two-factor authentication.

Profile information: your date of birth (optional, used for personalised insights), and your preferences and settings within the app.

Support interactions: messages you send us, feedback, survey responses, and any complaints.

Communications information: your preferences for receiving insights from us and your communication preferences.

Uploaded documents: any documents you choose to share, such as insurance policies or bank statements.

2.2 Financial Data (via Open Banking)

Your bank account data reaches Fae through an open banking connection. You authorise your open banking provider, as an independent data controller, to share your data with Fae through their API using your secure access token. We never connect directly to your bank and cannot initiate payments or move funds.

The financial data we receive includes:

  • Account details: account holder name, account type, masked account number and sort code, currency, and bank name.
  • Transaction data: date, amount, merchant name, description, transaction type, category, and balance at time of transaction.
  • Account balances: current balance, available balance, and credit limit where applicable.
  • Standing orders and direct debits: payee name, amount, frequency, next payment date, and status.
  • Historical data: up to 24 months of past transactions, configurable by you.

What we never see: your bank login credentials, PINs, full card numbers, CVV codes, or authentication tokens. These are never exposed through open banking and never reach Fae.

2.3 Email Data (with your permission)

If you connect your email account (for example Gmail), we read emails on a read-only basis to identify categories likely to contain financial information: billing emails, subscription confirmations, insurance documents, and financial correspondence. You can revoke access at any time.

2.4 Calendar Data (with your permission)

If you connect your calendar (for example Google Calendar), we read your calendar entries on a read-only basis. This helps Fae understand what your spending actually means in the context of your life — connecting a restaurant charge to a work dinner, for example. You can revoke access at any time.

2.5 Data Collected Automatically

Usage data: how you interact with the app: features used, screens viewed, time spent, device type, operating system, app version, crash reports, and IP address (used for security).

Cookies and similar technologies: session cookies to keep you logged in, security cookies, and analytics cookies to help us understand how the app is used. See Section 10 for more on cookies.

2.6 Data From Other Sources

Public sources: from publicly available sources which you have made public.

We do not collect or process special category data (such as health, political opinions, or biometric data).

3.How We Use Your Data

The plainspeak summary: We mainly use your data to run and improve Fae, and to make it useful to you.

The table below sets out every purpose for which we process your personal data, which categories of data are involved, and the lawful basis we rely on under UK GDPR.

Data categories: Identity — name, date of birth and similar; Contact — email, phone, communication preferences; Financial — bank account, transaction and balance data; Profile — settings, preferences and in-app choices; Usage data — how you interact with the app.

PurposeData categoriesLawful basis
Create and manage your account and provide the Fae serviceIdentity; Contact; Account credentialsContract
Connect to your financial data via open banking and display your transactions, balances, and financial patternsFinancial; Transaction dataContract; Consent
Read your email for billing emails, subscriptions, insurance documents and financial correspondenceEmail contentConsent
Read your calendar to contextualise your spending with life eventsCalendar dataConsent
Generate personalised financial insights, flag opportunities, and make suggestionsFinancial; Transaction; Email; Calendar; Profile; Support interactions; Public sourcesContract; Consent
Process documents you choose to shareUploaded documentsContract; Consent
Send you service communications, security alerts, and consent renewal remindersIdentity; Contact; Communication informationContract
Deliver personalised insights and nudges within your accountFinancial; Transaction; Profile; Usage dataContract; Legitimate interests
Send you Fae updates on new features, how we're doing, and news about our public launchIdentity; ContactSoft opt-in (PECR) with unsubscribe in every email
Improve the service: understanding usage patterns, fixing bugs, developing new featuresUsage data (anonymised); Support interactionsLegitimate interests
Detect fraud, prevent abuse, and protect account securityIdentity; Technical; FinancialLegitimate interests; Legal obligation
Respond to your support requests and complaintsIdentity; Contact; relevant account dataLegitimate interests
Comply with legal and regulatory obligationsIdentity; Contact; FinancialLegal obligation
Manage changes to our service and notify you of material updatesIdentity; ContactContract
Build aggregated, anonymised analytics to understand financial trends (no individual profiling)Usage data (anonymised and aggregated)Legitimate interests

Contract: processing is necessary to provide the service you've signed up for.

Consent: you have given us explicit permission for a specific use. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Legitimate interests: we have a genuine business or operational reason that does not override your privacy rights. We carry out a balancing test before relying on this basis.

Legal obligation: we are required to process the data by law.

A note on communications: Fae does not market to you. We do not sell products, earn commissions, or have any interest in promoting things to you. The only emails we send outside of service communications are Fae updates on things like new features and news about our public launch. Every one includes a single-click unsubscribe. We will stop immediately if you ask us to.

A note on automated decisions: Fae uses AI to categorise transactions and generate insights. These outputs are advisory only. You can always override them. We do not make automated decisions that have legal or similarly significant effects on you.

4.Who We Share Your Data With

The plainspeak summary: We only share data with the providers we use to run the service — never with advertisers or data brokers.

We share your data only where necessary to provide the service or where required by law. We never sell it and never share it for third-party marketing.

4.1 We Do Share With

Cloud infrastructure providers: who host our application and store data securely. Primary production data is hosted in UK/EU data centres only, encrypted in transit and at rest. We have Data Processing Agreements in place with all providers.

Analytics providers: who help us understand app usage. Only anonymised, aggregated data is shared — nothing that can identify you.

Customer support tools: who handle support requests. They receive only the data relevant to your query, under Data Processing Agreements.

Development and technical service providers: who help us build and maintain the Fae service. Where data is transferred outside the UK, we ensure appropriate safeguards are in place as described in Section 5.

Professional advisers: lawyers, accountants, auditors, and insurers, where necessary for our business operations.

Regulators and authorities: where we are required by law, court order, or regulation (see Section 4.3).

Business transfer recipients: in the event of a merger, acquisition, or sale of the business, under appropriate data protection safeguards and with notice to you.

4.2 We Do Not Share With

  • Advertisers or data brokers. Ever.
  • Other users. Your data is private to you.
  • Your bank. We only receive data through open banking; we never send data back to your bank.
  • Credit reference agencies, unless you explicitly request this as a feature in future.
  • Third parties for their own purposes. We share your data only to run the Fae service — nothing else.

4.3 Legal Disclosures

We may be required to share data with law enforcement or other authorities in response to a court order, legal process, or regulatory requirement. When this happens, we will: verify the legal basis for the request before complying; share only the minimum data necessary; and notify you unless we are legally prohibited from doing so.

5.International Data Transfers

The plainspeak summary: When we need to transfer your data outside the UK, we put safeguards in place to protect it.

Some of our service providers are located outside the United Kingdom — including development partners in South Africa. Where we transfer your personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR. This includes using the UK International Data Transfer Agreement (IDTA) or other approved transfer mechanisms.

If you would like more information about the specific safeguards we use for any transfer, please contact us at hello@getfae.com.

6.How Long We Keep Your Data

The plainspeak summary: We only keep your data for as long as it's needed for business, regulatory or legal reasons.

We keep your personal data only for as long as we need it. As a guide:

  • Account and profile data: retained for the duration of your account, then deleted within 30 days of account closure.
  • Transaction and financial data: retained for the duration of your account plus any period required by law.
  • Support and complaint records: retained for up to 6 years from resolution, as required for legal purposes.
  • Security logs: retained for a short period for fraud detection and security purposes.

We may retain anonymised and aggregated data, from which you cannot be identified, indefinitely for statistical and analytical purposes. When data is no longer needed, we delete it securely.

7.Your Rights

The plainspeak summary: You can access, correct, delete, or export your data, and stop us from processing it.

You have rights over your personal data under UK GDPR, and we want it to be easy to use them.

Access. You can request a copy of all the personal data we hold about you — account information, transaction data, AI insights, and activity history — in a machine-readable format (JSON or CSV).

Rectification. If anything we hold about you is inaccurate or incomplete, you can ask us to correct it. Most profile information can be updated directly in Settings.

Erasure. You can ask us to delete your data. We'll delete your account, all personal information, financial data, and AI insights within 30 days. The only exceptions are complaint records (kept for up to 6 years) and anonymised analytics data that can no longer identify you.

Restriction. You can ask us to pause processing of your data in certain circumstances — for example, if you've disputed its accuracy. You can also disconnect any data source at any time, which immediately stops new data from that source being processed.

Portability. You can ask for your data in a structured, machine-readable format to take elsewhere.

Objection. You can object to processing based on our legitimate interests. You can also object to communications at any time — we'll stop immediately.

Withdrawing consent. Where we process your data based on your consent, including open banking, email and calendar connections, you can withdraw that consent at any time through your account settings. Withdrawing consent doesn't affect anything we did lawfully before you withdrew it.

Automated decisions. Fae's AI categorises your transactions and generates insights, but all outputs are advisory and you can override any of them. We don't make automated decisions that have legal or significant effects on you.

To exercise any of these rights, email us at hello@getfae.com with the subject line "Privacy Rights Request." We'll respond within 30 days, free of charge. We may ask you to verify your identity to protect against fraudulent requests.

If you're not satisfied, we'd like the chance to put things right first — please contact us. If you're still not happy, you can complain to the ICO: ico.org.uk, 0303 123 1113, or Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

8.How We Keep Your Data Safe

The plainspeak summary: We take various technical and organisational measures to protect your data, including encryption, access controls, and security testing.

We take security seriously. Given the nature of the data Fae handles, that's the least you should expect.

8.1 Technical Measures

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Encryption keys are securely managed.
  • Firewalls, intrusion detection, and DDoS protection are in place.
  • Regular security testing and vulnerability scanning.
  • Secure development practices throughout our engineering process.

8.2 Organisational Measures

  • Access to your data is limited to those who need it, on a least-privilege basis.
  • All team members with data access are subject to confidentiality obligations and receive security training.
  • We have a documented data breach response plan.
  • We conduct regular internal security reviews.
  • We are working towards ISO 27001 certification.

8.3 If a Breach Occurs

If we experience a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, as required by UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly as quickly as possible, tell you what happened and what we are doing about it.

9.Children

The plainspeak summary: Fae is intended for adults. Data belonging to children will be deleted as soon as we're aware that we have it.

Fae is not intended for anyone under 18. We do not knowingly collect personal data from children. If we discover that we have, we will delete it immediately and notify the relevant parties. If you believe a child has used the service, please contact us at hello@getfae.com.

10.Cookies

The plainspeak summary: We use essential cookies, which are required for the app to work, and analytics and preference cookies, which you can manage and opt out of.

We use cookies and similar technologies on our website and in the app. Here's what we use and why:

Essential cookies (you cannot opt out — these are needed for the service to work): session management to keep you logged in; security cookies to prevent attacks; load balancing.

Analytics cookies (you can opt out): we use these to understand how people use the app so we can improve it. Data is anonymised.

Preference cookies (you can opt out): to remember your settings and display preferences.

To manage your cookie preferences, click on Cookies in the app, or use your browser settings. Disabling essential cookies will prevent core functionality from working.

11.Links to Other Services

The plainspeak summary: If we link to third-party sites (like your bank), we aren't responsible for their privacy practices.

Our website and app may contain links to third-party services — for example, your bank's website. We are not responsible for the privacy practices of those services. We recommend you read their privacy policies before sharing information with them.

12.Changes to This Policy

The plainspeak summary: If we make meaningful changes to how we use your data, we'll notify you in advance.

We may update this policy from time to time. Where changes are material — meaning they affect how we use your data in a way that matters to you — we will notify you by email before they take effect. The updated policy will always show its effective date at the top.

If you don't agree with changes to the policy, please stop using the service and close your account. We will delete your data in accordance with Section 7.

13.Contact Us

If you have questions about this policy, want to exercise your rights, or have a concern about how we've handled your data, please get in touch. We're building this with you — that starts with being available.

Fae Technologies Ltd  ·  Unit D3, Curie House, Wallis Road, London, E9 5LN
hello@getfae.com
ICO registration number: ZC131995