Legal
Privacy Policy
Last updated: 1 March 2025
1. Who we are
SplitPay Ltd ("SplitPay", "we", "us") is a company registered in England and Wales. We operate the SplitPay platform, which lets you create payment requests, split bills, and collect money from others via UK Open Banking. Payment initiation services are provided by TrueLayer Limited, who are authorised and regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (FRN 901096) for the provision of payment services.
2. What data we collect
We collect the following personal data when you use SplitPay: • Phone number — used to identify your account and send OTP verification codes. • Display name — shown on your payment requests to recipients. • Payment transaction data — amounts, references, timestamps, and payment method (bank transfer or card). • Usage data — pages visited, features used, device type and browser (via anonymised analytics). • IP address — logged for fraud detection and security purposes. We do not store your bank account credentials. Open Banking payments are initiated via TrueLayer, who handle all bank-level authentication.
3. How we use your data
We use your personal data to: • Provide and operate the SplitPay service. • Send OTP verification codes via SMS. • Process and record payment transactions. • Send payment request notifications via SMS or WhatsApp (with your consent). • Prevent fraud and ensure platform security. • Comply with legal obligations under UK law. We do not sell your personal data to third parties. We do not use your data for advertising.
4. Data sharing
We share data only with the following trusted third parties where necessary to provide the service: • TrueLayer Limited — Open Banking payment initiation. • Twilio Inc — SMS and WhatsApp notification delivery. • Stripe Inc — Card payment processing (if you pay by card). • Vercel Inc — Web application hosting (EU region). • Supabase Inc — Database hosting (EU region, encrypted at rest). All third-party processors are bound by data processing agreements and must handle your data in accordance with UK GDPR.
5. Your rights
Under UK GDPR, you have the right to: • Access the personal data we hold about you. • Correct inaccurate or incomplete data. • Request deletion of your data ("right to be forgotten"). • Object to or restrict certain processing. • Data portability — receive your data in a machine-readable format. • Withdraw consent at any time where we rely on consent as a legal basis. To exercise any of these rights, contact us at privacy@split-pay.co.uk. We will respond within 30 days.
6. Data retention
We retain your personal data for as long as your account is active, plus a further 2 years to comply with financial record-keeping obligations. Payment transaction records may be retained for up to 6 years in line with HMRC requirements. You may request deletion of your account at any time from your profile settings. Following deletion, anonymised aggregate statistics may be retained indefinitely.
7. Cookies
We use only essential cookies required to operate the service (session tokens and authentication state). We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required as we do not place non-essential cookies.
8. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, and regular penetration testing. Access to personal data is restricted to authorised personnel only. Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to security@split-pay.co.uk.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by SMS. Continued use of SplitPay after a policy change constitutes acceptance of the revised terms.
10. Contact us
For any questions about this Privacy Policy or your personal data, contact our Data Protection Officer at: privacy@split-pay.co.uk SplitPay Ltd, 123 Example Street, London, EC1A 1BB You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.