LEGAL

Privacy Policy

Last updated: 31st August 2025

Fitter Circle Ltd takes data protection and privacy responsibilities seriously. This notice explains how we protect, process and share your personal data when you visit our website or app, as well as what your rights are as a data subject. We may amend this notice from time to time to ensure it remains compliant with legal requirements and reflects how we operate our business. Any changes will be posted on this page and, where appropriate, notified to you.

Fitter Circle Ltd is the Data Controller for the personal data processed, unless otherwise stated in this privacy notice.

  • Company Registration Number: 16071558
  • ICO Registration Number: [insert once issued]
  • Registered Office: 14 Hunting Place, Hounslow, United Kingdom, TW5 0NR

1. Contact details

We have appointed a Data Protection Officer (DPO), who is responsible for overseeing this privacy notice.

📧 vj@fittercircle.com

2. Information we may collect and how it's collected

Our services are not intended for anyone under 18. If we identify users under 18, we delete their personal data.

We may collect the following personal data:

  • Referrals data: Confirmation emails sent when a referral signs up or completes their first purchase/cash out. Emails sent to referrers may include the referee's first name and username.
  • Registration data: Name, mobile number, email, device ID, OS, app version, login activity, referral tracking.
  • Biometric data: Fingerprint/face recognition login (via your device). We do not store biometric data. PIN login is available as an alternative.
  • Purchase/reward data: Company, amount, rewards earned, payment method, time of purchase, bonuses, voucher or gift card access.
  • Payment data: If using Apple/Google Pay or Open Banking, details are processed by regulated third-party providers (we supply only necessary order details).
  • Behavioural/personalisation data: We may analyse transaction and device data to provide tailored rewards.
  • ID verification data: In some cases, we may request photo ID/video for KYC or use our partner (e.g., Sumsub).
  • Cash out data: Bank account name, sort code, account number (stored to simplify future cash outs).
  • Refund data: Processed via your original payment method.
  • Marketing data: If opted in, you may receive emails, SMS or push notifications. You can opt out at any time.
  • General communication data: When contacting us (e.g., email, chat, social media).
  • Surveys data: Anonymised data for feedback purposes.
  • Operational data: Device type, OS, crash logs, app version, session data.
  • App data: Camera and location permissions (for loyalty card scanning, local offers).
  • Cookies/analytics: We use tools such as Firebase, Crashlytics and Google Analytics.

3. Lawful basis for processing

We rely on the following legal grounds:

  • Consent – e.g., marketing communications.
  • Performance of a contract – to provide the service.
  • Legal obligations – e.g., financial reporting, anti-money laundering.
  • Legitimate interests – e.g., fraud prevention, improving services.

4. Automated decision making

We may use automated profiling for fraud prevention or to personalise offers. You can request human review.

5. Data sharing and processors

We may share data with:

  • Open Banking providers
  • Fraud prevention/KYC providers
  • Digital payment providers
  • Cloud hosting providers
  • Analytics providers
  • Customer service platforms
  • Communication providers
  • Social media (if you interact with us there)

6. International transfers

Where personal data is transferred outside the UK/EU, we use appropriate safeguards (e.g., Standard Contractual Clauses + UK Addendum).

7. Third-party links

We are not responsible for privacy practices of third-party websites/apps linked from ours.

8. Data retention

We retain data for as long as necessary for service delivery and compliance. Examples:

  • AML records: 5 years after account closure/transaction.
  • Claims defence: up to 6 years.
  • Marketing data: until you withdraw consent.
  • Cookies: see our cookie policy.

9. Deleting your account

You may delete your account within the app, but this does not automatically erase personal data. To request erasure, contact vj@fittercircle.com.

10. Your rights

You have the following rights:

  • Access – see your data.
  • Rectification – correct inaccurate data.
  • Erasure – request deletion.
  • Restrict/objection – stop/restrict processing.
  • Portability – transfer your data.
  • Withdraw consent – for consent-based processing.

Complaints: Contact us at vj@fittercircle.com or the ICO at ico.org.uk/concerns.