Data safety
What we collect and how we handle it
A plain-language summary of our data practices. For the full legal text, see our privacy policy.
What we collect
- Your email address - to identify your account and send access links.
- Your name (optional) - for display purposes only.
- Bank transaction summaries - processed in memory to generate report metrics. Raw transactions are not stored.
- Report metrics - structured summary data (e.g. average monthly income band, payment reliability score). Never individual transactions.
- Bank connection metadata - provider name, institution, currency, token expiry. Access tokens are encrypted before storage.
- Usage logs - anonymised IP hash, user agent hash, and session metadata for security and audit purposes.
What we do not collect
- Individual bank transactions or merchant names.
- Account numbers, sort codes, or IBANs.
- Passwords, PINs, or any banking credentials.
- National ID numbers, date of birth, or credit scores.
- Device fingerprints or advertising identifiers.
How long we keep your data
- Reports expire after 90 days. Expired reports are no longer accessible.
- Bank connections are valid until consent expires or you revoke them.
- Access grants expire after the window you set (default 30 days).
- Your account and associated data is retained until you request deletion.
- Audit log entries are retained for 12 months for security purposes.
Your rights
- Access: you can view all reports, connections, and access grants in your dashboard.
- Portability: you can request a full export of your account data.
- Deletion: you can delete your account and all associated data from Settings. Deletion is permanent.
- Revocation: you can revoke any active share link or bank connection at any time.
- Correction: contact us if any profile information needs correcting.
Questions about your data?
Contact our privacy team at privacy@creditglance.com. We will respond within 30 days.