Privacy Policy

Last updated: April 2026

1. Introduction

mind.money ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are the data controller for information processed through mind.money. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

When you use SecureVault, you may choose to store:

  • Identity documents (passport, driving licence, ID cards)
  • Contact information (address, phone, email)
  • Financial information (bank details, card numbers)
  • Travel credentials (frequent flyer numbers, visa information)
  • Insurance records (policy numbers, claims history)
  • Subscription information

Important: All data stored in SecureVault is encrypted using AES-256 encryption. We do not have access to your unencrypted vault data.

2.2 Information Collected Automatically

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Usage analytics (features used, interaction patterns)
  • Cookies and similar technologies

2.3 Information from Third Parties

When you connect third-party services, we may receive:

  • Confirmation of service connection
  • Transaction confirmations (not full payment details)
  • Booking references and status updates

3. How We Use Your Information

We use information to:

  • Provide and maintain the Service
  • Process your requests to share data with connected services
  • Send you service notifications
  • Respond to your enquiries
  • Improve and develop the Service
  • Comply with legal obligations
  • Prevent fraud and ensure security

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: To provide the Service you have requested
  • Consent: When you explicitly consent to data sharing with third parties
  • Legitimate interests: To improve our Service and ensure security
  • Legal obligation: To comply with applicable laws and regulations

5. Data Sharing

5.1 Sharing With Your Consent

We only share your vault data with third-party services when you explicitly authorise it. You control exactly what data is shared with each service.

5.2 Service Providers

We work with the following categories of service providers:

  • Skyscanner: Travel search and booking data (API provider)
  • Currency Clear: Payment processing (FCA-registered EMI)
  • Cloud infrastructure: Encrypted data storage
  • Analytics providers: Anonymised usage data only

5.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

6. Data Security

We implement robust security measures including:

  • AES-256 encryption for all vault data
  • End-to-end encryption for data in transit (TLS 1.3)
  • Zero-knowledge architecture (we cannot read your encrypted data)
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • SOC 2 Type II compliant infrastructure

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Vault data is permanently deleted within 30 days
  • Backup data is purged within 90 days
  • We may retain anonymised analytics data
  • Legal records may be retained as required by law

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw consent: Revoke previously given consent

To exercise these rights, contact us at [email protected]

9. Cookies

We use essential cookies to:

  • Maintain your session
  • Remember your preferences
  • Ensure security

We use analytics cookies (with your consent) to understand how the Service is used. You can manage cookie preferences in your browser settings.

10. International Transfers

Your data is primarily stored in the UK and European Economic Area. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children.

12. Third-Party Services

Skyscanner

Travel search functionality is powered by Skyscanner. When you use travel features, certain search queries are processed by Skyscanner. Please review Skyscanner's Privacy Policy.

Currency Clear

Payment services are provided by Currency Clear. Payment data is processed in accordance with their privacy policy and FCA requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. The date of the last update is shown at the top of this page.

14. Contact Us

For privacy-related enquiries:

Email: [email protected]
Data Protection Officer: [email protected]
Address: MIND MONEY LIMITED, 167-169 Great Portland Street, London, W1W 5PF, United Kingdom
Company No. 16571028

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk