Privacy Policy
Last Updated: 20 May 2026
We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website or use our services.
Information We Collect
We collect the following types of information:
Personal Information: This includes details such as your name, email address, phone number, and any other information you voluntarily provide when filling out forms or communicating with us.
Usage Data: We collect data on how you interact with our website or services, including pages viewed, time spent on the site, and any actions taken during your visit.
Cookies: We use essential cookies required for the app to function (such as remembering your session and state preferences), optional analytics cookies to understand product usage, and optional advertising cookies to measure the effectiveness of our marketing. Non-essential cookies are only set when you accept them via our cookie banner, and you can change or withdraw your choice at any time from the same banner.
How We Use Your Information
We use the information we collect for the following purposes:
To Provide Services: We use your information to deliver and improve our services, respond to inquiries, and fulfill requests.
Communication: We use your contact details to respond to your queries and send essential service notifications (e.g. security alerts, transactional emails). Where you have opted in, we also send product updates, newsletters, and promotional material. You can unsubscribe from marketing emails at any time using the link in each message.
Analytics: We use usage data to analyze trends, track website performance, and enhance user experience.
Legal Bases for Processing
Under UK GDPR Article 6, we process your personal data on the following bases:
| Basis | What we use it for |
|---|---|
| Contract (Art. 6(1)(b)) | Operating the service — your account, portfolio, bank connections, AI features, and transactional emails (receipts, password resets, security notifications) |
| Consent (Art. 6(1)(a)) | Marketing emails and newsletters; non-essential cookies (analytics and advertising); any feature we describe as optional |
| Legitimate interests (Art. 6(1)(f)) | Keeping the service secure, preventing fraud and abuse, diagnosing technical faults, and improving the product |
| Legal obligation (Art. 6(1)(c)) | Accounting, tax, anti-money-laundering, and other records we are required by law to keep |
You can withdraw consent at any time by emailing hello@aureli.app, or, for marketing emails, by using the unsubscribe link in any message. Where we rely on legitimate interests, you have the right to object to processing — see “Your Rights” below.
How We Protect Your Information
We implement appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. However, please note that no method of data transmission or storage is 100% secure.
Sharing Your Information
We do not sell or rent your personal information to third parties. We may share your data with trusted service providers who assist us in operating our website, conducting business, or servicing you, under strict confidentiality agreements.
Our Service Providers
We rely on the following third-party processors to operate Aureli. Each is bound by a written data processing agreement. Where personal data is transferred outside the UK, we use the UK's International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum (shown below as “UK SCCs”).
| Vendor | Purpose | Data types | Location |
|---|---|---|---|
| Vercel | Hosting, app delivery | All usage data | US (UK SCCs) |
| Neon | Database hosting | All account data | UK (London) |
| Stripe | Payment processing | Email, payment data | US (UK SCCs) |
| Resend | Transactional email | Email, content | EU/US |
| Mixpanel | Product analytics | Pseudonymised events | EU |
| Sentry | Anonymous crash reporting | Error events, device/browser metadata | EU |
| Finexer | Open banking (AISP) | Bank account data | UK |
| Google (Ads, GTM) | Advertising | Cookie/pixel data | US (UK SCCs) |
| Anthropic | AI features | Chat content, portfolio data | US (UK SCCs) |
Some of these processors are located outside the UK. Where the destination country does not benefit from a UK adequacy decision, transfers are made under the UK's International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum. You can request a copy of the safeguards in place by emailing hello@aureli.app.
UK Open Banking — Agent of Finexer Ltd
Aureli Tech Limited (FCA Firm Reference Number 1056139) is a registered agent of Finexer Ltd (FCA Firm Reference Number 925695). Finexer Ltd is authorised and regulated by the Financial Conduct Authority as an Account Information Service Provider (AISP) under the Payment Services Regulations 2017, and is the provider of the regulated Open Banking service we use to connect UK bank accounts.
When you choose to connect a UK bank account, you will be asked to grant consent to Finexer Ltd to access information from your bank on your behalf. Finexer Ltd will then share that information with Aureli so we can display it within your portfolio. In this flow:
• Finexer Ltd acts as an independent data controller for the personal data it processes in providing the regulated Open Banking service (including identifiers it uses to operate the service, audit logs, and security data)
• Aureli acts as a data controller for the financial information we receive from Finexer Ltd in order to display your accounts and balances in your portfolio.
• Finexer Ltd's own privacy notice, which describes how it processes your personal data as an AISP, will be presented to you during the bank connection journey, and is also available on Finexer Ltd's website
You can withdraw your consent and disconnect your bank account at any time from within Aureli, or by contacting your bank directly.
Your Rights and Choices
You have the right to access, update, or delete your personal information at any time. If you wish to exercise any of these rights, please contact us using the information provided below.
Data Retention Policy
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our specific retention timeframes are as follows:
Account Data: We retain your account information (including name, email, and profile data) for as long as your account remains active. If you request account deletion, your data will be permanently deleted within 30 days, except where we are legally required to retain certain information.
Portfolio Data: Financial data, including assets, debts, and valuations, is retained for the lifetime of your account. Upon account deletion, this data is permanently removed within 30 days.
Bank Connection Data: Bank account connection data are retained while your connection remains active. After disconnection or account deletion, this data is removed within 90 days. Historical valuations of an asset/debt stay on the account.
Communication Records: Records of emails and support communications are retained for 3 years to maintain service quality and resolve potential disputes.
Analytics Data: Aggregated and anonymized usage analytics may be retained indefinitely for product improvement purposes, as this data cannot be used to identify you personally.
Legal and Compliance Data: Certain data may be retained for longer periods where required by law, such as financial records for tax purposes (typically 6-7 years) or to comply with legal obligations.
Your Rights Under UK GDPR
Under the UK GDPR (and the EU GDPR where applicable), you have the following rights regarding your personal data:
Right to Access: You have the right to request copies of your personal data. Subject access requests are free; we may charge a reasonable administrative fee, or refuse to act, only where a request is manifestly unfounded or excessive.
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data, under certain conditions. This includes when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing.
Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions, such as when you contest the accuracy of the data or object to processing.
Right to Object: You have the right to object to our processing of your personal data, under certain conditions, particularly for direct marketing purposes or when processing is based on legitimate interests.
Rights Related to Automated Decision-Making: We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. You have the right not to be subject to such decisions.
Right to Complain:You have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) if you believe we have not handled your personal data properly.
To exercise any of these rights, email hello@aureli.app. We will respond to your request within 30 days. We may need to verify your identity before processing your request.
Children
Aureli is intended for users aged 18 and over. We do not knowingly collect personal data from children.
Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make changes, we will revise the date at the top of the policy. We encourage you to review this policy regularly for any updates.
Contact & Company Information
For privacy queries, including any of the rights set out above, email hello@aureli.app.
This service is operated by Aureli Tech Limited, a company registered in England and Wales with company number 16965256. Registered office: 86-90 Paul Street, London, England, EC2A 4NE. Aureli Tech Limited holds FCA Firm Reference Number 1056139 and is a registered agent of Finexer Ltd (FRN 925695) for the provision of regulated Open Banking services in the UK. Aureli Tech Limited is registered with the UK Information Commissioner's Office under registration reference ZC122175.