EarnlyJoin the Wait List
other

GDPR Policy

Last updated 5/11/2026

Earnly Ltd (“Earnly”, “we”, “our”, “us”) is committed to protecting and respecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy outlines how Earnly collects, processes, stores, and protects personal data through its platform, which provides real-time tax insights and financial intelligence to individuals and businesses.

This policy applies to:

  • All users of the Earnly platform (web and mobile)

  • Personal data collected via Open Banking integrations

  • Data processed through integrations (e.g. accounting platforms)

  • Internal staff, contractors, and third-party processors

1. Roles & Responsibilities

  • Data Controller: Earnly Ltd determines the purpose and means of processing personal data.

  • Data Protection Lead: Responsible for GDPR compliance, policies, and breach management.

  • All Staff & Contractors: Responsible for handling data securely and reporting incidents.

2. Types of Data Collected

Earnly processes the following categories of data:

2.1 Identity Data

  • Name

  • Email address

  • Account login credentials

2.2 Financial Data

  • Bank account information (via Open Banking providers)

  • Transaction data (income, expenses)

  • Tax-related data (estimates, liabilities, filings)

2.3 Technical Data

  • IP address

  • Device type

  • Browser information

  • Usage analytics

2.4 Derived Data

  • Categorised transactions

  • Tax calculations and forecasts

  • AI-generated insights and recommendations

3. Lawful Basis for Processing

Earnly processes personal data under the following lawful bases:

  • Consent: For accessing bank data via Open Banking and certain analytics features.

  • Contractual Necessity: To provide the core Earnly service (tax calculations, insights).

  • Legitimate Interests: To improve the platform, prevent fraud, and ensure security.

  • Legal Obligation: Where required for compliance with HMRC or regulatory bodies.

4. How We Use Personal Data

Earnly uses personal data to:

  • Connect to bank accounts via authorised Open Banking providers

  • Retrieve and process transaction data

  • Categorise financial activity (business vs personal)

  • Calculate real-time tax obligations (e.g. Corporation Tax, VAT, Income Tax)

  • Provide insights, alerts, and recommendations

  • Improve product performance and user experience

  • Detect fraud and ensure platform security

Users may view processed transaction data within the platform; however, raw banking credentials are never stored by Earnly.

5. Data Sharing & Third Parties

Earnly may share data with:

  • Open Banking Providers (regulated AISPs)

  • Cloud Infrastructure Providers (e.g. hosting, databases)

  • Analytics Providers (e.g. product usage tracking)

  • Payment Providers (e.g. subscription billing)

All third parties are subject to:

  • Data Processing Agreements (DPAs)

  • Security and confidentiality obligations

  • GDPR compliance requirements

Earnly does not sell personal data.

6. International Data Transfers

Where data is transferred outside the UK:

  • Transfers are made only to countries with adequate protection, or

  • Appropriate safeguards are used (e.g. Standard Contractual Clauses)

7. Data Retention

Earnly retains personal data only as long as necessary:

  • Active user accounts: retained for the duration of service use

  • Financial and tax data: retained in line with HMRC requirements (typically 6 years)

  • Inactive accounts: deleted or anonymised after a defined period

8. Data Security

Earnly implements appropriate technical and organisational measures, including:

  • Encryption of data in transit and at rest

  • Secure API integrations (Open Banking standards)

  • Role-based access controls

  • Regular security reviews and monitoring

  • Secure development practices

9. User Rights

Under UK GDPR, users have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

  • Requests can be made via: support@earnly.co.uk

10. Data Breach Management

In the event of a data breach, Earnly will:

  • Investigate and contain the breach immediately

  • Assess risk to individuals

  • Notify the ICO within 72 hours where required

Inform affected users where there is a high risk

11. Cookies & Tracking

Earnly uses cookies and similar technologies to:

Maintain user sessions

Analyse usage and performance

Improve the product experience

Users can manage cookie preferences via browser settings.

12. Privacy by Design

Earnly embeds data protection into product development by:

  • Minimising data collection

  • Using anonymisation where possible

  • Ensuring secure defaults

  • Conducting risk assessments for new features

13. Changes to This Policy

This policy may be updated periodically. Users will be notified of significant changes via the platform or email.

14. Contact Information

For any GDPR or data protection queries:

Email: support@earnly.co.uk Company: Earnly Ltd Address: 41 New Cross Street, Swinton, Manchester, M274TU