Home Sign Up Sign In
  • Terms of Use
  • Privacy Policy
  • Prohibited Businesses

Privacy Policy

Last updated: July 2026

Introduction

Finexer Ltd ("Finexer", "we", "us" or "our") is committed to protecting personal data and respecting privacy. This Privacy Policy explains how we collect, use, share and protect personal data when you visit our website, use our products, services, features or APIs, interact with us as a client or partner, or use services that are provided through our clients and partners.

Finexer is authorised by the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP). Our services may involve processing account information, payment initiation records, Open Banking consent records, transaction data, technical logs and related operational data.

Finexer is registered with the Information Commissioner's Office (ICO) under registration number ZB841505. We may update this Privacy Policy from time to time by publishing a revised version on this page.

Information we collect

Account and contact information. We may collect information such as name, business name, address, email address, telephone number, account registration details, business identifiers, verification information and communications with us.

Open Banking and payment-service information. Where our services are used, we may process bank account information, account holder information, balances, transaction data, payment initiation records, consent records, authorisation records and related service data. This data is processed only where required to provide the relevant service, comply with legal or regulatory obligations, prevent fraud, maintain security or support the operation of our platform.

Website and technical information. When you visit our website or use our services, we may collect technical information such as IP address, browser type, operating system, pages accessed, referral URLs, timestamps, device identifiers, log data and cookie preferences.

Customer and end-user information. Where our clients use Finexer services to provide account information or payment initiation functionality to their customers, we may process personal data relating to those end users in accordance with the applicable consent, contract and regulatory framework.

We do not intentionally collect special category data such as information about health, religion, race, ethnicity or political views. However, transaction data can sometimes indirectly reveal sensitive aspects of an individual's life. We therefore treat transaction data as highly sensitive and protect it accordingly.

Information from third parties. We may receive information from banks, financial institutions, identity verification providers, fraud prevention providers, clients, partners, suppliers, public sources and other service providers where this is necessary for our services, compliance, security, fraud prevention or support activities.

Cookies and similar technologies

When you visit our public website, we use cookies and similar technologies, such as browser local storage and session storage. Some of these are needed to make the website work properly and keep it secure. Others help us understand how the site is used, or, with your permission, help us measure and improve our marketing. We use the following categories:

  • Strictly necessary. These are required for the website and our services to function and to remain secure. They include cookies used for session management, security and anti-forgery protection, load balancing, remembering your privacy choices, and a device-recognition signal that helps protect your account from sign-ins on unrecognised devices. These cookies are always active, are exempt from consent under the applicable rules, and cannot be switched off through the cookie banner.
  • Functional. These remember choices you make so that we can provide a more convenient experience. For example, they may remember your preferred time or date formatting, dashboard appearance or display settings, and banks you have recently used during a connection journey. We use these only with your consent where consent is required.
  • Analytics. These help us understand how visitors find and use our website by collecting usage statistics in a pseudonymised form. We do not use them to identify you personally. We use Google Analytics and Ahrefs Analytics for this purpose.
  • Marketing. These help us measure the effectiveness of our campaigns, show relevant Finexer advertising on other websites, and understand business interest in our services. We use Google Ads, Leadfeeder, Albacross and Snitcher for this purpose.

Some cookies and similar technologies are set by the third parties named above. The lifetime of third-party cookies is set by each provider, so their privacy and cookie notices explain in more detail how long those cookies last and how they process the data they receive.

Your choices. The first time you visit our website, we ask for your consent through our cookie banner. Until you make a choice, non-essential cookies and tracking scripts are blocked and remain inactive. You can accept all, reject all, or choose which categories you allow. Rejecting non-essential cookies is as easy as accepting them. We also use Google Consent Mode so that our advertising and analytics partners receive and respect your consent choice.

You can change or withdraw your consent at any time by selecting Cookie Settings in the footer of our website. This reopens the preferences panel. We keep a record of your choice, including the date, the version of this notice, the categories you selected and, where you are signed in to your Finexer account, your account identifier, so that we can demonstrate your consent. We remember your choice for up to 12 months, after which we will ask you again. We will also ask sooner if we make a material change to the cookies or similar technologies we use. You can also control cookies through your browser settings, although parts of the website may not work properly if strictly necessary cookies are blocked.

We retain consent records, including the IP address and browser information collected at the time of the consent decision, for a period of up to three years. After that period, those records are deleted. This data is used solely to demonstrate compliance with our legal obligations and is not used for any other purpose.

How we use information

We use personal data where necessary for lawful, legitimate and proportionate purposes, including to:

  • provide, operate and support our website, platform, services and APIs;
  • provide account information services and payment initiation services requested by users or our clients;
  • verify identity, account information and eligibility to use our services;
  • process transactions, payment instructions, account information requests and related notifications;
  • respond to enquiries and provide customer, client and partner support;
  • monitor, secure, maintain and improve our systems and services;
  • identify, prevent, investigate and report fraud, misuse, prohibited activity, security incidents or unlawful activity;
  • meet legal, regulatory, audit, accounting and record-keeping obligations;
  • measure and improve the performance, content and usability of our website and services; and
  • send service communications and, where permitted, marketing communications based on your preferences.

Lawful basis for processing

Depending on the context, we rely on one or more lawful bases under UK GDPR, including consent, performance of a contract, compliance with legal obligations and our legitimate interests. For example, Open Banking access is based on the relevant consent and service request; security monitoring and fraud prevention may rely on legal obligations and legitimate interests; and non-essential analytics and marketing cookies are used only where you have given consent.

Information we share

Other than as stated in this Privacy Policy, Finexer does not sell personal information. We may share your personal information with certain trusted third parties as follows:

  • Service providers. We share information with service providers that help us operate and maintain our services, including hosting, cloud infrastructure, Microsoft services, identity verification, fraud prevention, analytics, marketing, IT support, email delivery, monitoring and audit support. These providers may use personal data only as necessary to provide services to us and must protect it in accordance with applicable obligations.
  • Clients, partners and users. We may share information with clients, partners or users where this is necessary to provide the requested service, complete an Open Banking journey, support an integration, process a payment initiation request, resolve a support issue or meet contractual obligations.
  • Authorised third parties. Where you authorise a third party to access information through Finexer or a connected service, we may share information in accordance with that authorisation and the applicable consent flow.
  • Legal, regulatory and law-enforcement purposes. We may disclose information where required by law, regulation, court order, payment-service rules, the FCA, the ICO or other competent authorities, or where reasonably necessary to protect our rights, users, clients, partners, systems or services.

Where a third party acts as our processor, we remain responsible for ensuring that processing is governed by appropriate contractual, confidentiality and security obligations.

International transfers

Finexer's core service infrastructure is hosted primarily in Microsoft Azure UK regions. Some third-party providers used for website analytics, marketing, support, communications or operational services may process personal data outside the United Kingdom or European Economic Area. Where this occurs, we use appropriate safeguards, such as contractual protections and recognised transfer mechanisms, and assess suppliers before relying on their services.

Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, meet legal and regulatory obligations, evidence Open Banking consent, prevent fraud, resolve disputes, maintain security, support audits and enforce our terms.

Cookie consent records are retained for up to three years. Other records, such as account, transaction, consent, incident, support and compliance records, are retained for the periods required by applicable law, regulation, contract and legitimate business need. Marketing data is retained until consent is withdrawn or the data is no longer required for the relevant purpose.

Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures include encryption in transit, encryption at rest where applicable, access controls, multi-factor authentication, password manager controls, logging, monitoring, secure development practices and supplier security review.
Please note that no data transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure.

Your rights

Subject to applicable law, you may have the right to request access to your personal data, correction of inaccurate data, erasure of data, restriction of processing, portability, objection to processing and withdrawal of consent where processing is based on consent. You may also have rights in relation to automated decision-making and profiling where applicable.

You can review, correct or update certain account information by logging in to your Finexer account or by contacting us. You can also request account closure through the Contact us form or in your account. If you close your account, we may retain information where necessary to comply with legal or regulatory obligations, resolve disputes, prevent fraud, maintain security, enforce our terms or take other action required or permitted by law.

If you are unhappy with how we handle your personal data, you may contact us first so we can try to resolve the issue. You also have the right to complain to the Information Commissioner's Office.

Minors

Our services are not intended for children. We do not knowingly collect personal data from children through our services.

Contact us

If you have any questions or concerns regarding this Privacy Policy, or if you wish to exercise your data protection rights, you can contact us by email, through customer support, or through our Contact us page.

Copyright © 2026 Finexer. Cookie Settings