Privacy Policy

Last updated: 22 March 2026

Wealthly ("we", "us", "our") is a personal finance application operated by Templar Systems Limited, a company registered in England and Wales. This privacy policy explains how we collect, use, store, and protect your personal data when you use the Wealthly mobile application (the "App").

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection legislation.

1. Data Controller

The data controller responsible for your personal data is:

Templar Systems Limited
Contact: support@getwealthly.co.uk

2. What Data We Collect

We collect and process the following categories of personal data:

Account information:

• Name (used to personalise your profile within the App)
• Email address (used for authentication, account recovery, and essential service communications)
• Date of birth (optional, used for retirement forecasting calculations)
• Profile photo (optional, stored in Firebase Storage)

Financial data you provide manually:

• Asset details (property, vehicle, pension, savings, investments) including names, values, categories, and valuation dates
• Debt details (mortgage, loan, credit card) including balances, repayment amounts, and interest rates
• Ownership percentages for jointly held assets and debts
• Property addresses (used as a lookup key to query the Land Registry for valuation purposes)
• Vehicle registration numbers (used to query the DVLA Vehicle Enquiry Service for vehicle identification)

Financial data from connected bank accounts (Open Banking):

• Bank account names, balances, and transaction history — accessed via Finexer, an FCA-authorised open banking provider
• We access this data only with your explicit consent and authorisation through a secure redirect flow
• Open banking consent must be renewed every 90 days in accordance with regulatory requirements

Technical and device data:

• Device type and operating system (for crash reporting via Firebase Crashlytics)
• Firebase Cloud Messaging (FCM) token (for push notifications, only if you grant permission)
• App usage analytics (Firebase Analytics — aggregate usage patterns to improve the App)

Subscription data:

• Subscription status (active, expired, etc.) — managed by RevenueCat. We do not process or store your payment card details; all payment processing is handled by Apple through the App Store.

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide the App's core functionality: calculating and displaying your net worth, generating forecasts, tracking your wealth over time, and providing property and vehicle valuations
• To authenticate your account: verifying your email address and managing sign-in (including biometric authentication where enabled)
• To connect your bank accounts: facilitating Open Banking connections via Finexer to import your bank balances and transaction history
• To send push notifications: daily net worth updates (only if you opt in via the profile settings)
• To improve App stability: crash reports help us identify and fix bugs
• To manage your subscription: determining access to premium features

We do not use your data for advertising, profiling, or automated decision-making. We do not sell, rent, or share your personal data with third parties for their marketing purposes. We do not use your data for tracking purposes as defined by Apple's App Tracking Transparency framework.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract (Article 6(1)(b)): processing necessary to provide you with the App's services, including net worth calculation, forecasting, and property/vehicle valuations
• Consent (Article 6(1)(a)): Open Banking connections (Finexer) and push notifications — you can withdraw consent at any time by disconnecting your accounts or disabling notifications
• Legitimate interests (Article 6(1)(f)): crash reporting, App stability improvements, and aggregate analytics to improve the user experience

5. Third-Party Services

We use the following third-party services to operate the App:

• Firebase (Google): authentication, database (Firestore), cloud functions, file storage, crash reporting (Crashlytics), analytics, and push notifications (FCM). Data is stored on Google Cloud servers. Firebase Privacy Policy
• Finexer: FCA-authorised Open Banking provider used to securely connect your bank accounts. Finexer accesses your bank data on your behalf under their own regulatory obligations. All API calls are routed through our secure server-side proxy — your bank credentials are never processed by or stored in the App.
• RevenueCat: subscription management. RevenueCat receives an anonymous app user ID and subscription status — no financial data. RevenueCat Privacy Policy
• Land Registry: we query the publicly available Land Registry Price Paid Data and House Price Index to estimate property valuations. No personal data is sent — queries use property addresses only.
• DVLA Vehicle Enquiry Service: we query the DVLA API using your vehicle registration number to identify your vehicle's make, model, and year. No personal data beyond the registration number is transmitted.
• Apple App Store: handles all payment processing for subscriptions. We never see or store your payment details.

6. Data Storage and Security

Your data is stored in Google Cloud Firestore. We protect your data using:

• Firebase Authentication with email verification (secure sign-in)
• Firestore Security Rules (users can only access their own data — enforced server-side)
• Server-side proxy for all Open Banking API calls (API keys and credentials never stored on-device)
• Firebase Auth ID token verification on all Cloud Function endpoints (no unauthenticated access)
• HTTPS encryption for all data in transit
• Encryption at rest provided by Google Cloud
• Biometric authentication option (Face ID / Touch ID) — biometric data is processed entirely on-device by Apple's Secure Enclave and is never transmitted to us

7. Data Retention

We retain your personal data for as long as your account is active. Historical valuation data is retained to provide you with wealth-over-time tracking and chart history.

When you delete your account (via Profile > Delete Account in the App), all your data is permanently and irreversibly deleted, including:

• All assets, debts, and their complete valuation histories
• All connected bank account data and Open Banking consent records
• Your user profile, profile photo, and authentication record
• Your FCM notification token

Deletion is cascading, immediate, and irreversible. We do not retain any personal data after account deletion.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of access (Article 15): request a copy of the personal data we hold about you
• Right to rectification (Article 16): request correction of inaccurate data
• Right to erasure (Article 17): request deletion of your data (available directly via the "Delete Account" feature in the App, or by contacting us)
• Right to restrict processing (Article 18): request that we limit how we use your data
• Right to data portability (Article 20): request your data in a structured, machine-readable format
• Right to object (Article 21): object to processing based on legitimate interests
• Right to withdraw consent: withdraw consent for Open Banking connections or push notifications at any time through the App

To exercise any of these rights, contact us at support@getwealthly.co.uk. We will respond within one month as required by law.

9. International Data Transfers

Your data is processed by Google Cloud (Firebase), which may store data in data centres outside the UK. Google operates under Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA) to ensure adequate protection of your data in accordance with UK GDPR requirements.

10. Children's Privacy

The App is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via the App or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ico.org.uk/make-a-complaint

13. Contact Us

If you have any questions about this privacy policy or your personal data, please contact us at:

Templar Systems Limited
support@getwealthly.co.uk