Privacy Policy

ValueHalla Ltd ("ValueHalla", "we", "us") is the controller of your personal data. Company details and registered address to be added here. You can contact us at privacy@valuehalla.com.

This policy explains how we handle personal data when you use our website, app, and related services (collectively, the "Service"). It covers UK GDPR and the Data Protection Act 2018.

• Account data: name, email, password hash, settings.
• Bank data (read‑only): transactions, merchant descriptors, amounts, balances, account metadata obtained via our Open Banking connectivity provider. We never receive your online banking password.
• Insights data: categories, tags, your optional feelings/notes about purchases.
• Usage data: device, log and analytics data (IP, pages viewed, actions). Consent where required.
• Support data: messages you send us.

• Provide the Service (e.g., fetch transactions, generate insights, emails): performance of a contract.
• Improve and secure the Service (debugging, analytics, preventing abuse): legitimate interests. You can object where applicable.
• Ask clarifying questions about ambiguous transactions: performance of a contract.
• Training and evaluation of models: legitimate interests; you can opt out in Settings.
• Marketing communications (product updates, tips): consent or legitimate interests depending on context; you can unsubscribe anytime.
• Legal obligations (tax, accounting, responding to lawful requests): legal obligation.

We connect to your bank through a vetted Open Banking provider (an AISP). You authenticate directly with your bank; we receive read‑only tokens to retrieve transaction data. Our provider and your bank each process your data under their own policies; please review them as applicable.

• Processors: trusted vendors such as cloud hosting, error tracking, analytics (where enabled), and our Open Banking partner. They are bound by contract to process data only on our instructions.
• Legal/Compliance: where required by law or to protect rights, safety and security.
• Business transfers: if we undergo a merger, acquisition, or asset sale, we will continue to protect your data and notify you of any material changes.

If we transfer personal data outside the UK/EEA, we use appropriate safeguards such as the UK IDTA/Addendum or EU SCCs, plus additional measures where necessary.

We keep personal data only as long as needed for the purposes above, then delete or anonymise it. Typical examples: account data retained for your subscription; connection tokens expire or are revoked; backup copies roll off on a set schedule. We may retain limited records to comply with legal obligations.

Under UK GDPR you may have the right to:

• access, correct, or delete your personal data;
• restrict or object to certain processing, including where based on legitimate interests;
• data portability (receive your data in a structured, commonly used format);
• withdraw consent where processing relies on consent; and
• complain to a supervisory authority. In the UK this is the ICO: ico.org.uk.

You can exercise many of these rights in the app under Settings → Privacy, or email privacy@valuehalla.com.

The Service isn’t intended for under‑16s. We don’t knowingly collect data from children. If you believe a child has provided personal data, contact us and we’ll take appropriate steps.

We use essential cookies for authentication and security. Optional analytics cookies are used with your consent. You can manage preferences via our cookie banner or browser settings.

We use algorithms to categorise transactions and surface insights. You can review and override categories, mute topics, and request human review via support.

We’ll update this policy from time to time. We’ll post the new version here and, if changes are material, we’ll notify you by email or in‑app.

Questions or requests? Email privacy@valuehalla.com.