Privacy Policy

1. Introduction

Welcome to plan/ria. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the plan/ria platform, mobile application, and related services (collectively, the “Service”).

plan/ria is operated by plan/ria UK Limited (“we”, “us”, “our”), a company registered in England and Wales (Company Number: 17054288) with our registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

By using the Service, you acknowledge that you have read this Privacy Policy. Our Terms of Service govern your use of the Service and should be read together with this policy.

2. Data controller

For the purposes of UK data protection law, plan/ria UK Limited is the data controller responsible for your personal data processed through the Service.

If you have questions about this policy or how we handle your data, contact us at support@planria.co.uk.

3. Definitions

• Account means your individual plan/ria account.
• Relationship means a connection between two or more Account holders who have agreed to share financial information according to chosen settings.
• Partner means another Account holder with whom you have established a Relationship.
• Open Banking means the regulated framework allowing third-party providers to access banking data with your consent.
• Personal Data has the meaning given in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
• Processing means any operation performed on Personal Data, such as collection, storage, use, or deletion.

4. Information we collect

4.1. Account information

When you create an Account, we may collect:

• given name and forenames (if you provide them)
• email address
• profile and relationship preferences you choose in the Service

We use passwordless sign-in (magic link or one-time passcode sent to your email) via Better Auth. We do not store a password for your Account. Sign-in and service emails are delivered via Resend.

4.2. Financial information

When you connect bank accounts through Open Banking, we receive data from Plaid Technology Ltd, an Account Information Service Provider authorised by the Financial Conduct Authority. Depending on your bank and your choices, this may include:

• account balances
• transaction history
• account types and identifiers (which may be partially masked)
• bank institution details
• account holder information associated with the connection
• other metadata needed to display and analyse your finances in the Service

We process this data to provide aggregation, fair-split, and relationship finance features you request.

4.3. Payment and subscription information

If you subscribe to premium features, Polar.sh processes payments on our behalf. We may receive:

• subscription status and plan identifiers
• limited billing metadata (for example, billing country or receipt references)

We do not store full payment card numbers on our systems.

4.4. Usage and analytics information

We collect information about how you use the Service and our marketing website, which may include:

• IP address and approximate location derived from IP
• browser type, device type, and operating system
• pages viewed, features used, and interaction events
• referral source, session duration, and error logs

This helps us secure the Service, fix bugs, and improve the product. See Cookies and similar technologies below.

4.5. Communications

If you contact us or we send you service messages, we process the content of those communications and related metadata (for example, timestamps and delivery status).

4.6. Optional information

Not all fields above are required. We only collect what is needed for the features you use. You may choose relationship visibility and sharing settings within the Service.

5. How we use your information

We use Personal Data to:

• create and manage your Account and authenticate you
• connect and display Open Banking data you authorise
• operate fair-split, bills, goals, and relationship features
• process subscriptions and communicate about billing
• send transactional emails (sign-in, security, and service notices)
• provide customer support and respond to enquiries
• monitor, secure, and improve the Service (including analytics and debugging)
• generate optional AI-assisted suggestions where you use those features
• comply with legal obligations and enforce our Terms of Service

We do not sell your Personal Data. We do not share your Personal Data with third parties for their own marketing or targeted advertising.

6. Legal bases for processing

Under UK GDPR, we rely on one or more of the following legal bases:

• Contract — processing necessary to provide the Service you signed up for.
• Legitimate interests — for example, security monitoring, fraud prevention, product improvement, and analytics, balanced against your rights.
• Consent — where required, such as connecting bank accounts via Open Banking, certain analytics cookies on the marketing site, or optional marketing communications if we offer them.
• Legal obligation — where we must retain or disclose data to comply with law.

You may withdraw consent where processing is consent-based without affecting the lawfulness of processing before withdrawal.

7. Sharing your information

7.1. Sharing with your Partner

When you establish a Relationship, you choose what financial information is visible to your Partner. Your Partner chooses what is visible to you. Either of you may change visibility settings or end the Relationship. Ending a Relationship does not automatically delete information your Partner has already viewed according to prior settings.

7.2. Service providers (processors)

We use trusted third parties to run the Service. They process Personal Data only on our instructions and subject to appropriate safeguards. Key providers include those listed in Third-party processors.

7.3. Legal and safety disclosures

We may disclose Personal Data if required by law, regulation, court order, or to protect the rights, property, or safety of our users, the public, or plan/ria UK Limited.

8. Third-party processors

The following categories of providers may process Personal Data on our behalf:

Each provider maintains its own privacy policy. We encourage you to review their policies when you use features that depend on them.

9. Cookies and similar technologies

We and our analytics partners use cookies, local storage, and similar technologies where necessary to:

• keep you signed in and secure your session
• remember preferences
• measure traffic and performance on planria.co.uk and the application

On the marketing website we use essential cookies to run the site, plus analytics cookies only if you accept them in our cookie banner (including Google Analytics via Tag Manager, Umami, and Microsoft Clarity). We also use Vercel Web Analytics and Speed Insights as first-party performance measurement on this site. On the application we may use Microsoft Clarity and tags managed via Google Tag Manager.

You can change your choice at any time using Cookie settings in the site footer, or through your browser settings. Rejecting non-essential cookies limits analytics and marketing tags but does not affect strictly necessary cookies required for authentication and security while using the Service.

10. Data retention

We retain Personal Data only for as long as needed for the purposes described in this policy, including:

• while your Account is active and for a reasonable period afterwards if you delete your Account (to handle disputes, backups, and legal requirements)
• for financial and transaction records, as required by applicable law
• for analytics, in aggregated or de-identified form where possible

When data is no longer required, we delete or anonymise it in line with our retention procedures.

11. Security

We implement technical and organisational measures appropriate to the sensitivity of the data we process, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

If you believe your Account has been compromised, contact us promptly at support@planria.co.uk.

12. International transfers

We aim to store and process Personal Data in the United Kingdom and the European Economic Area. Where a processor transfers data outside the UK, we ensure appropriate safeguards (such as UK International Data Transfer Agreements or adequacy decisions) are in place.

13. Your rights

Under UK GDPR, you have the right to:

• Access — request a copy of your Personal Data.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion in certain circumstances.
• Restriction — ask us to limit processing in certain cases.
• Portability — receive data you provided in a structured, machine-readable format where applicable.
• Object — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — where processing is based on consent.

To exercise these rights, email support@planria.co.uk. We may need to verify your identity before responding. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

14. AI processing

Where you use features that generate suggestions using OpenAI, we send only the information required for that feature. Outputs are automated and are not financial, legal, or tax advice. We do not sell your data to OpenAI.

15. Children

The Service is not intended for anyone under 18. We do not knowingly collect Personal Data from children. If you believe we have collected data from a child, contact us and we will delete it.

16. Changes to this policy

We may update this Privacy Policy from time to time. We will post the current version on planria.co.uk and update the “Last updated” date. Where changes are material, we will provide additional notice (for example, by email or in-app message).

17. Contact

plan/ria UK Limited

Company Number: 17054288

Email: support@planria.co.uk

For data protection enquiries, please include “Privacy” in the subject line.