Privacy Policy

Date: 10 November 2025 

Who are we? 

We are Level Financial Technology Limited (company number 11724572) of 160 Eureka Park Upper Pemberton, Kennington, Ashford, United Kingdom, TN25 4AZ (“Level”). We’ll be the “controller” of the information you provide to us. 

 

What does this Privacy Policy cover? 

We at Level take the privacy of your personal data seriously. This policy: 

  • sets out the types of personal data that we collect about you. 

  • explains how and why we collect and use your personal data. 

  • explains how long we keep your personal data for. 

  • explains when, why and with who we will share your personal data. 

  • explains the effect of refusing to provide the personal data requested. 

  • explains where we store your personal data and whether we transfer your data outside of the UK. 

  • explains the different rights and choices you have when it comes to your personal data. 

  • explains how you can contact us. 

 

What personal data do we collect about you? 

We will collect certain personal information about you in the course of your relationship with us. This information may include: 

Registration Information: this includes your name, date of birth, address, email address, phone number and your username and password for accessing the app.  This information may be updated through your employer.  

Financial Information: this includes your bank account details and details of your bank account transactions. You are able to update this information directly through the Level App.   

Employment Information: this includes your employee ID number, the name of your employer, duration of employment, salary information, pay day date and days or hours worked. 

Transaction Information: this includes details relating to payments you have requested or that we have made to you. 

Technical Data: this includes your IP address, log-in data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Level App. 

Marketing Preferences: this includes your preferences in receiving marketing from us and any third parties connected with us. 

 

Where do we collect personal data about you from? 

We may collect personal data about you from the following sources: 

Directly from you. This is information you provide to us when registering for and using our services. 

From your employer. In accordance with applicable laws and your employer’s contract with you, your employer will provide us with your Employee ID, your first and last name, telephone number and your work e-mail address so that we can verify your identity in advance of you signing up to our service.  When you choose to register for our service, your employer will provide us with other Employment and Financial Information as set out above to enable us to provide the service to you directly. 

Directly from third parties. Such as open banking services so that we can provide the service 

 

How and why do we use your personal data? 

Under data protection law, we can only use your personal information if we have a lawful reason for doing so. In order to use your personal information, we rely on the following legal bases: 

  • processing is necessary for us to be able to provide our service to you. 

  • processing is necessary to comply with our legal obligations. 

  • processing is necessary for the purposes of legitimate business interests pursued by us having properly considered the rights of all individuals to whom the processing relates. 

  • once you register to use the service, you provide your consent to us using your personal information for a particular purpose. 

We use your personal data for the following purposes: 

  • to provide our service to you. 

  • to verify your identity. 

  • to maintain and update our customer records. 

  • to prevent unauthorised access and modification to our systems. 

  • to undertake screening for financial and other sanctions or embargoes.  

  • to contact you to discuss the services you receive from us (and any changes to them). 

  • to respond to any questions or concerns you have raised. 

  • to comply with any obligations that the law imposes upon us.  

  • to otherwise carry out our obligations arising under our contract with you. 

We will not use your information for any other purpose unless we are required to do so by law, or we have obtained your explicit consent for such new purpose, or the new purpose is compatible with the original purpose for which we collected the data. 

We also collect, use and share “aggregated data” such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law providing that it is effectively anonymised and does not directly or indirectly reveal your identity.  

Purposes for which we will use your personal data:  

A table outlining purposes, types of data, and lawful processing bases for data handling in various activities like registration, service provision, relationship management, and fraud prevention.

How do we use your information for marketing?  

If you have requested information from us or obtained services from us and you have not opted out of or unsubscribed from receiving marketing, we may use your information to send you marketing communications by email, mobile messaging (such as SMS or MMS) and push notifications. 

At Level, we may use your account, device and usage information to send you personalised information and updates about the service and how to get the best usage. Using marketing communications, we want to keep you up to date about the services and initiatives that we believe may interest you.  

You can opt-out or change your marketing preferences at any time by emailing [email protected] or raise a ticket at levelft-help.freshdesk.com/support/home. You can also click the “unsubscribe” link on any email communications.  

Where you opt-out of our marketing communications, we will still send you service communications, such as 

  • Updates of our terms and conditions 

  • Information of service interruptions  

  • If your employer has started offering Level and you have had an account created for you 

How long do we keep your personal data? 

How long we keep your information will depend on the purpose for which we use it. 

We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Policy and to fulfil our legal obligations. We have internal rules that set out how long we retain information.  

We will keep your personal information while you have an account with us, or we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary: 

  • to respond to any questions, complaints or claims made by you or on your behalf. 

  • to show that we treated you fairly. 

  • to keep records required by law. 

For example, we are obliged to keep most information relating to the service we provide to you for 6 years after you have stopped using our service.  However, we will keep your Financial Information for as short a period as is reasonable after you have stopped using our service.  Further details on this are available on request using the contact details set out in the “How you can contact us?” section below. 

 

Who do we share your personal data with? 

We may share your personal information with: 

  • Your employer. We only share with your employer the limited amount of personal information (i) that is necessary to show that you have registered for our service and (ii) in certain cases to enable your payroll team to reconcile your salary payments. 

  • Third-Party Service Providers such as  

  • Open banking provider 

  • E-money partner 

  • Savings partner 

  • Embedding technology provider  

  • IT Service provider  

  • Customer support provider 

  • Marketing provider  

  • Other third party service providers who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, our business or the public; third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Policy. 

As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your personal information will be disclosed to such entity. These third parties will be required to comply with all our obligations under this privacy notice. 

 

What happens if you do not provide us with the information we request or ask that we stop processing your information? 

Where we need to collect personal information to comply with a legal obligation or in connection with the contract we have with you and you fail to provide that personal information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). 

 

Do we track your Mobile App activity? 

In our commitment to providing an optimal user experience and continuously improving our mobile application, we may employ analytics tools to track app usage. These tools collect information about user interactions within the app, such as aggregated usage patterns, feature engagement, and performance metrics. We take steps to anonymise this data so that it cannot be used to identify you personally. The purpose of this tracking is to enhance the app's functionality, troubleshoot technical issues, and improve future updates based on user preferences. You can opt out of analytics tracking at any time through the app settings or your mobile device settings. If you have questions about our tracking practices, please contact us using the details provided in this policy. 

 

Do we make automated decisions concerning you? 

No, we do not carry out automated decision making or automated profiling. 

 

Do we transfer your personal data outside the UK? 

We do not generally transfer personal data out of the UK.  Some of our third-party service providers may transfer personal data outside of the UK or the EEA but only where our contract with them allows for it and they do so in a way that complies with the UK’s data protection laws.   

 

How do we keep your personal data secure? 

We have appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

Level has ISO27001:2017 Information Security certification, certified by the BAB with certificate 235175.  These programmes are designed to independently verify Level are meeting high standards of both information security management and cyber security respectively. 

In addition, we: 

  • implement proactive and defensive security measures on an ongoing basis throughout our software development lifecycle. 

  • use data encryption, both at rest and in transit. 

  • have role based restricted access to data. 

  • carry out background checks on all employees in roles which may put them in contact with your personal information.

What rights do you have in relation to the personal data we hold on you? 

Under data protection law, you have the following rights: 

1. The right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy. 

2. The right of access: You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law. 

3. The right to rectification: You are entitled to have your information corrected if it’s inaccurate or incomplete. 

4. The right to erasure:  This is also known as ‘the right to be forgotten’ and enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.  For example, we may need to retain your information to comply with legal obligations, establish or defend legal claims, or where we have another lawful basis to retain it. 

5. The right to restrict processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. 

6. The right to data portability: You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. 

7. The right to object to processing: You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities). 

8. The right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. 

9. The right to withdraw consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. 

 

How can you make a request to exercise your rights? 

To exercise any of the rights above, or to ask a question, contact us using the details set out at the end of this Privacy Policy. 

 

How will we handle a request to exercise your rights? 

We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know. 

We usually act on requests and provide information free of charge, but may charge a reasonable fee based on administrative costs to cover our costs of providing the information where requests are: 

  • baseless or excessive/repeated requests, 

  • further copies of the same information. 

Alternatively, the law may allow us to refuse to act on the request. 

How can you contact us? 

If you have questions on the processing of your personal data, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact us at [email protected] or raise a ticket at levelft-help.freshdesk.com/support/home

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the UK Information Commissioner who may be contacted at  https://ico.org.uk/  or by telephone on 0303123 1113.