✦ Legal · UK GDPR Compliant

Privacy Policy

Last updated: 24 April 2026 Kanehouse · Edinburgh, Scotland Applies to: wealthr.co.uk

🔒

No account linking

We never connect to your bank, broker or any financial institution. You enter what you choose.

🚫

No ads. No data selling.

Your financial data is never sold, rented or used for advertising. Not now, not ever.

✍️

You control your data

Delete your account and all data instantly, at any time, from inside the app.

The short version

WealthR stores only the financial information you choose to enter — investment values, property figures, debt balances — so we can calculate your net worth and power your forecasts. We don't know your bank details, sort codes or account numbers because we never ask for them.

We don't sell your data. We don't show you ads. We don't share your information with anyone except the small number of infrastructure providers needed to run the service (and, for Pro users, Stripe to handle billing). Your financial life is private — and we've built WealthR to keep it that way.

Questions or data requests? Email support@wealthr.co.uk — we respond within 30 days.

01Who we are

WealthR is a personal finance tracking application built and operated by Kanehouse, based in Edinburgh, Scotland. We are the data controller for all personal data processed through WealthR.

For the purposes of UK GDPR, Kanehouse is responsible for ensuring your personal data is handled lawfully, fairly and transparently.

You can reach us any time at support@wealthr.co.uk for privacy questions, data subject requests, or anything else covered by this policy.

UK GDPR applies · Supervised by the Information Commissioner's Office (ICO) · ico.org.uk

02What data we collect

We collect the minimum data necessary to provide the service:

Account data — your email address and a hashed password, or a Google OAuth token if you sign in with Google. We never see your raw password.
Financial tracking data — the investment values, property figures, debt balances, asset values and monthly entries you choose to log. This data is stored against your account so it syncs across devices.
Profile data — your name, date of birth (month and year only), target retirement age, monthly contribution and expected growth rate. These power your forecasts and are never shared.
Tax calculator inputs — if you use the Tax tab, your gross salary, region, pension contribution percentages, student loan plan and any optional flags you set (e.g. children, marriage allowance) are saved to your profile so they pre-fill next time. This data is stored as part of your account, is never shared, and can be deleted by clearing your profile or closing your account.
Subscription and billing data — if you subscribe to WealthR Pro, our payment processor Stripe collects and processes your card details, billing address and country for the transaction. We never see your full card number. Stripe returns us only a customer ID, a subscription status (active, trialing, past_due, canceled), the plan you're on and the renewal date. This is the data we use to unlock Pro features.
Usage data — basic technical logs (errors, performance) to keep the app running. We do not use analytics platforms that track individual behaviour across sessions.
Marketing email address — if you choose to join our product update list or Pro waitlist, we store the email address you provide. This is separate from your account email and is only used for the purpose you consented to. You can withdraw consent at any time by emailing support@wealthr.co.uk.
Adviser share tokens — if you generate a read-only share link, we store a randomly generated token linked to your account. Anyone with this token can view (but not edit) your dashboard. You can revoke this token at any time from Settings.

What we never collect: National Insurance number, bank account details, sort codes, full card numbers, open banking credentials, or any connection to your financial institutions. WealthR does not connect to your bank — ever. Card payments are handled directly by Stripe; your card never touches our servers.

03Legal basis for processing (UK GDPR)

Under UK GDPR, we are required to identify a lawful basis for processing your personal data. We rely on the following:

Legal basis	What it covers
Contract performance	Processing your account data, financial entries and profile to provide the WealthR service you signed up for. For Pro subscribers, processing subscription status, plan and renewal date with Stripe to deliver the paid tier you contracted for.
Legitimate interests	Technical logs and error monitoring to maintain a secure, stable service. Fraud prevention on subscription payments via Stripe. We have assessed that these interests do not override your rights.
Consent	Sending you marketing or feature update emails — only if you have opted in. You can withdraw consent at any time.
Legal obligation	Retaining billing records for HMRC / UK tax purposes (typically 6 years after the last transaction), and responding to valid legal requests where required by applicable UK law.

04How we use your data

Your data is used exclusively to:

Provide and sync your WealthR account across devices
Generate your net worth calculations, forecasts, charts and insights within the app
Send transactional emails (password reset, account confirmation, trial-ending reminder, payment failure notices, receipts) — no marketing without explicit consent
Send product update or Pro launch emails — only where you have explicitly opted in via a consent checkbox
Process Pro subscription payments and manage your subscription lifecycle (start trial, upgrade, downgrade, cancel, resume) via Stripe
Power the adviser share link feature — if you generate a share link, the recipient can view your dashboard in read-only mode using a randomly generated token. We never proactively share your data; this is always user-initiated
Fetch live cryptocurrency prices from CoinGecko — your device makes a direct request to CoinGecko's public API using a coin identifier (e.g. "bitcoin"). No personal data is sent to CoinGecko
Diagnose errors and improve the reliability of the service

We do not use your data for advertising, profiling, automated decision-making, or sale to third parties — under any circumstances.

05Who we share data with

We use a small number of trusted infrastructure providers. No one else has access to your data.

Supabase

Database & authentication. Your data is stored on EU-hosted Supabase infrastructure. SOC 2 compliant.

Stripe

Payment processing for WealthR Pro subscriptions. Stripe is a PCI DSS Level 1 certified payment processor. They handle your card details directly; we never see your full card number. Stripe is a separate data controller for card data and a processor for the subscription metadata shared with us.

Brevo

Transactional email (password reset, account confirmation, trial reminders, receipts). Only your email address and the relevant message are shared for this purpose.

Render

Application hosting. They serve the app but do not process or access your personal data.

Formspree

Contact form submissions, product update signups and Pro waitlist signups. Only the name, email and message you submit are shared. Consent is recorded at the point of signup.

CoinGecko

Live cryptocurrency price data. If you add a crypto holding with a ticker, your device makes a direct request to CoinGecko's public API to fetch the current price. Only the coin identifier is sent — no personal data.

Google Fonts

Typography only. Fonts are served directly from Google's CDN. Your IP address may be visible to Google solely for the purpose of serving the font file. No tracking cookies.

We do not use Google Analytics, Meta Pixel, or any advertising or behavioural tracking networks.

06International data transfers

Your account and financial data is stored on Supabase infrastructure hosted in the European Union.

Some of our processors (notably Stripe, Render, Formspree and Google Fonts) are based in the United States and may process limited data there. Where personal data is transferred outside the UK, we rely on one of the following safeguards as required by UK GDPR:

The UK's adequacy decision for the EU / EEA, where applicable
The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
Processors' participation in the UK–US Data Bridge extension to the EU–US Data Privacy Framework, where available

We keep transfers to the minimum necessary, and in all cases your financial tracking data stays on EU-hosted Supabase infrastructure.

07Data retention

Your data is retained for as long as your account is active. You can permanently delete your account at any time from Settings → Delete account inside the app. This immediately and permanently deletes all your financial data, profile information and activity history. This action cannot be undone.

If you subscribe to Pro and then cancel, your subscription record is marked cancelled but your account and data remain intact — you can resume at any time. If you delete your account, we also cancel any active Stripe subscription and remove your customer record from our side.

We may retain billing records (invoice number, amount, tax, plan, date) for up to 6 years after the last transaction to meet UK tax and accounting obligations (HMRC). These records do not contain your card number.

We may retain anonymised, aggregated data (e.g. total number of active users) that cannot be linked to any individual.

08Your rights under UK GDPR

You have the following rights in relation to your personal data. Most can be exercised directly within the app — for others, email support@wealthr.co.uk.

📋 Access

Request a copy of all personal data we hold about you.

✏️ Rectification

Correct inaccurate data. Most data can be edited directly in the app.

🗑️ Erasure

Delete your account and all associated data instantly via Settings.

📦 Portability

Export your data as CSV from Settings → Export data.

⏸️ Restriction

Request that we restrict processing of your data in certain circumstances.

🚫 Objection

Object to processing based on legitimate interests at any time.

We will respond to all rights requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

09Cookies

WealthR uses a single session cookie to keep you signed in, plus a short-lived cookie set by Stripe on the checkout page to enable secure payment processing and fraud prevention. We do not use tracking cookies, advertising cookies, or any third-party cookies for analytics or profiling.

No cookie consent banner is required because we use only strictly necessary cookies as defined under UK PECR.

10Security

We implement appropriate technical and organisational measures to protect your personal data:

All data is transmitted over HTTPS / TLS
Passwords are hashed using industry-standard bcrypt — never stored in plain text
Your financial data is stored with Row Level Security (RLS) enforced at the database level — each user can only ever access their own data, even at the query level
Card payments are handled entirely by Stripe (PCI DSS Level 1 certified). We never store, log or process card numbers
No financial institution credentials are ever requested or stored

While we take security seriously and implement industry-standard protections, no internet service can guarantee absolute security. If you believe your account has been compromised, please email support@wealthr.co.uk immediately.

11Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33.

Where a breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay, including what happened, what data was affected, and what steps we are taking.

12Children

WealthR is a financial tracking tool intended for adults aged 18 and over. We do not knowingly collect or process data from anyone under the age of 18. If you believe a minor has created an account, please email support@wealthr.co.uk and we will delete it promptly.

13Changes to this policy

We may update this policy from time to time to reflect changes in the law, our practices, or the services we offer. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.

Continued use of WealthR after changes have been published constitutes your acceptance of the updated policy.

14Contact & data requests

Questions about this policy, how we handle your data, or to exercise any of your rights? The fastest route is email — we respond within 30 days (usually much sooner).

Email support@wealthr.co.uk

Entity Kanehouse · Edinburgh, Scotland, UK

ICO ico.org.uk/make-a-complaint

Prefer a form? You can also use the one below — it goes to the same inbox.