idleRequest access
Legal

Privacy Policy

Last updated: May 2026

This policy explains how Idle ("we", "us") collects and uses personal data when you use the service at getidle.uk and useidle.uk. We are the data controller for the personal data described below.

1. Data we collect

  • Account data: email address, authentication identifier and account preferences.
  • Statement data: the contents of PDF or CSV bank statements you choose to upload, and the structured records derived from them.
  • Usage data: request logs, device and browser information, error traces — used to operate and improve the service.
  • Support data: messages and attachments you send to us.

2. How we use it

  • To provide the analytics service you requested.
  • To detect and prevent fraud and abuse.
  • To meet our legal obligations.
  • To improve the product, on aggregated and de-identified data only.

We do not sell personal data, and we do not use your statement data for advertising or profiling outside the product.

3. Legal bases (UK GDPR)

  • Contract: to provide the service you have asked for.
  • Legitimate interests: to secure and improve the service.
  • Consent: for optional communications and non-essential cookies.
  • Legal obligation: where required by law.

4. Retention

Uploaded statements are deleted within 30 days of upload. Derived recurring patterns are retained while your account is active and deleted within 30 days of account closure or earlier on request. Logs are retained for up to 90 days. Records held for legal or tax purposes are retained for as long as required by law.

5. Sharing

We share personal data only with sub-processors that help us operate the service (hosting, error monitoring, email delivery). All sub-processors are bound by written agreements requiring appropriate security and processing only on our instructions. We do not share identifiable data with comparison or affiliate partners.

6. International transfers

Personal data is processed in the United Kingdom and the European Economic Area. Where data is transferred outside these regions, we rely on UK adequacy decisions or appropriate safeguards (such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses).

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is restricted, logged and reviewed. We follow a principle of least access and use a managed secret store for credentials.

8. Your rights

Under UK GDPR you have the right to:

  • access a copy of your personal data;
  • correct inaccurate data;
  • erase your data, subject to legal exceptions;
  • restrict or object to processing;
  • portability of data you have provided;
  • withdraw consent for processing based on consent;
  • complain to the Information Commissioner's Office (ico.org.uk).

To exercise any right, contact privacy@getidle.uk.

9. Cookies

See our Cookie Policy.

10. Changes

We will post material changes to this policy on this page and, where appropriate, notify you by email.

11. Contact

Privacy enquiries: privacy@getidle.uk.