A conservative posture on data.
Idle is built to handle financial information with the seriousness it deserves. We do not move money, do not write to accounts, and do not sell personal data.
Idle works from a PDF or CSV statement you upload. There is no Open Banking connection, no stored credentials, and no payment initiation permission.
Data is encrypted in transit (TLS 1.2+) and at rest using industry-standard ciphers. Connection tokens are stored in a managed secret store.
Internal access to production data is restricted, logged and reviewed. Engineers do not require access to identifiable account data to operate the platform.
Uploaded statements are deleted after 30 days. Derived recurring patterns are retained only while your account is active and can be wiped on request.
Customer data is processed in the United Kingdom and European Economic Area. Sub-processors are listed and reviewed.
Idle is not advertising-funded. Personal financial data is never used for marketing or profiling outside the product.
Disclosure & contact
Security researchers and data subjects can reach the team directly at privacy@getidle.uk. We aim to respond within two working days.