Privacy Policy
Version date: 29th May 2024
This privacy policy explains what information we collect and use when you visit our website at use our services (whether as an individual or business customer) or are a key contact working for a prospective Prift customer or business partner. This policy explains your legal rights and what to do if you have any concerns. 

As a company based in the UK, we are subject to UK data protection law but our website visitors may be based around the world.

We sometimes need to update this policy, to reflect any changes to the way our service is provided or to comply with new legal requirements. We will notify you of any important changes before they take effect.
Who we are and other important information
Prift Ltd is our parent company registered in England and Wales under company number 13458239 with its registered office at 1 Mayfair Mews, Balham Grove, London, United Kingdom, SW12 8AZ. Prift OPCO UK Ltd is a subsidiary of Prift Ltd and is a company registered in England and Wales under company number 13464853 with its registered office also at 1 Mayfair Mews, Balham Grove, London, United Kingdom, SW12. Together these companies are the Prift Group, but in this document we’ll refer to each company interchangeably as Prift, we, us or our.
Prift OPCO UK Ltd is registered with the UK Financial Conduct Authority as a PSD Agent (reference number 992581) of Moneyhub Financial Technology Ltd (“Moneyhub”) who is authorised and regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (reg. no. 809360) for the provision of payment services.
We are a financial planning platform which allows individuals to manage their long term financial commitments and goals in one place (Users). Our plan is Users can either sign up with us directly, or as part of a benefit scheme provided by their employer (Business Customer). Users input their financial information (such as their investments and mortgage details) and see a clear overview of what their financial future might look like, based on data collected by Prift using open finance – a revolutionary data sharing set-up between different financial institutions (like banks and pension providers). Our platform also offers helpful hints and tips to get the most out of personal finance services and products, as well as recommendations for providers we’ve partnered with (Partners) that we think will help Users achieve the goals they’ve set on their Prift profile.
For all Users and visitors to our website, Prift is the controller for your information (which means we decide what information we collect and how it is used). Prift Ltd is registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under reference number ZB292519.
If you are a User that has been given access to our services by one of our Business Customers, or if we’ve identified you as a key contact working for a current or prospective Business Customer, then Prift and our Business Customer act as independent controllers (which means we might share some of your information with each other, but we separately decide what we use it for). If you’d like to know how our Business Customer uses your information, you’ll need to read their privacy policy as well.
When you confirm you’re happy for Prift to receive your information from your existing financial service providers (whether that’s your bank, pension provider etc) Prift and the other organisation will also be independent controllers for your information.
Contact details
If you have any questions about this privacy policy or the way that we use information, please get in touch by emailing
The information we collect about you
Personal data means any information which does (or could be used to) identify a living person.
We offer our services to individuals aged over 18 in the UK. The information that we do collect is classified as pseudonymised data (which is personal data which doesn’t identify a person by itself but could be used to identify them when matched together with other information).  If you’re adding someone else’s information as part of your Prift profile, please check with them first that they’re happy for you to do so. 
We have grouped together the types of personal data that we collect and where we receive it from below:
Type of Personal Data collected
Received from:
Identity information – name, title, marital status, date of birth, nationality
- User
- Business
Employment information – employment status, employer pension contributions, salary, bonuses
- User
- Business
Household information – postcode, homeowner status number of dependents
- User
Contact details – personal email address, work contact details (for Business Customer key personnel only)
- User
- Business
User profile – login credentials
- User
Website enquiries – any personal data provided when you submit an enquiry via our website chatbot, or information about you that is referenced by another user submitting an enquiry
- User
- Website visitor
- Business Customer
Financial information – account details (product type, provider, name of account holder(s), account reference number, transaction history),
- User
- Users’ financial service providers (e.g. banks, pension provider)
Feedback – information and responses individuals provide when completing surveys and questionnaires
- User
- Website visitor
Usage information – information about activity on our website and platform, including audit logs, download errors, times and dates of log-in
- User (via cookies and similar technologies)
- Website visitor (via cookies and similar technologies)
Technical information - internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices used to access our website or service
- User (via cookies and similar technologies)
- Website visitor (via cookies and similar technologies)
Marketing information – your marketing preferences
- User
- Website visitor
- Key Personnel
We may anonymise the personal data we collect (so it can no longer identify you as an individual) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what pages of our website visitors spend the most time on, what percentage of Users have a mortgage). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
How we use your information
UK data protection law requires Prift to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

a) to fulfil our contract with you if you are a User or use our services directly (and are not a Business Customer)
b) pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);
c) comply with a legal obligation that we have; and
d) do something that you have given your consent (your express permission) for.
The table below sets out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed in the table, we will update our privacy policy and notify you.
Taking steps to enter into the contract with User, our Business Customer or Partner
Legitimate interests (necessary to conclude our contract with Business Customer or Partner)Contract with User
To make it easier for Users to remain signed in (if they use Google account instead of creating separate log-in credentials)
Legitimate interests (necessary to optimise our service and provide improved user experience)
Processing payments and collecting and recovering monies owed to us
Performance of contract (where our customer is an individual)Legitimate interests (where money is owed by a Business Customer or Partner, as necessary to recover debts due to us)
Providing our service to our User, our Business Customer or Partner
Legitimate interests (necessary to fulfil our service contract with our Business Customer or Partner)Contract with Users
Profiling Users to identify which financial services or products may be of interest
Consent of User
Handling requests for technical support and other queries
Legitimate interests (necessary to fulfil our service contract and ensure the proper functioning of our website and services)
Asking you to participate in surveys and other types of feedback
Consent of recipient
Providing insight on how our products and services are being used
Legitimate interest (necessary to improve and optimise our products and services)
Administering and protecting products, services and systems
Legitimate interests (necessary to provide our products and services, monitor and improve network security and prevent fraud)
Notifying you about changes to our privacy policy
Legal obligation
Sending you marketing material
Legitimate interest (where we market our services to existing and prospective Business Customers and Partners – to promote Prift)
Consent of recipient
If you are an individual, we will only send you marketing communications if you have given your consent (express permission). You are free to change your mind at any time and ask us to remove you from our mailing list by clicking unsubscribe in the email or pop-up message itself or by updating your Prift profile settings.
If you work for an existing or prospective Prift Partner or Business Customer (and you’re not a User), we will only ever send marketing communications to your work contact details, and we always include a link in our emails so that you can unsubscribe at any time. We will also remove your details from our system if our Business Customer or Partner informs us you no longer work for them.
Prift uses HubSpot to help us deliver and monitor the communications we send. Their digital tools let us see whether a recipient has clicked any of the links in our email, which help us understand what content that recipient appears to be interested in and allow us to personalise the content of future of our messages.
Pixels (which are a similar technology to cookies) within those emails enable us to see:
a) if the email was opened
b) where the device opening the email was located (based on the device’s IP address)
c) the type of email service (e.g. Outlook) that was used
d) if the email (or its content) were shared on social media
c) if the email was flagged as spam
Who we share your information with
We share (or may share) your personal data with:
a) Our staff: Prift employees (or other types of workers) who have contracts containing confidentiality and data protection obligations. 
b) Prift Group: we share information internally with our group companies. 
c) Our Business Customers: we have a service contract and data sharing agreement in place with all our Customers which sets out what information we provide to them as part of our services. If you have any questions about how they use the information they receive, you should ask to see their privacy information.
d) Our Partners: we have a service contract and data sharing agreement in place with all our Partners which sets out what information we provide to them whenever we refer a User. If you have any questions about how they use the information they receive, you should ask to see their privacy information.
e) Financial Services Providers: we notify Users’ financial servicers providers (e.g. your bank or pension provider) that you have given us your permission to access your financial information (solely for the purpose you being able to use our long term financial planning services). 
f) Our supply chain: other organisations help us provide our services and website (such as Google to enable single sign-on where you use your Google account to access our services, our hosting and server provider, internal IT systems, our CRM system and our website usage analysis). We ensure these organisations only have access to the information required to provide the support we use them and have a contract with them that contains confidentiality and data protection obligations.
g) Regulatory authorities: such as HM Revenue & Customs, Financial Conduct Authority
h) Our professional advisers such as our accountants or legal advisors where we require specialist advice to help us conduct our business, or IT specialists to conduct audits on the security of our services.
i) Any actual or potential buyer of our business
If Prift were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response. 
Where your information is located or transferred to
We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located).
If you access our service or receive a communication from us whilst abroad then your personal data may be stored on services in the same country that the organisation or you are located. 
How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
a) access controls and user authentication (including multi-factor authentication)
b) internal IT and network security 
c) regular testing and review of our security measures
d) staff policies and training
e) incident and breach reporting processes
f) making regular back-up copies of information
If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).  
If you notice any unusual activity on your account (or believe your account has been otherwise compromised) please let us know by emailing us at .
How long we keep your information
Where we are the controller, we usually keep information for 6 years from the date our User closes their account before we convert it into anonymised information. Sometimes we need to keep it longer, for example to investigate complicated errors or defend ourselves from legal claims. 
We keep analytics information about how visitors use our website interact with our services for 2 years.
We keep information about prospective or existing Business Customer or Partner key contacts indefinitely, or until we receive replacement details or a request to remove that individual’s details. 
Your legal rights
You have specific legal rights in relation to your personal data. 
It is usually free for you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. If this happens we will always inform you in writing.
We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive.
If you want to make any of the legal requests below, you can contact us at :
a) The right of access (obtaining a copy of your data)
b) The right to rectification (correcting your data)
c) The right to erasure (deleting your data)
d) The right to restrict processing (to stop use of your data for a time limited period)
e) The right to data portability (to move your data to another organisation)
f) The right to object (to object to our use of your data)
g) The right to complain to the ICO, who you can contact here. However, we hope that that if you are concerned about how we use your information that you contact us in the first instance so that we can try to help
There are some limited exemptions to these rights, so they may not apply in every scenario and Prift may decline your request (but we would explain our decision in writing if this was the case).
Our cookie policy
Our website and service uses cookies and similar technologies (such as beacons and pixels).
What are cookies?

Cookies are small text files that are downloaded to your device. Cookies contain a uniquely generated references which are used to distinguish you from other users. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing a website to provide you with a better user experience (like remembering your login credentials so you don’t have to type them in every time) and a website owner with statistics about how you interact with their (and sometimes third party) webpages.

Cookies are not harmful to your devices (like a virus or malicious code) but some individuals prefer not to share their information (for example, to avoid targeted advertising).
What does Prift use cookies for?

- to track how visitors use our website or users use our services
- to keep you signed in
The cookies we use are:
Set by
Technical info
What it does
Google LLC
Identifies and remembers website visitors, how they arrived at our website, which pages they viewed and how long they stayed on
Identifies and remembers website visitors, how they arrived at our website, which pages they viewed and how long they stayed on
Accepting or declining cookies (and how to delete them)

We can only use non-essential cookies with your permission (you will be prompted by a message when you first visit our website, also known as a cookie banner, where you can choose to accept or decline our cookies). 

You can choose to decline cookies but if you turn off necessary cookies, some pages and functions on our website and services may not work properly.

You can also manage cookies through your browser settings or device settings (your user manual should contain additional information).

You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website)