Alpha This is a new service – your feedback will help us to improve it.

Menu Search


The information on this page is from the privacy notice published by TrueLayer.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

Organisation information


Open banking platform for app developers

Registration country

United Kingdom

Registration number


Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.


Data Protection Officer

Email address

Postal address

Data Protection Officer, TrueLayer, c/o RocketSpace, 40 Islington High Street, London N1 8XB.

Data categories collected

Organisations must give details about what categories of data are stored and processed.

This section hasn't been completed yet. Help us by updating it on GitHub.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This section hasn't been completed yet. Help us by updating it on GitHub.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Business parties, suppliers and sub-contractors that assist us in the provision of our Service

  • Parties to whom TrueLayer have a legal obligation to disclose data

  • Parties to enforce or apply our Terms of Service and other agreements

  • Parties to protect the rights, property, or safety of TrueLayer or customers

How specific is this information?

Third parties are listed as groups


TrueLayer's policy defines the potential recipients of personal data widely without much specificity.

Retention rules

Organisations must give details about how long data is kept.


TrueLayer indicate that they will not retain information "any longer than we think is necessary". The policy provides some examples of factors which they use to decide the necessary period, but do not refer to specific categories of data or time periods.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Unspecific times for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Contract

    For the performance of a contract with You;

  • Legitimate interests

    For the purpose of furthering TrueLayer’s legitimate interests including providing better products, services, websites and applications, to operate our websites and applications.


TrueLayer do not specify which of the lawful bases apply to specific data processing activities, but make it clear that all of their processing activities are justified under either "consent" or "legitimate interests".

Security standards

Organisations must ensure that data is stored and processed securely.


TrueLayer indicate that they take "reasonable precautions to ensure that it is not lost, misused, accessed, disclosed, altered or destroyed." They do not offer further information on the techniques used.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

This privacy notice does not appear to have this information.

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.


This privacy notice contains information about to make a complaint to a data protection regulator


TrueLayer provide details on submitting a complaint to the Information Commissioner's Office as the supervisory authority for data protection in the UK.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.


This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:13 • Download as JSONAPI documentationView on GitHubView on OpenCorporates