Legal
Privacy Policy
Last updated: 24 June 2026
This Privacy Policy explains how 99 Financial Technologies Ltd ("99 App", "we", "us", or "our") collects, uses, shares and protects your personal data when you use our website or mobile apps.
We are committed to protecting your privacy and handling your personal data in a transparent and lawful way, in line with UK GDPR.
1. Who we are (Data Controller)
99 Financial Technologies Ltd ("99 App", "we", "us", "our") is the data controller for personal data processed via our website (www.99app.co.uk) and our mobile apps for iOS and Android.
- Company number: 16788594
- Registered office: 55 Queen's Gate, London, SW7 5JW, United Kingdom
- ICO registration number: ZC125747 (registered 16 April 2026, expires 15 April 2027)
- Data Protection Officer: Shahidur Rahman, Shahidur.rahman@99app.co.uk (general privacy requests: privacy@99app.co.uk)
2. Who and what this policy covers
This policy applies to: visitors to our website; people who join our waitlist or register interest; and users of the 99 App mobile apps. Our website and apps are intended for individuals who are at least 16 years old.
3. Personal data we collect
You provide directly (website + app):
- Name and email address (required to join the waitlist and verify your email)
- Country
- Phone number (if you provide it)
- Your finance-framing preference (see section 5 - this can include a religious option that expands into specific religions)
- Referral information (your referral code and, if you arrived via a referral, who referred you)
- Form submissions and enquiries
Collected automatically:
- Technical data (IP address, browser/device type)
- Approximate (coarse) location derived from IP address
- Usage and analytics data (screens viewed, signup-funnel steps, articles opened, referrals) - only if you opt in to analytics (see section 6)
- A device push-notification token, if you enable notifications
4. How we use your data, and our lawful bases (UK GDPR)
- Operating the waitlist, verifying your email, and providing the app - contract / legitimate interests
- Responding to enquiries - legitimate interests
- Marketing updates - consent (opt-in; withdraw anytime)
- Analytics and product improvement - consent (opt-in; see section 6)
- Your finance-framing preference where it reveals religious belief - explicit consent (see section 5)
- Legal, compliance, fraud prevention and AML - legal obligation / legitimate interests
5. Special-category data (religious beliefs)
When you tell us how you would like your finances framed, one option relates to faith-based (for example Sharia-aligned) finance and expands into specific religions. Where your selection reveals your religious beliefs, that is "special-category" data under UK GDPR.
- We collect and use it only with your explicit consent, which we request separately and clearly at the point you provide it.
- You are never required to choose a religious option; a broader "ethical" framing is available and does not reveal religious belief.
- You can withdraw this consent at any time and ask us to delete this preference, without affecting your waitlist place.
6. Cookies, analytics and consent
Analytics is off by default. We only collect usage/analytics data (via Google Analytics for Firebase, and cookies on the website) after you opt in, and you can change your choice at any time in the app settings or the website cookie preferences. We use Consent Mode so that nothing is collected until you have consented.
7. How long we keep your data
We retain personal data for a minimum of 5 years to meet anti-money-laundering (AML) and related legal obligations, after which we delete or anonymise it, unless a longer period is required by law. You can ask us to delete your data sooner (see section 10); we will do so except where we must retain it for these legal obligations.
8. International transfers
Some of our service providers process data outside the UK. Where that happens, we only transfer personal data where the destination provides an adequate level of protection - for example under UK adequacy regulations, the UK extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge"), or appropriate safeguards such as the ICO's International Data Transfer Agreement.
9. Who we share data with
We do not sell your personal data, and we do not use it to track you across other companies' apps or websites for advertising. We share it only with:
- Service providers acting on our behalf: Supabase (database/hosting, UK region), Amazon Web Services SES (transactional email), Google/Firebase (analytics and push notifications)
- Professional advisers
- Legal or regulatory authorities where required by law
10. Your rights
Under UK GDPR you have the right to: access; rectification; erasure; restriction; data portability; objection; and to withdraw consent at any time. The app also lets you download your data and delete your account directly. To exercise any right, contact us (section 11). You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
11. Contact
Privacy questions or requests: privacy@99app.co.uk, or write to the registered office in section 1, marked for the attention of the Data Protection contact.
12. Security
We protect your data with encryption in transit, access controls, and storage behind secure, access-restricted gateways.
13. Changes to this policy
We may update this policy; we will change the "Last updated" date and, for material changes, notify you.