Privacy Policy

Version 2026-06-08. How we handle your personal data under UK GDPR.

1. Who we are

Bearings (“Bearings”, “we”, “us”) is a personal-finance app operated from the United Kingdom. For the data described here, we are the “data controller”. You can reach us at hello@bearings.money.

2. What we collect

• Account details: your email, password (stored only as a secure hash), and any display name.
• Financial data you add or connect: accounts, balances, transactions, debts, income, goals and settings, whether typed in, uploaded as a statement, or read via open banking.
• Uploaded documents: statement or debt PDFs/CSVs you choose to import, and the text extracted from them.
• Usage & technical data: basic logs and error reports needed to keep the app secure and working.

We don't ask for special-category data, and we ask you not to put it into free-text fields.

3. Why we use it, and our lawful basis

• To provide the app (work out Safe-to-Spend, categorise spending, track debts and goals): performance of our contract with you.
• To connect a bank via open banking: your consent, which you can withdraw at any time.
• To keep Bearings secure and reliable, prevent abuse, and fix problems: our legitimate interests.
• To meet legal obligations where they apply.

4. Open banking

If you connect a bank, that connection is provided through TrueLayer, an FCA-authorised open banking provider, and is read-only. We can read your account information but cannot move money. You authenticate on your bank's own page; we never see your banking password. See our Security & trust page for more.

5. Who we share it with

We do not sell your data and we don't share it for advertising. We use a small number of trusted providers (“processors”) to run Bearings, each only for that purpose:

• Supabase: database, authentication and storage hosting.
• Cloudflare: application hosting, content delivery and security.
• TrueLayer: the regulated open banking connection (only if you connect a bank).
• OpenAI: to read uploaded statements and answer your in-app questions. Relevant text is sent for processing and is not used to train their models. Don't put anything in you wouldn't want processed this way.

We may also disclose data if the law requires it, or to protect our rights or users' safety.

6. Where your data is held

We aim to keep your data hosted in the UK or EU. Where a provider processes data outside the UK/EU, we rely on appropriate safeguards (such as UK/EU-approved standard contractual clauses) to protect it.

7. How long we keep it

We keep your data while your account is active. If you delete your account, we permanently erase your personal data from our live systems straight away; routine backups roll off shortly after. We may keep minimal records where the law requires.

8. Your rights

Under UK GDPR you can:

• Access & take your data: download a complete copy from Settings (or ask us).
• Delete everything: erase your account and data from Settings, any time.
• Correct anything inaccurate, and object to or restrict certain processing.
• Withdraw consent (e.g. disconnect open banking) without affecting what came before.
• Complain to the Information Commissioner's Office (ico.org.uk), though we'd like the chance to put things right first.

9. Cookies

We use only the cookies needed to keep you signed in and the app working. We don't use advertising or third-party tracking cookies.

10. Children

Bearings is for adults (18+) and isn't intended for children.

11. Changes

We may update this policy as Bearings grows. We'll change the version stamp above and, for material changes, let you know in the app.

12. Contact

Questions or requests? Email hello@bearings.money.

Security & trust · Cookies · Terms · Back to sign in