Cookie Preferences

How we use cookies We have to use some essential cookies to make this website work. Cookies are stored locally on your computer or mobile device. We also use other optional cookies to: Analyse how you use the site Personalise and improve your site experience Deliver personalised content and messaging from ourselves and third parties You can either accept or reject these optional cookies.

Documents

Privacy Policy

Please read our privacy policy carefully before using our service

01

Introduction

June 2, 2025

Flex Card is committed to protecting your personal data and respecting your privacy. We put our customers at the heart of what we do. Flex Card wants to build long-lasting relationships based on transparency and trust. This is why we have developed this Privacy Policy, which explains how we may collect, use, share, and store your data when you use our products and services, or visit our website.

If you have any queries about this Privacy Policy or how we may collect, use, share, and store your data, please contact us by email at privacy@flexcard.app.

In this Privacy Policy, “we”, “us” and “our” mean Flex Credit Card Ltd (trading as “Flex Card”), company number 16386895, with its registered office at 124 City Road, London, EC1V 2NX, United Kingdom. Flex Credit Card Ltd is authorised and regulated by the Financial Conduct Authority (Firm Reference Number: 1036888).

‘You’ means the person the information relates to. This policy applies to information we hold about customers, prospective customers, suppliers, vendors, contacts, and other individuals.

By ‘information’, we mean personal and financial information about you that we collect, use, share and store. This may include your name, date of birth, address, contact details, financial information, health and lifestyle information, employment details, and device identifiers, including Internet Protocol (IP) address details.

This Privacy Policy explains how we collect, use, share, and store your personal information. It also explains:

  • the types of personal information we collect and why
  • the lawful bases we rely on
  • your data protection rights
  • where we obtain personal information from
  • how long we retain your information
  • who we share your information with
  • how you can make a complaint
02

What information do we collect, use, and why?

May 5, 2026

We collect and use the following categories of personal information to operate customer accounts, provide service updates, send marketing communications, deal with queries, complaints or claims, and make credit decisions:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences
  • Location data
  • Recorded images, such as photos or videos
  • Purchase or viewing history
  • IP addresses
  • Website and app user journey information
  • Records of consent, where appropriate
  • Customer or client accounts and records
  • Financial transaction information
  • Date of birth
  • Credit reference information
  • Identification documents
  • Information relating to compliments or complaints

We collect or use the following information where necessary to comply with legal requirements:

  • Name
  • Contact information
  • Identification documents
  • Financial transaction information
03

Lawful bases and data protection rights

May 5, 2026

Under UK data protection law, we are required to have a valid “lawful basis” for collecting and using your personal information. The UK GDPR sets out the available lawful bases. Further information on these can be found on the ICO’s website.

The lawful basis we rely on may affect your data protection rights, which are summarised below. More detailed information, including any applicable exemptions, is available on the ICO’s website.

Your rights

  • Right of access: You have the right to request copies of your personal information. You may also request information about where we obtain your personal information and who we share it with. There are some exemptions that apply, which mean you may not receive all the information you request.
  • Right to rectification: You have the right to request that we correct personal information you believe is inaccurate or incomplete.
  • Right to erasure: You have the right to request that we delete your personal information, in certain circumstances.
  • Right to restriction of processing: You have the right to request that we limit how we use your personal information, in certain circumstances.
  • Right to object: You have the right to object to the processing of your personal data, in certain circumstances.
  • Right to data portability: You have the right to request that we transfer your personal information to another organisation, or to you, in certain circumstances.
  • Right to withdraw consent: Where we rely on consent as our lawful basis, you have the right to withdraw your consent at any time.

You can read more about these rights here.

If you make a request, we will respond without undue delay and in any event within one month.

To exercise your data protection rights, please contact us using the contact details set out above.

04

Our lawful bases for collecting and using your personal information

May 5, 2026

We rely on the following lawful bases when collecting and using your personal information:

  • Consent: You have given us permission to process your personal information for a specific purpose. Where we rely on consent, you have the right to withdraw it at any time.
  • Contract: We need to process your personal information to enter into or perform a contract with you.
  • Legal obligation: We need to process your personal information to comply with our legal or regulatory obligations.
  • Legitimate interests: We process your personal information where it is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms.

Our legitimate interests include operating and improving our credit card services, monitoring activity to detect and prevent fraud, ensuring accounts are used safely, and understanding how customers use our services to enhance user experience. These activities support the safe operation of our business while having minimal impact on individuals.


We rely on these lawful bases in different circumstances, including for:

  • operating customer accounts and guarantees;
  • providing service updates and marketing communications;
  • complying with legal and regulatory requirements;
  • dealing with queries, complaints or claims; and
  • making credit decisions

For more information on how we rely on legitimate interests, please contact us using the details provided above.

05

Where we get personal information from

May 5, 2026
  • Directly from you
  • Debt collection agencies
  • Legal and judicial sector organisations
  • Publicly available sources
  • Credit reference agencies
  • Providers of marketing lists and other personal information
06

How long we keep information

May 5, 2026

We retain personal information only for as long as necessary to fulfil the purposes set out in this Privacy Policy or as required by law.

If you apply for an account or product but do not proceed, or your application is declined, we may still retain your information. This allows us to comply with legal obligations, prevent fraud, and meet Anti-Money Laundering requirements.

We may also continue to collect limited information from credit reference agencies (where applicable) after your account is closed, in accordance with our regulatory responsibilities.

We regularly review our retention periods to ensure that personal information is not kept for longer than necessary.

For more information on how long we retain your personal information, or the criteria used to determine this, please contact us using the details provided above.

07

Who do we share information with?

May 5, 2026

We may share your personal information with:

  • Fraud prevention, Know Your Customer (KYC), and Anti-Money Laundering service providers, where necessary to fulfil our legal and regulatory obligations.
  • Professional or legal advisors.
  • Financial or fraud investigation authorities.
  • Relevant regulatory authorities.
  • External auditors or inspectors.
  • Organisations we are legally obliged to share personal information with.
  • Debt collection agencies.
  • Suppliers and service providers.
08

Cookies

May 5, 2026

We use cookies and similar technologies on our websites, apps, and in our emails.

Cookies are small text files that are stored on your computer or mobile device when you visit a website or use an app. They help websites recognise your device and remember information about your visit.

When you return to our website or app, or visit other websites and apps that use the same cookies, these cookies may recognise your device.

We use cookies for a range of purposes, including:

  • enabling you to navigate between pages efficiently;
  • remembering your preferences;
  • improving your overall online experience; and
  • ensuring that the adverts you see are relevant to you and your interests

We also use similar technologies, such as pixel tags, server-side tags, and JavaScript, for these purposes. In addition, cookies may be used in some of our emails to help us understand how you interact with our communications and to improve future communications.

Where you have consented to the use of marketing cookies, social media platforms (such as Facebook) may collect information about you, your device, and your interactions with our website. This allows us to display relevant products and services to you on those platforms.

Further information on how we use cookies, including how to control them, is available in our Cookies Policy.

09

Credit Reference Agencies (CRAs)

May 5, 2026

We use Credit Reference Agencies (CRAs) to help us assess applications for credit and to manage your account during your relationship with us.

When you apply for a product or service, we carry out credit and identity checks. To do this, we may share your personal information with CRAs, and they may provide us with information about you.

We will continue to share your personal information with CRAs while you have a relationship with us. We may also carry out periodic searches to help us manage your account.

The information we exchange with CRAs may include:

  • Name, address and date of birth
  • Credit application
  • Details of any shared credit
  • Financial situation and history
  • Fraud prevention information

We use this information to:

  • assess whether you or your business is able to afford to make repayments;
  • make sure what you’ve told us is true, correct and up to date;
  • help detect and prevent financial crime;
  • manage your accounts with us;
    trace and recover debts; and
  • ensure that any offers made to you are appropriate.

This may include information about account balances, transactions, repayments, and whether payments are made on time.

When we carry out a credit search, this will be recorded on your credit file. Other lenders may see this, and we may also see searches carried out by other lenders.

If you apply jointly with another person, or confirm a financial association (for example, a spouse, partner, or business partner), your records may be linked. These links may remain until you or the other person request that they are removed, subject to providing appropriate evidence.

You can find more information about CRAs in the Credit Reference Agency Information Notice (CRAIN), including:

  • who they are;
  • their role as fraud prevention agencies;
  • the data they hold and how they use it;
  • how they share personal information;
  • how long they can keep data; and
  • your data protection rights.

Here are links to the information notice for each of the Credit Reference Agencies we use for UK products and customers:

10

Other third parties

May 5, 2026

We may share your personal information with third parties where necessary for the purposes set out in this Privacy Policy, including:

  • trusted service providers and agents (including subcontractors) who support our operations;
  • fraud prevention, Know Your Customer (KYC), and Anti-Money Laundering service providers;
  • professional or legal advisers;
  • financial or fraud investigation authorities;
  • regulatory or law enforcement authorities, where required;
  • organisations to which we may transfer our rights, obligations, or assets; and
  • social media platforms, in a secure format, to display relevant advertising.

All third parties are required to keep your information secure and to use it only for the purposes specified by us.

11

How to complain

May 5, 2026

If you have any concerns about how we use your personal data, you can contact us at: support@flexcard.app.


If you are not satisfied with our response, you can also complain to the Information Commissioner’s Office (ICO):


Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint