Cookie Preferences

How we use cookies We have to use some essential cookies to make this website work. Cookies are stored locally on your computer or mobile device. We also use other optional cookies to: Analyse how you use the site Personalise and improve your site experience Deliver personalised content and messaging from ourselves and third parties You can either accept or reject these optional cookies.

Flex Credit CardHome
Resources & Documents

Privacy Policy

Please read our privacy policy carefully before using our service

What information do we collect, use, and why?

Updated May 5, 2026

We collect and use the following categories of personal information to operate customer accounts, provide service
updates, send marketing communications, deal with queries, complaints or claims, and make credit decisions:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences
  • Location data
  • Recorded images, such as photos or videos
  • Purchase or viewing history
  • IP addresses
  • Website and app user journey information
  • Records of consent, where appropriate
  • Customer or client accounts and records
  • Financial transaction information
  • Date of birth
  • Credit reference information
  • Identification documents
  • Information relating to compliments or complaints

We collect or use the following information where necessary to comply with legal requirements:

  • Name
  • Contact information
  • Identification documents
  • Financial transaction information

Lawful bases and data protection rights

Updated May 5, 2026

Under UK data protection law, we are required to have a valid “lawful basis” for collecting and using your personal
information. The UK GDPR sets out the available lawful bases. Further information on these can be found on the ICO’s
website.


The lawful basis we rely on may affect your data protection rights, which are summarised below. More detailed
information, including any applicable exemptions, is available on the ICO’s website.

Your rights

  • Right of access: You have the right to request copies of your personal information. You may also request
    information about where we obtain your personal information and who we share it with. There are some
    exemptions that apply, which mean you may not receive all the information you request.
  • Right to rectification: You have the right to request that we correct personal information you believe is
    inaccurate or incomplete.
  • Right to erasure: You have the right to request that we delete your personal information, in certain
    circumstances.
  • Right to restriction of processing: You have the right to request that we limit how we use your personal
    information, in certain circumstances.
  • Right to object: You have the right to object to the processing of your personal data, in certain
    circumstances.
  • Right to data portability: You have the right to request that we transfer your personal information to another
    organisation, or to you, in certain circumstances.
  • Right to withdraw consent: Where we rely on consent as our lawful basis, you have the right to withdraw your
    consent at any time.

You can read more about these rights here.


If you make a request, we will respond without undue delay and in any event within one month.

To exercise your data protection rights, please contact us using the contact details set out above.

Our lawful bases for collecting and using your personal information

Updated May 5, 2026

We rely on the following lawful bases when collecting and using your personal information:

  • Consent: You have given us permission to process your personal information for a specific purpose. Where we
    rely on consent, you have the right to withdraw it at any time.
  • Contract: We need to process your personal information to enter into or perform a contract with you.
  • Legal obligation: We need to process your personal information to comply with our legal or regulatory
    obligations.
  • Legitimate interests: We process your personal information where it is necessary for our legitimate interests
    (or those of a third party), provided those interests are not overridden by your rights and freedoms.

Our legitimate interests include operating and improving our credit card services, monitoring activity to detect and prevent fraud, ensuring accounts are used safely, and understanding how customers use our services to enhance user experience. These activities support the safe operation of our business while having minimal impact on individuals.


We rely on these lawful bases in different circumstances, including for:

  • operating customer accounts and guarantees;
  • providing service updates and marketing communications;
  • complying with legal and regulatory requirements;
  • dealing with queries, complaints or claims; and
  • making credit decisions

For more information on how we rely on legitimate interests, please contact us using the details provided above.

Where we get personal information from

Updated May 5, 2026
  • Directly from you
  • Debt collection agencies
  • Legal and judicial sector organisations
  • Publicly available sources
  • Credit reference agencies
  • Providers of marketing lists and other personal information

How long we keep information

Updated May 5, 2026

We retain personal information only for as long as necessary to fulfil the purposes set out in this Privacy Policy or as
required by law.

If you apply for an account or product but do not proceed, or your application is declined, we may still retain your information. This allows us to comply with legal obligations, prevent fraud, and meet Anti-Money Laundering requirements.

We may also continue to collect limited information from credit reference agencies (where applicable) after your account is closed, in accordance with our regulatory responsibilities.

We regularly review our retention periods to ensure that personal information is not kept for longer than necessary.

For more information on how long we retain your personal information, or the criteria used to determine this, please
contact us using the details provided above.

Who do we share information with?

Updated May 5, 2026

We may share your personal information with:

  • Fraud prevention, Know Your Customer (KYC), and Anti-Money Laundering service providers, where necessary to fulfil our legal and regulatory obligations.
  • Professional or legal advisors.
  • Financial or fraud investigation authorities.
  • Relevant regulatory authorities.
  • External auditors or inspectors.
  • Organisations we are legally obliged to share personal information with.
  • Debt collection agencies.
  • Suppliers and service providers.

Cookies

Updated May 5, 2026

We use cookies and similar technologies on our websites, apps, and in our emails.


Cookies are small text files that are stored on your computer or mobile device when you visit a website or use an app.


They help websites recognise your device and remember information about your visit.

When you return to our website or app, or visit other websites and apps that use the same cookies, these cookies may recognise your device.

We use cookies for a range of purposes, including:

  • enabling you to navigate between pages efficiently;
  • remembering your preferences;
  • improving your overall online experience; and
  • ensuring that the adverts you see are relevant to you and your interests

We also use similar technologies, such as pixel tags, server-side tags, and JavaScript, for these purposes. In addition, cookies may be used in some of our emails to help us understand how you interact with our communications and to improve future communications.

Where you have consented to the use of marketing cookies, social media platforms (such as Facebook) may collect information about you, your device, and your interactions with our website. This allows us to display relevant products and services to you on those platforms.

Further information on how we use cookies, including how to control them, is available in our Cookies Policy.

Credit Reference Agencies (CRAs)

Updated May 5, 2026

We use Credit Reference Agencies (CRAs) to help us assess applications for credit and to manage your account during your relationship with us.

When you apply for a product or service, we carry out credit and identity checks. To do this, we may share your personal information with CRAs, and they may provide us with information about you.

We will continue to share your personal information with CRAs while you have a relationship with us. We may also carry out periodic searches to help us manage your account.

The information we exchange with CRAs may include:

  • Name, address and date of birth
  • Credit application
  • Details of any shared credit
  • Financial situation and history
  • Fraud prevention information

We use this information to:

  • assess whether you or your business is able to afford to make repayments;
  • make sure what you’ve told us is true, correct and up to date;
  • help detect and prevent financial crime;
  • manage your accounts with us;
    trace and recover debts; and
  • ensure that any offers made to you are appropriate.

This may include information about account balances, transactions, repayments, and whether payments are made on time.


When we carry out a credit search, this will be recorded on your credit file. Other lenders may see this, and we may also see searches carried out by other lenders.

If you apply jointly with another person, or confirm a financial association (for example, a spouse, partner, or business partner), your records may be linked.

These links may remain until you or the other person request that they are removed, subject to providing appropriate evidence.

You can find more information about CRAs in the Credit Reference Agency Information Notice (CRAIN), including:

  • who they are;
  • their role as fraud prevention agencies;
  • the data they hold and how they use it;
  • how they share personal information;
  • how long they can keep data; and
  • your data protection rights.


Here are links to the information notice for each of the Credit Reference Agencies we use for UK products and customers:

Other third parties

Updated May 5, 2026

We may share your personal information with third parties where necessary for the purposes set out in this Privacy Policy, including:

  • trusted service providers and agents (including subcontractors) who support our operations;
  • fraud prevention, Know Your Customer (KYC), and Anti-Money Laundering service providers;
  • professional or legal advisers;
  • financial or fraud investigation authorities;
  • regulatory or law enforcement authorities, where required;
  • organisations to which we may transfer our rights, obligations, or assets; and
  • social media platforms, in a secure format, to display relevant advertising.

All third parties are required to keep your information secure and to use it only for the purposes specified by
us.

How to complain

Updated May 5, 2026

If you have any concerns about how we use your personal data, you can contact us at: support@flexcard.app.

If you are not satisfied with our response, you can also complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint