Privacy Policy

Why We Have a Privacy Policy

We are committed to respecting and protecting your privacy. This Privacy Policy sets out the type of information we collect from you and what we do with that information. This document is categorized into the following sections:

  1. Who We Are
  2. Key Terms
  3. Regulatory Compliance
  4. GDPR Principles
  5. Information we collect from you
  6. Additional Services: KAYL Forum and AI Assistant (Albie)
  7. How we use the information that we collect from
  8. Others we share your data with
  9. Retention Periods
  10. Storing your information
  11. Your rights under GDPR
  12. Withdrawing Consent
  13. Withdrawing Marketing Consent
  14. Complaints
  15. Changes to the Privacy Notice

1.0 Who We Are

KAYL Limited (“we”, “our”, “us”, “KAYL”) is committed to protecting and respecting your privacy. This Privacy Policy (also referred to as the “Privacy Notice”) describes how we collect, use, process, and disclose your personal information when you use and access the KAYL app and other services we offer, including the KAYL Forum and our AI assistant, Albie.

This Privacy Notice is designed to help you understand what personal data we collect, how we process and use that data, and your rights in relation to how we handle it.

For the purposes of the UK General Data Protection Regulation (UK GDPR), the data controller is KAYL Ltd, registered at 124-128 City Road, London, EC1V 2NX.

If you have any questions about this Privacy Policy or how your data is handled, please contact our Data Protection Officer at dpo@kayl-app.com.

This Privacy Policy is effective as of 30th December 2024. We may update this policy from time to time, and any changes will be communicated through our website, the KAYL app, and the KAYL Forum where appropriate.

2.0 Key Terms

To help you better understand this Privacy Policy, here are some key terms and their meanings:

  • KAYL Limited (“KAYL”, “we”, “our”, “us”): Refers to KAYL Limited, the data controller responsible for processing your personal data in connection with the KAYL app, website, and forum.
  • Aggregation Provider: Refers to Moneyhub Financial Technology Limited, an FCA-regulated provider that securely accesses your bank account and credit card information via open banking APIs to enable us to deliver our services.
  • Payment Services Provider: Refers to third-party services (such as Moneyhub) that enable us to securely initiate payments between your accounts under your instruction or ongoing consent (e.g. VRP sweeping).
  • Personal Data: Any information that can be used to directly or indirectly identify you, such as your name, email address, IP address, or bank account details.
  • Special Category Data: A subset of personal data that includes sensitive information requiring additional protection under UK GDPR, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health data, or data concerning a person’s sex life or sexual orientation.
  • GDPR: Refers to the UK General Data Protection Regulation, which governs how personal data must be collected, processed, stored, and protected in the United Kingdom.
  • Cookies: Small text files stored on your device when you visit our website or use our app. They help improve your experience, remember preferences, and allow us to analyse usage patterns to enhance performance. For more details, see our Cookies Policy.

3.0 Regulatory Compliance

We are committed to ensuring that all data processing activities comply with applicable legal and regulatory requirements, including (but not limited to):

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR)
  • Financial Conduct Authority (FCA) guidelines (where applicable)
  • Payment Services Regulations 2017 (where relevant to account information and payment initiation services)


To ensure our compliance with these obligations, we implement the following key practices:

3.1 Processing Special Category Data

When processing special category data (e.g. data revealing racial or ethnic origin, political opinions, religious beliefs, or data concerning health), we ensure that:

  • Explicit consent is obtained where legally required
  • Processing is conducted under a valid legal basis as outlined in Article 9 of the UK GDPR
  • Additional safeguards are in place, including encryption, role-based access controls, audit trails, and data minimisation


3.2 Lawful Basis for Processing

All data processing is conducted under one or more lawful bases, as set out in Article 6 of the UK GDPR, such as:

  • Consent
  • Contractual necessity
  • Compliance with legal obligations
  • Legitimate interests (where not overridden by your rights and freedoms)

We document our reliance on these legal bases for transparency and accountability.

3.3 Data Subject Rights

We uphold all data subject rights as defined under the UK GDPR, including the rights of:

  • Access
  • Rectification
  • Erasure (Right to be Forgotten)
  • Restriction
  • Objection to processing
  • Data portability


We provide mechanisms to help you exercise your rights in a timely and accessible manner (see Section 11 of this policy).

3.4 Data Protection Impact Assessments (DPIAs)

Where our processing activities may result in a high risk to your rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) in accordance with Article 35 of the UK GDPR.

This ensures that privacy risks are identified and mitigated before any such processing is undertaken — including the introduction of new technologies or significant changes to how we process personal data.

4.0 GDPR Principles

We adhere to the core principles of the UK General Data Protection Regulation (UK GDPR), ensuring that all personal data is:

  1. Processed lawfully, fairly, and transparently
    We ensure that all data processing is carried out on a valid legal basis, in a fair manner, and with full transparency to you as a data subject. This includes providing clear, accessible privacy notices and explanations of your rights.
  2. Collected for specified, explicit, and legitimate purposes
    We only collect personal data for clearly defined purposes related to the KAYL service, and we do not use it in ways that are incompatible with those purposes.
  3. Adequate, relevant, and limited to what is necessary (data minimisation)
    We collect and retain only the minimum amount of data required to achieve the specific purpose for which it was collected.
  4. Accurate and, where necessary, kept up to date
    We take reasonable steps to ensure that personal data is accurate and kept up to date. You are encouraged to notify us of any changes to your personal information.
  5. Retained only for as long as necessary
    We retain personal data only for as long as is needed to fulfil the original processing purpose or to meet our legal and regulatory obligations, in line with our retention policies.
  6. Processed securely
    We implement appropriate technical and organisational measures — including encryption, access controls, monitoring, and regular reviews — to ensure data confidentiality, integrity, and availability.
  7. Accountability
    We are responsible for demonstrating compliance with all UK GDPR principles. This includes maintaining internal records of processing activities, conducting regular audits, and embedding privacy considerations into our product development lifecycle (“privacy by design”).


These principles are central to how we process and safeguard your data, ensuring that your privacy and rights are always protected.

5.0 Information we collect from you

You may provide us with personal information by accessing our website (www.kayl-app.com), using the KAYL mobile app, corresponding with us via email or in-app messaging, or interacting with our services (including the KAYL Forum, which is covered in Section 6).

5.1 Information Provided to Us on Sign-Up

When you create a KAYL account – whether via the app, website, or forum, we collect the following personal data necessary to deliver our services, enable account access, and meet our regulatory obligations:

  • Full name
  • Email address – used to identify your account, communicate service updates, confirm sign-up and activity, and (with your consent) send marketing or educational content
  • Phone number


We do not currently collect your date of birth, nationality, or residential address during sign-up. If this changes in the future due to legal or regulatory obligations, we will update this Privacy Policy accordingly.

5.2 Technical and Usage Information

When you use the KAYL app or visit our website, we automatically collect certain technical information to ensure functionality, app performance, and service availability. This may include:

  • Information about your device: IP address, operating system, browser type and version, device identifiers, and mobile network information.
  • Usage details: date and time of visits, navigation history, session duration, and referral/exit pages.


This information is processed to fulfil our contract with you, ensure the security and performance of the KAYL service, and for our legitimate interest in maintaining and improving our platform.

5.3 Information We Receive from Third Parties

We receive information from third-party service providers who support the operation of our app. This includes Financial Data from our Aggregation Providers (Moneyhub) such as account numbers, sort codes, account balances, transaction history (credit and debit card data), and other relevant financial data needed to deliver the KAYL service. For more details, see Section 8 “Others We Share Your Data With.”


5.4 Profile Data

This includes details such as:

  • Your account credentials (e.g., username and password)
  • Survey responses and feedback you provide through the app


5.5 Marketing and Communications Data

This includes:

  • Communications with KAYL (e.g., email, chat, phone)
  • Your preferences for receiving marketing communications from us or our trusted partners
  • Notification and communication preferences set within the app


5.6 Cookies and Tracking Technologies

We use essential cookies on our website to ensure the proper functioning of core features. These cookies do not track your behaviour for analytics or performance monitoring.

For more information on the specific cookies we use and how you can manage or disable them, please refer to our Cookies Policy available on our website.

6.0 Additional Services: KAYL Forum and AI Assistant (Albie)

As part of our debt education mission, we operate the KAYL Forum (https://kaylappuk.discourse.group/), a public discussion platform hosted by Discourse and moderated by KAYL. This forum allows you to connect with peers, share experiences, access free tools, and receive general guidance from “Albie,” our AI debt education assistant.

The forum is publicly accessible, and your posts may be viewed by others. We advise you not to share sensitive personal information such as your full name, address, financial account numbers, or passwords.

6.1 Data Minimisation in the Forum

We are committed to collecting only the minimum personal data necessary to operate the forum responsibly. When using the forum, we collect:

  • Your forum username and public profile details
  • Forum contributions (posts, replies, comments)
  • Interaction data with the AI assistant Albie
  • Technical data (e.g., IP address, browser information, cookies)
  • Moderation history or flagged content

 We do not collect or process:

  • Financial information
  • Sensitive behavioural profiling data
  • Personal data beyond what is necessary for forum operations

Users are advised not to share personal or sensitive information in posts. Moderators review content and will remove posts that contain personal data or breach our Forum Rules and Guidelines.

6.2 Moderation and Safeguards

We maintain a robust moderation process to ensure a safe and welcoming environment. This includes:

  • Automated screening tools such as Watched Words and flagging mechanisms to detect offensive or sensitive material.
  • Manual moderation by trained KAYL staff where necessary (e.g., handling flagged posts or user reports).
  • Albie (the AI assistant) operates strictly under a fixed system prompt designed to avoid personalization, profiling, or the collection of personal data in user interactions.

Moderation actions are proportionate and aimed at maintaining forum safety and compliance with community standards.

6.3 Hosting and Data Storage

The forum is hosted by CDCK Inc. (the creators of Discourse), a trusted third-party provider under a formal Data Processing Addendum.

  • All forum data is encrypted at rest and in transit.
  • Regular backups are performed and stored securely.
  • Access to data is restricted to authorised personnel only and subject to strict confidentiality obligations.

CDCK Inc. processes data solely on our behalf and in accordance with our instructions.

6.4 User Rights

Forum users have full rights under the UK GDPR, including:

  • The right to access your forum data.
  • The right to request the deletion of your forum account and/or specific posts.
  • The right to restrict or object to certain types of processing.
  • The right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise your rights related to the forum, please email our Data Protection Officer at dpo@kayl-app.com.
Requests will be handled promptly and in accordance with applicable data protection laws. If you wish to delete your forum account and posts, please email dpo@kayl-app.com. We will review and action your request in accordance with GDPR, either by anonymizing your account or deleting posts where appropriate.

6.5 Additional Disclosures

Discourse, the third-party platform we use, is operated by CDCK Inc. and acts as a data processor on our behalf. Their obligations, including data hosting, security, and support, are governed by their Data Processing Addendum and Security Brief.

All AI-generated content produced by Albie is strictly for educational purposes only and does not constitute regulated financial advice.
Any concerns about data accuracy, moderation, or user conduct can be directed to our Data Protection Officer or forum moderators.

Users are subject to our Forum Rules and Guidelines and are expected to act responsibly when using this service.

7.0 How we use the information that we collect about you

KAYL may use your personal data for the following purposes:

i. To provide the products or services you have requested

ii. To monitor traffic patterns and usage of the app in order to improve its design, performance, and usability

iii. To identify, troubleshoot, and resolve technical or service-related issues.

iv To provide customer support, including responding to your enquiries and fulfilling your service requests.

v. To maintain a record of your relationship with us.

vi. To generate aggregated or anonymised statistics for internal analysis and business planning.

vii. To analyse and profile usage patterns to personalise your app experience, such as recommending relevant features or displaying targeted in-app messages and communications.

viii. To conduct checks necessary to prevent fraud and financial crime.

ix. To send you important information about KAYL products and services, including technical notices, updates, security alerts, and support or administrative messages

x. To enable your participation in surveys, prize draws, competitions, or other promotional activities.

xi. To deliver relevant content, communications, and service updates across our website, app, and forum — and to measure their effectiveness.

xii. To comply with legal obligations, or to establish, exercise, or defend against legal claims.

8.0 Others we share your data with

To deliver our services, we share your personal data with trusted third-party providers. These include:

i) Moneyhub Financial Technology Limited (“Moneyhub”) – Moneyhub serves as both our Aggregation Partner and Payment Services Provider. As an FCA-regulated account information service provider (AISP) and payment initiation service provider (PISP), Moneyhub securely:

  • Aggregates your financial data, including bank account details, balances, and transaction information, to enable us to deliver the KAYL service.
  • Initiates payments between your accounts as part of our payment services.

By using the Moneyhub service, you agree and grant them permission to securely access and process your personal data in accordance with their Privacy Policy. Moneyhub handles your data in compliance with the UK GDPR and other applicable regulatory standards.

ii) Other KAYL users – When participating in a referral programme, there is a legitimate interest in sharing your KAYL display name with the person who invited you. This enables us to let them know their referral was successful and to fulfil the terms of the programme.

iii) Aggregated Data – We may share aggregated or anonymised information (i.e., data that no longer identifies any individual user) for purposes such as industry and market analysis, demographic profiling, or improving our services. This type of data is not considered personal data under GDPR.

iv) Data Sales and Transfers – We do not sell your personal data to third parties. Your data is only shared with trusted partners and service providers as described in this Privacy Policy, and solely for the purpose of delivering the KAYL service. In the event of a business merger, acquisition, or sale, any transfer of personal data will be done in accordance with applicable data protection laws and with appropriate notice to you.

v) CDCK Inc. – CDCK Inc. operates the Discourse platform that hosts the KAYL Forum. They act as a data processor on our behalf and process forum data (including posts, user account data, and technical logs) solely to maintain forum functionality. All processing is carried out under our instructions and in accordance with their published privacy and security terms.

9.0 Retention Periods

We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or regulatory requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data, whether those purposes can be achieved through other means, and the applicable legal and regulatory obligations.

If you no longer want us to use your information, you can send a request to dpo@kayl-app.com. Please note that, if you request the erasure of your personal data, we may still retain certain personal information for at least five (5) years where required to comply with our legal or regulatory obligations.

10. Storing your information

All information you provide to us is stored securely in the cloud using industry-leading cloud service providers. Any transmission of information to our partners (including payment-related information) is encrypted using TLS technology, the current standard in secure internet communications.

However, the transmission of data over the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of information transmitted to our site or app, and any such transmission is at your own risk.

Once your information has been received, we implement strict procedures and security measures to prevent unauthorised access. Sensitive information (such as your bank account number and sort code) is stored using state-of-the-art symmetric encryption (AES).

We will only transfer your personal data outside the European Economic Area (EEA) to comply with a legal obligation or when engaging trusted third-party service providers to deliver the KAYL service. In such cases, we ensure your data is protected to the same standard as within the EEA, including through the use of appropriate safeguards such as Standard Contractual Clauses where necessary.

To support these security measures, we carry out periodic reviews and audits of our data storage and protection practices. These allow us to assess and strengthen our security procedures and ensure ongoing compliance with applicable data protection laws.

All staff receive regular training on data protection best practices and security protocols to ensure continued awareness and compliance.

In addition to the cloud storage and encryption practices described above, data submitted through the KAYL Forum (including usernames, posts, and IP logs) is hosted by CDCK Inc., the provider of the Discourse platform. Forum data is encrypted in transit and stored securely in line with CDCK’s data handling practices. As the data controller, KAYL retains full control over all user data collected via the forum and may access, delete, or export this data in accordance with this Privacy Policy.

11.0 Your rights under GDPR

We are committed to protecting your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as outlined in guidance provided by the UK Information Commissioner’s Office (ICO).

To exercise any of the rights listed below, we may need to confirm your identity to ensure your request is legitimate. We may also request further information to process your request efficiently.

You will not have to pay a fee to access your personal data (or to exercise any other rights listed below). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. In certain circumstances, we may also refuse to comply, in which case we will explain the reasons to you.

We aim to respond to all legitimate requests within one month. If your request is complex, or if you make multiple requests, we may need more time and will keep you informed throughout the process.

11.1 Access to your personal data

You have the right to request access to your personal data (commonly known as a Data Subject Access Request or SAR). If you would like a copy of the information we hold about you, please contact our Data Protection Officer (see Section 1 for contact details).

11.2 Correction of your personal data

You have the right to request the correction of the personal data we hold about you. This allows you to have any incomplete or inaccurate information corrected. We may need to verify the accuracy of any new data you provide.

It is important that the personal data we hold about you is accurate and current. Please let us know if your details change.

11.3 Erasure of your personal data

You have the right to request the erasure of your personal data where:

  • There is no good reason for us to continue processing it.
  • You have successfully exercised your right to object to processing.
  • We may have processed your data unlawfully.
  • We are required to erase your data to comply with legal obligations.

Please note that we may not always be able to comply with your request for specific legal or regulatory reasons, which will be explained at the time of your request if applicable.

11.4 Objection to processing of your personal data

You have the right to object to the processing of your personal data where we rely on our legitimate interests (or those of a third party), and you believe the processing impacts your rights and freedoms.

You also have an absolute right to object where we process your personal data for direct marketing purposes.

In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your information which override your rights.

11.5 Restriction of processing your personal data

You have the right to request that we restrict the processing of your personal data in the following scenarios:

  • You have challenged the accuracy of the data and we are verifying it.
  • The processing is unlawful but you do not want the data erased.
  • We no longer need the data, but you require it to establish, exercise, or defend a legal claim.
  • You have objected to our use of the data, and we are considering whether our legitimate grounds override yours.

11.6 Transfer of your personal data

You have the right to request the transfer of your personal data to you or another provider. We will provide the data in a structured, commonly used, and machine-readable format.

This right applies only to personal data:

  • You have provided to us directly,
  • That we process based on your consent or to perform a contract,
  • And where the processing is carried out by automated means.

12.0 Withdrawing Consent

You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

13.0 Withdrawing Marketing Consent

By submitting your personal information, you agree that KAYL may use your information for marketing purposes, including electronic marketing. We will not share your personal information with third parties for their own marketing purposes without your explicit, separate consent.

You have the right to withdraw your consent to receive marketing communications from us at any time. To do so, please email us at dpo@kayl-app.com. We will process your request promptly and ensure you no longer receive marketing messages.

14.0 Complaints

We are committed to addressing any concerns or complaints about how we handle your personal data. If you have any complaints, please contact us at hello@kayl-app.com so we can resolve the issue wherever possible.

For detailed information about how to make a complaint, please refer to our Complaints Policy. You can also lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator, if you are unhappy with how we have used your information.

15.0 Changes to the Privacy Notice

We are committed to addressing any concerns or complaints about how we handle your personal data. If you have any complaints, please contact us at hello@kayl-app.com so we can resolve the issue wherever possible.

For detailed information about how to make a complaint, please refer to our Complaints Policy. You can also lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator, if you are unhappy with how we have used your information.

The ICO’s contact details are as follows:

  • Website: https://ico.org.uk
  • Postal address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113

Any changes we may make to our Privacy Policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check by frequently to see any updates or changes to our Privacy Notice.

It is important that you read the Privacy Policies of our third-party service providers and partners.

Your use of the KAYL Forum is also governed by our Forum Rules and Guidelines, which complement this Privacy Policy.

Join the iOS Waitlist—
Get 30 Days Free!

Sign up now and unlock your free 30-day trial on iOS.