Privacy Policy

Last updated: February 2026

1. Who We Are

Paybackly ("we", "us", "our") operates the Paybackly platform at paybackly.online. We are the data controller responsible for your personal information. If you have any questions, contact us at support@paybackly.online.

2. Information We Collect

We collect only what we need to provide the service:

  • Account information: Your name, email address, phone number, and date of birth when you register.
  • Identity verification: Government-issued ID documents and a selfie, processed by Stripe Identity to confirm who you are. We do not store the raw images ourselves.
  • Bank details: Sort code and account number, used solely to transfer loan funds and set up Direct Debit repayments.
  • Loan data: Loan amounts, repayment schedules, payment history, and loan status.
  • Device information: Push notification tokens and basic browser/device type for app functionality.
  • Usage data: Pages visited and actions taken within the app, for security monitoring and improving the service.

3. How We Use Your Information

  • To verify your identity and prevent fraud and money laundering.
  • To facilitate loans and repayments between users.
  • To process Direct Debit payments via GoCardless.
  • To transfer funds to borrowers via TrueLayer.
  • To send you notifications about loan activity, payment reminders, and account updates.
  • To comply with legal and regulatory obligations under UK law.
  • To investigate disputes and suspicious activity.

4. Legal Basis for Processing

We process your data under the following legal bases (UK GDPR):

  • Contract: Processing necessary to provide the service you signed up for.
  • Legal obligation: Identity verification and fraud prevention requirements.
  • Legitimate interests: Security monitoring and service improvement.
  • Consent: Push notifications (you can withdraw consent at any time in Settings).

5. Data Sharing

We share your data only where necessary:

  • Stripe: For identity verification. Stripe processes your ID documents under their own privacy policy.
  • GoCardless: For Direct Debit setup and payment collection. GoCardless is FCA authorised.
  • TrueLayer: For bank-to-bank fund transfers to borrowers.
  • Supabase: Our database and authentication provider, hosted in the EU.
  • Other users: Your first and last name are shared with the other party in a loan agreement so they know who they are lending to or borrowing from.

We never sell your personal data. We never share it with advertisers.

6. Data Retention

We retain your account data for as long as your account is active. Loan records are retained for 7 years to comply with financial regulations. If you request account deletion, we will delete your personal data except where we are required to keep it by law.

7. Data Security

We protect your data with industry-standard measures: TLS encryption in transit, encryption at rest, row-level security on our database so users can only access their own data, and secure session management. We do not store bank account details beyond what is necessary for the service.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Request deletion of your data (subject to legal retention obligations).
  • Restriction: Ask us to limit how we process your data in certain circumstances.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email us at support@paybackly.online. We will respond within 30 days.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or in-app notification. Continued use of Paybackly after changes constitutes acceptance of the updated policy.

11. Contact & Complaints

For privacy concerns, contact us at support@paybackly.online. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.