Frugate Privacy Policy

Frugate Ltd is a company registered in England and Wales at 71-75 Shelton Street, London WC2H 9JQ. Frugate acts as the data controller for personal data processed through the Frugate web and mobile applications, support channels, and related services.

You can contact our data protection lead at privacy@frugate.co.uk for any questions about this notice or your rights.

This policy applies to personal data processed when you create or manage a Frugate account, connect bank accounts, interact with support, or browse frugate.app and related domains.

It does not cover third party services you access through Frugate, such as your bank or Stripe, which have their own privacy notices.

• Account data including your name, email address, password hash, authentication tokens, invited household members, and audit logs.
• Profile preferences such as home currency, notification settings, and display theme.
• Subscription and billing information supplied through Stripe including customer identifiers, invoices, payment status, and limited card metadata.
• Financial information that you choose to store in Frugate such as budgets, categories, planned income, goals, debts, and transactions.
• Bank connection metadata received from GoCardless including institution name, account type, last sync time, and status.
• Usage and device information including IP address in truncated form, browser and operating system, session timestamps, feature usage, and analytics events captured by GA4 once you grant consent.
• Support records such as enquiries, attachments, and resolution notes.

• Provide and maintain the Frugate services, including authentication, budgeting features, insights, and synchronisation with linked bank accounts.
• Deliver customer support, notify you about important service updates, and respond to enquiries.
• Process subscriptions, invoices, refunds, and fraud screening through our payment provider.
• Monitor usage to improve performance, develop new features, and personalise in-product messaging.
• Protect the platform, investigate suspicious activity, and enforce our Terms of Service.
• Comply with legal obligations, accounting rules, and regulatory requests from authorities.

We rely on the following lawful bases under UK GDPR when processing your data:

• Contract: delivering the services you sign up for and taking steps at your request before entering a contract.
• Legitimate interests: improving security, preventing abuse, and developing features in ways that respect your rights.
• Consent: optional analytics, marketing communications, or when law requires us to request your agreement.
• Legal obligation: retaining financial records, responding to court orders, and meeting regulatory requirements.

We only share personal data with trusted service providers that help us run Frugate. Each provider is bound by a written data processing agreement and must implement strong security controls.

• Supabase for authentication, database hosting, and managed infrastructure.
• Stripe for subscription billing, payments, and invoice emails.
• GoCardless for bank aggregation and account syncing.
• Google Analytics 4 to understand product usage once you have granted analytics consent.
• Professional advisers, auditors, insurers, or regulators when legally required.

We never sell personal data. We do not allow providers to use your information for their own marketing purposes.

Some processors operate outside the United Kingdom. When we transfer personal data internationally we rely on adequacy regulations or the UK International Data Transfer Agreement, and we keep records of the safeguards applied.

We retain personal data while you hold an active account and for up to seven years after closure to meet tax and accounting rules. Support correspondence is retained for up to three years after resolution. When retention periods expire we securely delete or anonymise data.

We apply technical and organisational measures including encryption in transit, segregated environments, least privilege access, multi factor authentication for administrators, and continuous monitoring. We review supplier compliance annually.

Under UK GDPR you have rights to access, correct, erase, and restrict personal data. You may also object to processing, request data portability, or withdraw consent for optional processing at any time.

To exercise these rights email privacy@frugate.co.uk. We respond within thirty days. You can lodge a complaint with the Information Commissioner's Office if you are unhappy with our response.

Frugate is designed for individuals aged sixteen or older. We do not knowingly collect personal data from children. If you believe a child has provided data please contact us so we can remove it promptly.

We update this policy when our practices or legal obligations change. We notify account holders about material updates at least thirty days before they become effective. The effective date above shows the latest revision.

You can reach our data protection lead at privacy@frugate.co.uk or by writing to Frugate Ltd, 71-75 Shelton Street, London WC2H 9JQ, United Kingdom.