← Back to Home

Privacy Policy

Last updated: February 2026

1. Who We Are

Steward (“we”, “us”, “our”) is a personal finance planning tool operated from London, United Kingdom. We are the data controller for your personal data. Steward is not a regulated financial adviser and is not authorised by the Financial Conduct Authority (FCA) to provide financial advice.

2. What Data We Collect

We collect the following categories of data:

  • Personal Information: Name, email address, phone number, home address (postcode)
  • Financial Data: Income, expenses, debts, savings goals, fund balances (provided by you or via Open Banking)
  • Bank Data: Transaction history, account balances (only if you connect via Open Banking through TrueLayer)
  • Usage Data: App interactions, chat messages with Steward AI, notification engagement, product interactions
  • Technical Data: Device type, operating system, IP address

3. Why We Collect Your Data

  • To provide and personalise the Steward service (financial plans, budgets, goal tracking)
  • To power AI-generated conversations and financial plan recommendations
  • To recommend relevant UK financial products that may help you achieve your goals
  • To send notifications you've opted into (payday reminders, goal milestones, etc.)
  • To improve our service through aggregated, anonymised analytics
  • To verify your identity during sign-up (phone OTP, email verification)

4. Legal Basis for Processing

  • Consent: For collecting financial data, Open Banking access, and data sharing
  • Contract Performance: To provide the Steward service you've signed up for
  • Legitimate Interest: For service improvement, fraud prevention, and anonymised analytics

5. How We Use AI

Steward uses artificial intelligence (OpenAI GPT-4o) to generate personalised financial plans and provide conversational support. Your financial data and chat messages are sent to OpenAI's servers (located in the United States) for processing. We have appropriate safeguards in place for international data transfers. The AI is not a human financial adviser and its outputs should not be treated as regulated financial advice.

6. Data Sharing

We share your data with:

  • OpenAI: For AI-powered conversations and plan generation (data processed in the US)
  • TrueLayer: For Open Banking connections (FCA-regulated, only if you connect your bank)
  • Twilio: For phone number verification via OTP
  • Supabase: For secure data storage (EU-based servers)
  • Product Partners: We may share anonymised, aggregated data with product partners for analytics

7. Data Selling

We may sell anonymised and aggregated financial data to third-party businesses for market research and analytics purposes. This data cannot be used to identify you personally. We will never sell your personal, identifiable data without your explicit consent. You can opt out of anonymised data sharing at any time in your app settings.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Anonymised analytics data may be retained indefinitely as it cannot be linked back to you.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of all data we hold about you (available in-app)
  • Rectification: Correct any inaccurate data
  • Erasure: Delete your account and all associated data (available in-app)
  • Portability: Export your data in a machine-readable format
  • Object: Opt out of data processing for marketing or analytics
  • Restrict: Limit how we process your data

10. Children's Data

Steward is intended for users aged 18 and over only. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately.

11. Cookies & Tracking

Our marketing website uses essential cookies only. The mobile app does not use cookies but may collect device identifiers for push notifications and analytics.

12. International Transfers

Some of your data is processed in the United States (by OpenAI for AI services). We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), to protect your data during international transfers.

13. How to Complain

If you have concerns about how we handle your data, please contact us at privacy@steward.money. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

14. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Steward after changes constitutes acceptance of the updated policy.