Privacy Policy

GenLibre Ltd ("GenLibre", "we", "us", "our") is a financial technology company registered in England and Wales. We operate the GenLibre platform, which helps UK homeowners accelerate mortgage repayment through AI-powered tools, family contribution pooling, and smart refinancing alerts. Our registered address is [Registered Address], England, United Kingdom. We are committed to protecting your personal data and handling it responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect the following categories of personal data: Identity Data: Your full name, date of birth, and username. Contact Data: Your email address and phone number. Financial Data: Mortgage balance, monthly payments, interest rate, lender details, income and expenditure data obtained via Open Banking connections. Transaction Data: Records of overpayments, family contributions, and payment history within the platform. Technical Data: IP address, browser type and version, device information, and usage data. Profile Data: Your Freedom Score, preferences, settings, and platform interactions. Family Pool Data: Names and email addresses of family members you invite to contribute to your mortgage. Communications Data: Records of your interactions with our AI Financial Coach.

We collect data through the following means: Direct interactions: When you register, set up your profile, connect your mortgage, or contact us. Open Banking: When you connect your bank and mortgage accounts via TrueLayer, we receive read-only access to your financial data. We never have access to move or transfer your money. Automated technologies: We use cookies and similar tracking technologies to collect technical and usage data as you interact with our platform. Third parties: We may receive data from payment processors (Stripe), Open Banking providers (TrueLayer), and analytics providers.

We use your personal data for the following purposes: To provide and improve our services: Calculating your Freedom Score, generating overpayment recommendations, and facilitating family contributions. To process payments: Managing your subscription through Stripe. To personalise your experience: Tailoring AI coach responses and insights to your specific mortgage situation. To communicate with you: Sending service updates, milestone notifications, and (where you have opted in) marketing communications. To comply with legal obligations: Meeting our regulatory requirements as a financial services business. To protect our legitimate interests: Fraud prevention, security monitoring, and improving our platform.

When you connect your bank and mortgage accounts, we use TrueLayer — an FCA-authorised Open Banking provider — to access your financial data. Important points about your financial data: We only ever have read-only access. We cannot move, transfer, or modify your money. Your banking credentials are never shared with GenLibre — you authenticate directly with your bank. Open Banking consent can be withdrawn at any time from your account settings. Financial data is encrypted in transit and at rest using bank-level AES-256 encryption. We retain financial data only for as long as necessary to provide our services.

We do not sell your personal data to third parties. We share data only in the following circumstances: Service providers: We share data with carefully selected third parties who help us deliver our services, including Supabase (database), Stripe (payments), TrueLayer (Open Banking), and Anthropic (AI services). All are bound by data processing agreements. Family pool members: When you invite family members to your contribution pool, they will see your mortgage progress and contribution data as set out in the platform. Legal requirements: We may disclose data where required by law, court order, or regulatory authority. Business transfers: In the event of a merger or acquisition, your data may be transferred to the acquiring entity, subject to the same privacy protections.

We retain your personal data for as long as your account is active and for a period thereafter as required by law and legitimate business purposes. Account data: Retained for the duration of your account plus 7 years after closure (required for financial services compliance). Financial data: Retained for 6 years from the date of the relevant transaction. AI Coach conversations: Retained for 2 years unless you request earlier deletion. You can request deletion of your data at any time by contacting us at privacy@genlibre.com, subject to our legal retention obligations.

Under UK GDPR you have the following rights regarding your personal data: Right to access: Request a copy of the data we hold about you. Right to rectification: Request correction of inaccurate data. Right to erasure: Request deletion of your data, subject to legal retention requirements. Right to restrict processing: Request that we limit how we use your data. Right to data portability: Request your data in a machine-readable format. Right to object: Object to processing based on legitimate interests. Right to withdraw consent: Where processing is based on consent, withdraw it at any time. To exercise any of these rights, contact us at privacy@genlibre.com. We will respond within 30 days.

We use cookies and similar technologies to operate our platform. For full details of the cookies we use and how to manage them, please see our Cookie Policy. Essential cookies are required for the platform to function and cannot be disabled. Analytics and preference cookies can be managed through your browser settings or our cookie preference centre.

We take the security of your data seriously. We implement the following measures: Bank-level AES-256 encryption for data at rest and in transit. Secure authentication via Supabase with row-level security. Regular security audits and penetration testing. Staff training on data protection and security. Incident response procedures in place for data breaches. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours.

If you have any questions about this Privacy Policy or how we handle your data, please contact us: Email: privacy@genlibre.com Post: GenLibre Ltd, [Registered Address], England If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.