Privacy Policy
Chipkie — Privacy Policy (United Kingdom)
Last updated: 10th June 2026
Chipkie Pty Ltd (ABN 75 663 915 884) (we, us, or our) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect personal data when you interact with us through the United Kingdom section of our websites, applications, and services (the Platform), and your rights under UK data protection law.
We are the data controller of your personal data. We are a software company based in Australia. Our Platform is a record-keeping and document-generation tool that helps people who already know each other (such as friends and family) record a loan, track repayments, and optionally generate a simple loan agreement. We are not a lender, broker, payment service provider, debt collector, or credit reference agency, and we do not hold, transfer, or process loan funds.
This Privacy Policy is governed by the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1. Our Details and UK Representative
Data controller: Chipkie Pty Ltd (ABN 75 663 915 884), Australia. Contact: [email protected]
Because we are based outside the United Kingdom and offer services to individuals in the UK, we have appointed a UK representative under Article 27 of the UK GDPR. You may contact our UK representative on data protection matters at:
[INSERT UK REPRESENTATIVE NAME] [INSERT UK ADDRESS] [INSERT EMAIL]
If we have appointed a Data Protection Officer, you can contact them at [INSERT, or delete if not applicable].
2. The Personal Data We Collect
The types of personal data we may collect about you include:
- Identity Data — your name, age, and gender.
- Contact Data — your telephone number, address, and email.
- Financial Data — bank account and payment card details, collected and stored through our third-party payment processor (such as Stripe). The processor stores this; we do not have access to your full card or bank account numbers.
- Identity Verification Data — government-issued identification details we may request to verify your identity and help prevent fraud, where reasonably necessary or required by applicable law.
- Transaction Data — details about payments between you and us (such as subscription Fees). (We do not collect, hold, or process the loan funds exchanged between users; we record only the loan information you choose to enter.)
- Technical and Usage Data — your IP address, login data, browser session and approximate geolocation data, page-view and session statistics, device and network information, acquisition sources, search queries and browsing behaviour, and your use of our website (including via cookies and analytics).
- Profile Data — your username and password, profile picture, your activity on the Platform, and support requests.
- Interaction Data — information you provide when you take part in surveys, contests, promotions, activities, or events.
- Marketing and Communications Data — your marketing preferences and communication preferences.
- Professional Data — if you are a worker of ours or apply for a role, your professional history.
Special category data. We do not generally seek to collect “special category” data (such as data about health, race, religion, or biometrics). Please do not provide such data unless we specifically request it. If you do, we will only process it where a condition under Article 9 of the UK GDPR applies.
3. How We Collect Personal Data
We collect personal data: when you provide it directly (in person, by phone, by email, or online); when you complete a form or register for events or newsletters or respond to surveys; when you use a website or application we operate (including via analytics, cookie, and marketing providers — see Section 6); from third parties such as our payment processor (Stripe) and identity-verification providers; and from publicly available sources.
4. How and Why We Use Your Personal Data (Lawful Bases)
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
| Purpose | Data used | Lawful basis |
|---|---|---|
| Provide the Platform, set up your login, and deliver the services you sign up for | Identity, Contact, Profile, Transaction | Performance of a contract with you |
| Take payment for your subscription and handle billing | Contact, Financial, Transaction | Performance of a contract; Legal obligation (keeping accounting records) |
| Verify your identity and prevent, detect, and respond to fraud and misuse | Identity, Identity Verification, Technical | Legitimate interests (protecting our Platform and users from fraud); Legal obligation where applicable |
| Respond to your support requests and communicate with you | Identity, Contact, Profile | Performance of a contract; Legitimate interests (running our service efficiently) |
| Internal record-keeping and administration | Most categories | Legitimate interests; Legal obligation |
| Analytics, research, and improving our Platform and business | Technical, Usage, Profile, Interaction | Legitimate interests (to operate and improve our business) |
| Send you marketing about our products and offers | Contact, Marketing, Profile | Consent, or Legitimate interests for existing customers (soft opt-in) — see Section 5 |
| Run promotions and competitions | Identity, Contact, Interaction | Consent; Performance of a contract (competition terms) |
| Consider your job application | Professional, Identity, Contact | Legitimate interests / steps prior to entering a contract |
| Comply with our legal obligations and establish, exercise, or defend legal claims | As relevant | Legal obligation; Legitimate interests |
Where we rely on legitimate interests, we have balanced our interests against your rights, and you may object to that processing (see Section 12). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
5. Marketing and Your Right to Object
We will only send you marketing communications where you have consented, or where we are permitted to do so under the “soft opt-in” rules in PECR (for example, where you are an existing customer and we market similar products, and you did not opt out when we collected your details).
You can opt out of marketing at any time — by using the unsubscribe link in any marketing email, by adjusting your preferences in your Account, or by contacting us. You have an absolute right to object to direct marketing, and we will stop promptly.
6. Cookies and Similar Technologies
We use cookies and similar technologies on our website. Strictly necessary cookies are used to operate the website. For all other cookies — including analytics and advertising cookies — we will ask for your consent through our cookie banner, and you can change your choices at any time via our cookie settings.
Google Analytics. We use Google Analytics, including Advertising Features, which may set first-party and third-party cookies that collect Technical and Usage Data and support retargeting. These are only set where you have consented. You can also opt out using the Google Analytics Opt-out Browser Add-on and control personalised ads through Google’s Ads Settings.
If you block cookies through your browser, some parts of our website may not work properly. For more detail, see our Cookie Policy [INSERT LINK].
7. Who We Share Your Personal Data With
We share personal data only where necessary, and we require recipients to protect it. We may share personal data with:
- our employees, contractors, and group entities;
- IT, data-storage, web-hosting, and server providers (acting as our processors);
- our payment processor (such as Stripe) and identity-verification providers;
- analytics and marketing providers;
- professional advisers, bankers, auditors, insurers, and insurance brokers;
- our existing or potential agents or business partners;
- a buyer or successor if we sell, merge, or reorganise our business, in which case your data may be among the assets transferred;
- courts, tribunals, regulators, and law-enforcement bodies, where required or permitted by law, or to establish, exercise, or defend legal rights; and
- other third parties where required or permitted by law.
We do not sell your personal data.
8. International Transfers
We store and process your personal data in Australia, and some of our service providers may process it in other countries outside the UK. The UK Government has not made an “adequacy” decision in respect of Australia.
Where we transfer your personal data outside the UK, we put in place appropriate safeguards as required by the UK GDPR — in particular, the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with any additional measures needed to protect your data. You can request a copy of the safeguards we use by contacting us.
9. How Long We Keep Your Personal Data
We keep your personal data only for as long as necessary for the purposes set out in this Privacy Policy, including to provide the Platform, meet our legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. To decide how long to keep data, we consider its nature and sensitivity, the potential risk of harm from unauthorised use, the purposes of processing, and applicable legal requirements. When we no longer need your personal data, we will securely delete or anonymise it.
10. Data Security
We have put in place appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage, as required by Article 32 of the UK GDPR. However, no transmission over the internet is completely secure, and any transmission is at your own risk.
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) and, where required, you, in accordance with our legal obligations.
11. Your Rights Under UK Data Protection Law
Subject to certain conditions and exceptions, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (the “right to be forgotten”) in certain circumstances.
- Restriction — ask us to limit our processing in certain circumstances.
- Data portability — receive certain data in a structured, commonly used, machine-readable format, or have it transferred to another controller.
- Object — object to processing based on our legitimate interests, and to object to direct marketing at any time.
- Rights relating to automated decision-making — not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 13).
- Withdraw consent — where we rely on consent, withdraw it at any time.
12. How to Exercise Your Rights
To exercise any right, contact us at [email protected] or via our UK representative (Section 1). We may need to verify your identity before responding. We will respond within one month (which may be extended by two further months for complex requests, in which case we will tell you). Exercising these rights is normally free, but we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive, as permitted by law.
13. Automated Decision-Making and Profiling
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. We may use limited profiling (for example, to understand usage and tailor content), but this does not have legal or similarly significant effects on you.
14. Complaints
If you have a concern about how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority, at https://ico.org.uk, by calling 0303 123 1113, or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
15. Children’s Privacy
The Platform is intended for users who are at least 18 years old, and it is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us, and we will take reasonable steps to delete it.
16. Single Sign-On Accounts
If you connect your account using a single sign-on provider (for example, Google or Facebook), we will collect personal data from that provider in accordance with the privacy settings you have chosen with them. This may include your name, ID, username, handle, profile picture, gender, age, language, list of friends or follows, and other information you choose to share. We use this to create your profile and provide our services. Where we received data through your Facebook account, you may ask us to delete it by emailing us and specifying what you would like deleted.
17. Links to Other Websites
Our website may contain links to third-party websites we do not control and are not responsible for. Those websites are not governed by this Privacy Policy, and we encourage you to review their own privacy notices.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time by publishing the updated version on our website, and the “Last updated” date shows when it was last revised. Where changes are material, we will take reasonable steps to notify you.
19. Contact Us
For any questions, requests, or complaints, please contact:
Chipkie Pty Ltd (ABN 75 663 915 884) Email: [email protected]
UK representative: