You and your personal information are NOT our product, and we will never sell or solicit it to third parties without your permission.
One thing we want to be upfront about is that as Curve evolves, this policy will evolve with it. If we’re making a major change that will change the privacy levels you are used to, then we will actively notify you (for example, via email or an in-app notification). We will post any minor changes we make, clearly marked, on this page.
Please note that there is no personal information collected, used or shared through Curve other than as set out in the below. By clicking to accept this policy, you acknowledge that you have read and understood it fully. Thanks.
Let us assure you that we do not use your personal information, nor rent or sell your personal information for marketing purposes.
When you first launch the application and initiate the card registration process, Curve will need to obtain identification and verification information which will then be submitted to your bank and be used to check your identity and to identify, prevent, detect or tackle financial crime, including fraud, money laundering and other unauthorized conduct. Such information includes:
Curve Account information and Curve usage data, such as usage duration and how many cards you may have registered on Curve;
Device information, such as your device model number, OS version and other device identifier(s).
Location information (i.e., where you are when you register your card), but only if location detection is enabled on your device at the time you register your card; and
Card information and billing address, which is sent to your card issuer, passing through our servers.
We provide this information to your card issuer so that it can authenticate cardholders, and detect and discourage fraud.
In addition to the disclosures to your card issuers described above, we may disclose your personal information to third parties for the following purposes:
To provide services you request in connection with Curve;
To check your identity and to identify, prevent, detect or tackle financial crime, including fraud, money laundering and other unauthorized conduct.
When you contact the Curve Support team for assistance via any means we may keep a record of your communications to respond to your query and to improve our service to you. Your call may be recorded for training or quality purposes.
To third parties involved in the process of providing services to us or you or performing functions on our behalf. Those third parties are only permitted to use your personal information for the purpose for which it has been provided and may not disclose it to any other third party except at our express direction and in accordance with this Notice.
To comply with law or a court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Curve, our employees, our customers, or others.
Curve employs commercially reasonable industry standards intended to safeguard your personal information.
Curve understands the importance of keeping your personal data secure. We will take appropriate technical and organisational measures to protect against unauthorised or unlawful processing, accidental loss or destruction of, or damage to personal data, although we cannot guarantee these things will never happen. No system is 100% safe from a sophisticated and sustained attack by determined hackers.
A selection of measures we take to protect your personal data are provided below:
- Using industry standard security technology and procedures to protect your information
- High-security password protection on internal Curve systems
- Encryption of our services using SSL (Secure Sockets Layer)
- Training of our employees on information security
- Continual review of our policies and procedures in response to advances in technology and security best practice
- Curve App access password protection
- Built in password protection on the Curve App preventing unauthorized people from accessing your account
- Limiting access to your data
- Measures to ensure access to Curve systems is limited to carefully selected Curve team members, as required to undertake their job
- All employees undergo data protection training and sign confidentiality agreements
Curve’s servers are inside the European Union (EU), but may also be based in the US in future, and some of the tools and services we use may be hosted outside the EU. We want you to be aware that the laws regarding processing of personal information outside the EU may not be as rigorous as those within it. If we transfer your information to our servers, or a service provider or agent in another country outside the European Union, we will make sure that we and the service provider or agent agrees to apply the same levels of protection as we are required to apply to personal information held and processed in the UK and to use your information only for the purpose of providing the service to us.
Under UK law, individuals have the right to request a copy of all personal information that We hold about them and have the right to request that incorrect information is amended. To do this, We will need to verify your identity and may charge a reasonable administration fee to provide a copy of your information. As before please remember that for legal or risk reasons we may be unable to amend or delete certain types of data. We will inform you of this following your request should this be the case.