Protecting your privacy is one of our highest priorities

Curve Privacy Policy Terms of Use Version 1.0

Welcome to the Curve privacy policy which outlines the personal information we collect and how we use that information. We seek to be entirely transparent about this.

You and your personal information are NOT our product, and we will never sell or solicit it to third parties without your permission.

One thing we want to be upfront about is that as Curve evolves, this policy will evolve with it. If we’re making a major change that will change the privacy levels you are used to, then we will actively notify you (for example, via email or an in-app notification). We will post any minor changes we make, clearly marked, on this page.

Please note that there is no personal information collected, used or shared through Curve other than as set out in the below. By clicking to accept this policy, you acknowledge that you have read and understood it fully. Thanks.

Here’s a quick summary:

1. We’ll never show your data to third parties or use it without your permission.

2. Your usage data cannot be traced back to you, unless needed to prevent fraud.

3. We work to very high level security standards, both with our technology and our people.

Glossary of important terms

Personal information: any data which relates to you, if you can be identified from it (or from other information that is or is likely to come into the possession of the person who determines how and why the data is processed).

“We”, “us”, “our” and “Curve” means Curve 1 Limited (Company No. 9523903) 10-18 Union St, London, SE1 1SZ, UK.

“You”, “your” means any user of our services including the Curve card, mobile app and other features.

Cookies: small pieces of information stored on a user’s computer or device by a web service while the user is using the service which allows it to retain information about them.

We are a registered data controller (ICO registration no. ZA135276) which means we determine the purpose for which your personal data is processed under this privacy policy. However some of our partners may also be data controllers for the purposes of their own privacy policies.

See http://www.ico.org.uk/ for more information on cookies and personal information.

Collection, Use & Disclosure

Let us assure you that we do not use your personal information, nor rent or sell your personal information for marketing purposes.

When you first launch the application and initiate the card registration process, Curve will need to obtain identification and verification information which will then be submitted to your bank and be used to check your identity and to identify, prevent, detect or tackle financial crime, including fraud, money laundering and other unauthorized conduct. Such information includes:

Curve Account information and Curve usage data, such as usage duration and how many cards you may have registered on Curve;

Device information, such as your device model number, OS version and other device identifier(s).

Location information (i.e., where you are when you register your card), but only if location detection is enabled on your device at the time you register your card; and

Card information and billing address, which is sent to your card issuer, passing through our servers.

We provide this information to your card issuer so that it can authenticate cardholders, and detect and discourage fraud.

In addition to the disclosures to your card issuers described above, we may disclose your personal information to third parties for the following purposes:

To provide services you request in connection with Curve;

To check your identity and to identify, prevent, detect or tackle financial crime, including fraud, money laundering and other unauthorized conduct.

When you contact the Curve Support team for assistance via any means we may keep a record of your communications to respond to your query and to improve our service to you. Your call may be recorded for training or quality purposes.

To third parties involved in the process of providing services to us or you or performing functions on our behalf. Those third parties are only permitted to use your personal information for the purpose for which it has been provided and may not disclose it to any other third party except at our express direction and in accordance with this Notice.

To comply with law or a court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Curve, our employees, our customers, or others.

So basically…

We’re not using your data for any kind of marketing. We only ever share your ID and verification info when you’ve asked for a service that needs them or with…

a) Your bank when you register on Curve

b) Your card issuer when you pay to prevent fraud

c) Third parties who work with us who must follow our Privacy Policy

d) The Curve Support Team if you contact us

e) The police if they ask us!

Safeguarding Information – how we keep the information we collect secure

Curve employs commercially reasonable industry standards intended to safeguard your personal information.

Curve understands the importance of keeping your personal data secure. We will take appropriate technical and organisational measures to protect against unauthorised or unlawful processing, accidental loss or destruction of, or damage to personal data, although we cannot guarantee these things will never happen. No system is 100% safe from a sophisticated and sustained attack by determined hackers.

A selection of measures we take to protect your personal data are provided below:

- Using industry standard security technology and procedures to protect your information

- High-security password protection on internal Curve systems

- Encryption of our services using SSL (Secure Sockets Layer)

- Training of our employees on information security

- Continual review of our policies and procedures in response to advances in technology and security best practice

- Curve App access password protection

- Built in password protection on the Curve App preventing unauthorized people from accessing your account

- Limiting access to your data

- Measures to ensure access to Curve systems is limited to carefully selected Curve team members, as required to undertake their job

- All employees undergo data protection training and sign confidentiality agreements

So basically…

We actually have higher privacy standards than normal in the finance industry. That’s because we’re not using your data unless you let us. We also have a lot of safeguards in place both built into our tech and training our team. But we’ll want to be honest and say that no system is completely safe.

Location of your data

Curve’s servers are inside the European Union (EU), but may also be based in the US in future, and some of the tools and services we use may be hosted outside the EU. We want you to be aware that the laws regarding processing of personal information outside the EU may not be as rigorous as those within it. If we transfer your information to our servers, or a service provider or agent in another country outside the European Union, we will make sure that we and the service provider or agent agrees to apply the same levels of protection as we are required to apply to personal information held and processed in the UK and to use your information only for the purpose of providing the service to us.

So basically…

Good news! Our servers are based in the EU but if any of your information ever goes outside to a service provider elsewhere, we make sure they agree to protect your data just the same as it was in the UK.

Your rights

Under UK law, individuals have the right to request a copy of all personal information that We hold about them and have the right to request that incorrect information is amended. To do this, We will need to verify your identity and may charge a reasonable administration fee to provide a copy of your information. As before please remember that for legal or risk reasons we may be unable to amend or delete certain types of data. We will inform you of this following your request should this be the case.

So basically…

With good old data protection, you can ask us to provide your data anytime. We would need to check your ID and might have to charge a fee to put this together. There are some things the legal eagles won’t let us change or delete and you’d find that out when you make your request.