Privacy Policy

Last updated: March 2025

Please read this Privacy Policy carefully. It explains who we are, what personal data we collect about you, why we collect it, how we use it, who we share it with, how long we keep it, and what your rights are.

 

1. Who We Are

1.1 The Platform is operated by Tuck Technology Limited (trading as "tuck."), a company registered in England and Wales under company number 12857517. Our registered office is at St Martins House, 7 Peacock Lane, Leicester, LE1 5PZ.

1.2 For the purposes of UK data protection law, Tuck Technology Limited is the data controller.

1.3 If you have any questions, please contact us at: support@tuckapp.co.

1.4 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO) at: https://ico.org.uk/concerns/ or by telephone on 0303 123 1113.

 

2. The Data We Collect About You

We collect, use, store and transfer different types of personal data:

 

(a) Identity Data - your first name, last name, date of birth, and photograph (submitted as part of KYC).

(b) Contact Data - your email address, phone number, and correspondence address.

(c) Financial Data - bank account details provided for withdrawal processing; payment card details where applicable.

(d) Transaction Data - details of cashback card purchases, rewards earned, withdrawal requests.

(e) Verification Data - photographic identity documents and selfie images submitted during KYC.

(f) Technical Data - device type, IP address, login data, browser type, time zone, operating system.

(g) Usage Data - pages visited, features used, session duration, in-app behaviour.

(h) Profile Data - username, preferences, cashback balance, purchase history, feedback.

(i) Marketing and Communications Data - your preferences for receiving marketing.

 

We do not intentionally collect Special Categories of Personal Data.

 

3. How We Collect Your Data

Direct interactions - when you register, complete KYC, purchase a cashback card, request a withdrawal, contact support, or respond to surveys.

Automated technologies - cookies, server logs, and similar tracking technologies.

Third parties - Plaid (Open Banking), KYC verification provider, Google Analytics, and cloud infrastructure providers.

 

4. How We Use Your Personal Data

We only use your personal data where we have a lawful basis under UK GDPR:

 

(a) Performance of contract - register you, process purchases, manage your account.

(b) Legal obligation - conduct KYC, process withdrawals, fraud prevention.

(c) Legitimate interests - improve the Platform, analyse usage patterns, manage complaints.

(d) Consent - send marketing communications.

 

5. Marketing

5.1 We may send you information about products, services, and promotions where you have given us consent.

5.2 We will always obtain express opt-in consent before sharing your data with third parties for marketing.

5.3 You can opt out at any time by emailing support@tuckapp.co or using the unsubscribe link.

 

6. Who We Share Your Data With

We share your personal data with:

 

(a) Identity verification providers (KYC)

(b) Open Banking providers (Plaid)

(c) Cashback card and gift card providers (Tillo, Runa, Diggecard)

(d) Payment processors (Acquired, Ryft)

(e) Retail partners

(f) Analytics and technology providers (Google Analytics)

(g) Customer support providers

(h) Professional advisers

(i) Regulatory and law enforcement authorities

(j) Business transfers (merger, acquisition)

 

7. International Transfers

7.1 Some third-party service providers operate outside the UK or EEA.

7.2 We ensure appropriate protection via UK-approved standard contractual clauses (SCCs) or international data transfer agreements (IDTAs).

 

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. Please see our Cookie Policy for full details.

 

9. Data Security

9.1 We have appropriate technical and organisational security measures in place.

9.2 Access to your personal data is restricted to those with a legitimate business need.

9.3 We have procedures to detect, investigate, and respond to data breaches.

9.4 You are responsible for keeping your login credentials confidential.

 

10. Data Retention

10.1 We retain your personal data for as long as necessary to fulfil the purposes for which it was collected.

10.2 Account data: up to 6 years following account closure. KYC data: as required by anti-money laundering regulations. Transaction data: up to 6 years.

10.3 We may retain data longer where necessary for legal proceedings.

10.4 When no longer required, we will securely delete or anonymise it.

 

11. Your Rights

Under UK GDPR, you have the following rights:

 

11.1 Right of access - request a copy of data we hold about you.

11.2 Right to rectification - correct inaccurate or incomplete data.

11.3 Right to erasure - ask us to delete your data where there is no good reason to continue processing.

11.4 Right to restrict processing - suspend processing in certain circumstances.

11.5 Right to data portability - receive your data in a structured, machine-readable format.

11.6 Right to object - object to processing based on legitimate interests or for direct marketing.

11.7 Right to withdraw consent - where we rely on consent, withdraw it at any time.

11.8 Right to object to automated decision-making - we do not currently make solely automated decisions.

 

To exercise any rights, contact us at support@tuckapp.co.

 

12. Changes to This Privacy Policy

12.1 We review and update this policy from time to time.

12.2 Where we make material changes, we will notify you by email and by posting a notice on the Platform.

12.3 We encourage you to review this policy periodically.

 

13. Glossary

 

Controller - the entity that determines purposes and means of processing personal data.

Data processor - a third party that processes data on behalf of the controller.

ICO - the Information Commissioner's Office.

KYC - Know Your Customer.

Lawful basis - the legal ground under UK GDPR that justifies processing.

Legitimate interests - our interest in conducting our business.

Personal data - any information relating to an identified or identifiable living individual.

Processing - any operation performed on personal data.

UK GDPR - the UK General Data Protection Regulation.

 

Tuck Technology Limited | St Martins House, 7 Peacock Lane, Leicester, LE1 5PZ | Company No. 12857517 | support@tuckapp.co