Platform
About
Impact
Resources
Company
Accessibility icon. When clicked, it opens the accessibility menu.
Book a demo
Sign in

Security

Data protection policy

Updated 20th February 2025. Bippit Ltd. is the data controller of your data, as defined in the Data Protection Act 2018 (DPA 2018) and General Data Protection Regulation (GDPR).

It is the policy of Bippit that all data collected and processed must follow strict rules to ensure privacy, security and compliance with various legal frameworks including the Data Protection Act 2018 (DPA 2018) and General Data Protection Regulation (GDPR).

Bippit is committed to protecting all data. As part of the firm’s commitment to GDPR, Bippit documents the type of data held on customers, where it came from and who within the firm has access to it. In complying with the principles of GDPR, the firm will also process personal data in a legal manner and respond to data breaches as per the Information Commissioner’s Office (ICO) guidelines.

Bippit ensures the security of your data via our information security management system (ISMS), and is certified and audited to the ISO27001:2022 security standard. A copy of our certification is available on request.

1. Personal data

Bippit collects personal data to provide its service. Only data relevant to the functioning of the service is collected and processed. The type of personal data collected differs depending on the type of service provided. This includes the use of Bippit’s website, the use of Bippit’s application (web application and iOS application) and being a customer of Bippit.

Data required to use the service

Bippit collects the following data from users during the signup process. This data is required to provide the service.

  • Gender
  • Marital status
  • Residency
  • Dependants
  • Living situation
  • Employment status
  • Gross salary
  • Mobile phone number

Optional data collected

Users may also choose to provide extra data to ensure the service can deliver value and be tailored to individual user’s circumstances. This data includes:

  • Financial data (including debt details)
  • Assets (including property)
  • Reporting and Service Improvement

Bippit may anonymise and aggregate this data to report to employers, coaches, and internal members of the Bippit team, to provide data on:

  • Service availability
  • Service effectiveness and value
  • Areas for improvement

2. Data retention

Personal data is stored as long as the user and/or customer is using Bippit, and may be stored for 6 years after that in order to comply with the law. In some circumstances, like cases of anti-money laundering or fraud, the firm may keep data longer if needed, or if the law requires it.

We will retain data (like name and email address) that can be used to identify you, as part of our contractual obligations with employers, and to enable and support any future investigations or audits as may be required by law.

3. Third parties

We do not disclose any Personal Data to any third-party other than to our contracted service providers and business partners that help us deliver the Service.

A number of third party processors and sub processors are used to process data on behalf of Bippit. The third parties are used for data storage, data analytics, and account information processing. Every third party entity undergoes a security and data protection review before being used by the firm to process data.

Where security and data protection procedures are not explicitly detailed, an agreement between the firm and the third party is drawn up and signed to cover all scenarios.

Data is not transferred outside of the EEA.

4. Training and monitoring

Bippit’s appointed Data Privacy Officer (DPO) is responsible for making sure all employees of Bippit are familiar with the data protection procedures set out in this document. This will be done through an onboarding session for new employees, and a yearly training course for existing employees.

The DPO also has the responsibility to conduct a yearly audit of the firm’s data protection procedures to ensure compliance.

As part of any new features planned, the data requirements are reported to the DPO to confirm the legitimacy of the required data, and to update this policy. Feature development in Bippit’s platform should be built with data protection in mind. This will be monitored and enforced by Bippit’s CISO.

All Bippit employees’ access to systems and devices will be monitored to ensure the principle of least privilege is maintained. Where an employee accesses data that is not needed for the role, access will be removed and an audit will be conducted.

5. GDPR

Bippit adheres to the regulatory framework set out by the EU General Data Protection Regulation and the Data Protection Act 2018 set out by the Information Commissioner’s Office. The DPO ensures compliance with the requirements.

All procedures for data processing are documented and reviewed. This includes:

  • Internal data protection policy
  • Privacy Policy
  • Employee Privacy Policy
  • Data Retention Policy
  • Data Retention Schedule
  • Data Subject Rights Procedures
  • Supplier Data Processing Agreement where applicable
  • Data Breach and Response Procedures

6. Data subject rights

Under GDPR, the rights that you have regarding the information we hold about you include the following.

  • Access the personal data we hold or to get a copy of it
  • Oblige us to correct inaccurate data
  • Ask us to delete, ‘block’ or suppress your data, though for legal reasons we may not always be able to grant this
  • Object to us using your data for direct marketing, and in certain circumstances ‘legitimate interests’, research, and analysis
  • Withdraw any consent you’ve previously given us regarding the Service

Where a request for data access, deletion, or correction under either the DPA or GDPR is received, the DPO will respond as soon as possible, and not more than 30 days from the initial request date.

Unless prohibited by law, the steps set out in Data Subject Rights Procedures will be carried out in accordance with the data subject’s request.

If you are a user of our service, and you request that your data be deleted, we will no longer be able to provide you with our services, and your account will be closed.

To request access or deletion of your data, contact Bippit’s DPO via email at dpo@bippit.com

7. Penny and use of AI at Bippit

Bippit uses AI technology to provide Penny, to make financial guidance more accessible. More information on how Penny works, how we protect and use your data, and other questions can be found in our FAQ page.

All data you share with Penny is classed as Personal Data and is secured and managed as defined earlier in this Privacy Policy. Technology components of Penny are provided by OpenAI and Microsoft. 

No data is stored by OpenAI or Microsoft, and all data is stored, analysed, and processed in the EEA.

Conversations with Penny are monitored to ensure they meet the terms of service of Bippit and our technology partners OpenAI and Microsoft, that they are legal, not malicious, are accurate and relevant, and that there are no safeguarding concerns.

Conversations with Penny are encrypted in transit and at rest. Conversations are shared with your coach to enable them to provide tailored and accurate guidance.

Anonymised statistics from interactions with Penny are used by Bippit to monitor and improve the services we offer you, and a subset of anonymised statistical data may be shared with employers. 

No conversation data or interactions with Penny will ever be shared with your employer or other third parties.

Bippit is compliant with the EU AI Act, and is a provider of low-risk AI. All interactions with Penny, and your rights as a data subject, are covered by the UK Data Protection Act 2018 (DPA 2018) and the EU General Data Protection Regulation (GDPR), without exception.

8. More information

If you require more information including Bippit’s full Data Protection documentation, please contact info@bippit.com

Cookie policy

Updated 20th February 2025. By visiting Bippit’s Website or App, you agree to the Terms of use. We’re committed to protecting and respecting your privacy. If you have any questions about your personal information please email us at info@bippit.com

1. Types of cookie

Understanding cookie varieties

Cookies are categorised into several types, each serving distinct functions:

Session Cookies: These cookies are temporary and are deleted from your device once you close your web browser. They are essential for the proper functioning of our Website, allowing you to navigate pages and access secure areas.

Persistent Cookies: Persistent cookies remain on your device after you leave our Website. They are employed to recognize you when you return, providing a more personalised and streamlined experience. These cookies also help us gather analytical data to enhance our services.

Third-party Cookies: Third-party cookies are set by domains other than Bippit. They come into play when our Website integrates content or services from external providers, such as social media platforms or advertising networks. These cookies enable these third parties to track your online activities and may be used to display targeted advertisements on other websites.

Strictly Necessary Cookies: These cookies are essential for the operation of our Website and cannot be disabled in our systems. They are typically set in response to actions you take on our site, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block these cookies, but some parts of the site may not function correctly.

Performance Cookies: Performance cookies collect information about how you use our Website, such as which pages you visit most often and any error messages you may encounter. These cookies help us improve the site’s performance and your user experience.

Functionality Cookies: Functionality cookies enable our Website to remember choices you make, such as your preferred language or region. They enhance your personalised experience by tailoring content to your preferences.

Targeting Cookies: Targeting cookies are used to deliver content that is more relevant to you and your interests. They may be employed by advertising networks to display advertisements that match your online behaviour.

Please note that you can manage your cookie preferences by adjusting your browser settings, as described in Section 5 of this Cookie Policy.

2. Your preferences

Cookies help us improve your website experience

By keeping track of how many times you’ve visited, how long you’ve spent, and what you’ve done. That means the site can show you things which are relevant based on information you’ve entered and what you’ve looked at. Cookies never store any of your banking information.

3. When you visit our site

We analyse how you navigate the pages

Session and Persistent Cookies can improve the site and give you a better experience. Session cookies let us see where you spend your time, and work out which bits are most useful. Persistent cookies let us remember you on future visits, improving your experience of services or functions offered.

4. Third-party cookies

We might work with others to show you things that interest you

As an example, if you visit the Website and see some information about energy switching, we could use cookies to show you relevant offers because we think it would be something you’re interested in. Third-party cookies work by sharing your browser identification with the third-party, so they can show you ads on their sites.

5. Turning cookies off

It depends on your web browser

When you visit the Bippit website, a cookie banner will appear, enabling you to set your cookie preferences. If you click ‘Accept’ you will be accepting all cookies as per this policy. If you click ‘More options’, we will only use Necessary cookies. To personalise your cookie preferences, click ‘Cookie Settings’ to manually accept or decline the different types of cookies on our website.

You can also switch off cookies in your browser. Exactly how to do it depends on your browser or phone settings. Try looking in your ‘Help’ section, or searching for ‘How to block cookies’.

If you turn cookies off, you might still see ads for Bippit on other sites. But they’ll be general, and not based on your specific information.

6. Changes to this policy

If we need to update our Terms it will be shown on this page

We will sometimes need to make changes to our Cookie policy, which could happen when laws or regulations change, or when we introduce new features, products, or content to the Service. Any new terms will take effect from the next time you use the Service.

When our Terms are updated, the new version will be posted on Bippit’s Website, and if there are significant changes we’ll let you know by email. If you don’t agree to the new Terms you must stop using the Service. If you continue to use the Service, it will mean that you accept the new Terms.

7. Cookie schedule

The specific cookies we include on the Website

Below is a list of the cookies we use. We have tried to ensure it is complete and up to date but if you think we have missed a cookie or there is a discrepancy, please let us know by emailing info@bippit.com

LinkedIn icon. When clicked, it opens Bippit's LinkedIn page in a new tab.

info@bippit.com

© 2025 All Rights Reserved
By visiting this website you agree to our cookie and privacy policy
Regulated by the FCA (No. 845814)
Your data is protected by the ICO (No. ZA533579)

Platform
Our service
Our coaches
Terms and conditions
Security
About
Why Bippit
Why financial wellbeing
Our mission
Impact
Clients
Users
Employer NICs
Resources
Case studies
Handbooks
Blog
Webinars
Company
FAQ
Become a coach
Press
ISO 27001 UKAS badgeGDPR compliant badge