Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong. Take two mins to learn more.

Privacy Policy

Zumo Financial Services Limited February 2022


Please read this privacy policy very carefully and if you have any queries. This is the privacy policy (Privacy Policy) of Zumo Financial Services Limited (trading as Zumo), a private limited company registered in Scotland with company number SC583644 (we/us). Our registration number at the Information Commissioner’s Office is ZA557459.

This Privacy Policy sets out how and why we use your personal information when you use our app and services (called Zumo) and website (

How to contact us

If you need to contact us, you can do so by emailing us at We will communicate with you in English.

The information we hold about you

We collect the following types of information when you sign up for a Zumo account, use our services and interact with us:

  • Personal details like your name, address and date of birth.
  • Contact details like your email address and phone number.
  • Information about your identity, such as a copy of your ID document and a liveness video of yourself.
  • Information on your device and location, such as your device ID, operating system and IP address.
  • Information you give us through our customer support channels, such as when you contact us by email or through social media.
  • Details about transactions relating to your Zumo account.
  • Details about how you use our app.
  • Information and answers you give to us, such as when completing a feedback survey or entering a promotion we are running.

We collect the following types of information from other sources

When you sign up for a Zumo account we perform checks at:

  • Credit reference agencies to verify the identity information you have provided to us, as part of complying with our legal duties. These checks consist of a ‘soft search’ and do not impact your credit score.
  • KYC (Know Your Customer) and AML (Anti Money Laundering) service providers, as part of complying with our legal duties.

For more information about who we share data with please see ‘Who we share your data with and why’ below.
We may also collect information about you from public sources for AML reasons, such as official public records or information published by the press or on social media.

We collect the following types of information, on occasion, from third parties where you have given your prior consent for them to share the information with us, for the purpose of participating in promotional events:

  • Personal details like your name and Zumo username, if you already have one.
  • Contact details like your email address and phone number.

How and why we use your information

We’re required to have a lawful basis for using your personal data. This means one of the following must apply: contractual duty, legal duty, legitimate interest, public interest, vital individual interest or consent. This section explains which one we rely on when we are using your data in a certain way.

Contractual duty

This is when we need to use your data for a contractual duty we have with you, or to enter into a contract with you.
We use information about you to:

  • Consider your application for a Zumo account to assess whether it meets our terms and conditions.
  • Give you the services we agreed to in line with our terms and conditions.
  • Send you messages about your account and other services you use if you get in touch, or we need to tell you about something.
  • Exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us.
  • Investigate and resolve complaints and other issues.

Legal duty

This is when we need to use your data to comply with a legal duty. We use information about you to:

  • Confirm the identity information you have provided when you sign up or get in touch.
  • Checking the identity information you have provided to us against records at anti-money laundering and data bureaus.
  • Monitor activity to prevent illegal acts like money laundering and fraud.
  • Keep records of information we hold about you and your account in accordance with legal requirements relating to record keeping.
  • Comply with financial laws and regulations (these mean we sometimes need to share customer details with regulators, law enforcement or other third parties).

Legitimate interest

We use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights. The situations where we do this are set out below.

i) Product development and marketing. We:

  • Tell you about products and services through the app or other channels based on how you use our products and services.
  • Track and analyse how you use the services so we can and improve the services we give you and other customers. We may ask for feedback if you’ve shown interest in or used a particular aspect of our service. We do this so that we can make our products better and understand how to market them.

ii) Security and business management. We:

  • Protect the rights, property or safety of us, our customers or others.
  • Carry out security and maintenance checks to make sure our app, website and other services run smoothly for you.
  • Manage our business risk, financial affairs (including to enforce or apply any agreement with you or our suppliers) and to protect the rights, property and safety of us, our staff, our customers and others.

iii) Companies that give services to us. We:

  • Share your information with companies so they can help us provide our services (see ‘Who we share your data with and why’ below).


We ask for your consent to:

  • Send you certain types of marketing, such as that by email or push notification.
  • Show your profile picture in the app if you add one.

You can withdraw your consent at any time by unsubscribing from such marketing, or deleting your profile picture in the app.

The nature of cryptoassets and blockchain

Your Zumo account includes a cryptoasset wallet which is non-custodial. Transfers to and from your cryptoasset wallet take place directly on the blockchain for that cryptoasset. The blockchain is a publicly viewable ledger. This means your transactions can be identified and viewed from this ledger. This is a design feature of the blockchain and Zumo has no control over this.

You can choose to keep your address hidden in the app, but this will not necessarily stop it from being identifiable to others. For example, if a Zumo contact sends you Bitcoin, that contact can look at their transaction on the blockchain to identify the address (i.e. your address) it was sent to and use that to look at your other transactions. Similarly, if you give your Zumo wallet address to a friend so they can send Bitcoin to it, they can also use your address to look at your transactions on the blockchain.

Who we share your data with and why

Companies that provide services

We share your data with companies that help us provide the services you use and which need to process details about you for this reason. These are:

  • Our e-money account and payment provider is Modulr. Here is a link to Modulr’s privacy notice that will also apply to you – privacy-policy
  • Data storage providers, which include Amazon Web Services, Google Cloud, and Very Good Security.
  • Our open-banking service provider that helps us comply with regulatory obligations in this area, which is Salt Edge.
  • Software companies that we use to send and receive communications with you to provide our customer support (Zendesk) and to send communications (such as legal, service and marketing) by email (Force24).
  • Our KYC and AML service providers that help us comply with our regulatory obligations.
  • Companies that help us with software development and functional analytics (for example to help us solve technical issues with the app).
  • Companies that help us with marketing.

The provision of some of these services also makes use of cookies.


We work in conjunction with a marketing partner Force24 to sometimes email promotional information and/or contractual information. Accessing promotional information and contractual information is often done via the Force24 Platform. Cookies are used on this Platform to monitor visitors and the type of material accessed, for more details please see our Cookie Policy


Zumo uses Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.”
Further information on how we use cookies can be found in our Cookies Policy here:

Law enforcement and other external parties

We may share your details with:

  • Authorities that stop financial crime, money laundering, terrorism and tax evasion when we have a legal duty to do so, or if it’s necessary for other reasons.
  • The police, courts or dispute resolution bodies if we have to.
  • Other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment.
  • Any other third parties where necessary to meet our legal obligations.

How long we keep your information

We’re required to keep most of your data for as long as you are a Zumo customer and then for at least 5 years after that time. This is a regulatory requirement which means this period of time can change to stay in line with any change in regulations. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to for a legitimate interest and/or the law says we have to.
To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

Your rights

You have a right to:

  • Access the personal data we hold about you, or to get a copy of it.
  • Make us correct inaccurate data.
  • Ask us to delete your data. This can sometimes be a limited right where our other duties prevent us from doing so. For example, if you asked us to delete your identity and transaction data, we would not be able to do this, as we have a legal duty to keep it under anti-money laundering regulations (see the section ‘How long we keep your information’).
  • Say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances.
  • Withdraw any consent you’ve given us.
  • Ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else.

To do any of these things, please contact us by emailing

Where we store or send your data

We may transfer and store the data we collect from you to organisations outside the UK. When we do this we make sure your data is protected. We also make sure it is either a country that the UK states has adequate data protection standards, or we have European Commission approved standard contractual clauses in place with the relevant organisation.

How to make a complaint

If you have a complaint about how we use your personal information, please contact us by emailing We will communicate with you in English and you should let us know if any of your contact details change.

Complaints If you’re still not happy you can raise your complaint to the Information Commissioner’s Office (ICO). For more details please visit the ICO’s website at

Changes to this policy

We’ll post any changes we make to this Privacy Policy on this page and if they’re significant changes we’ll let you know by email.