Last updated: 6 June 2026
Steerplan Ltd (“we”, “us”, “our”), a company registered in England and Wales (Company No. 16633884) with its registered office at 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE, United Kingdom, operates the Steerplan mobile application and the Steerplan web properties. We are registered with the UK Information Commissioner's Office under reference ZC105156. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Steerplan acts as the Data Controller for the personal data described below.
Account data: Name, email address, and profile picture provided through your single sign-on (SSO) provider via our authentication partner.
Financial data: Bank transaction data (amounts, dates, descriptions, merchant names) accessed read-only through Yapily Connect Ltd, our FCA-authorised Open Banking provider.
App usage data: Income sources, budgets, reminders, and spending categories you create within the App.
AI conversation data: Messages you send to the AI assistant and the responses generated.
Subscription data: Subscription status and billing information managed by our subscription management partner and the platform's app marketplace. We do not directly access your payment card details.
Website analytics and interaction data: When you visit our public websites, we collect pages viewed, clicks, scrolls and other interaction events (used to build aggregate heatmaps), device and browser type, and approximate location derived from your IP address. We also capture pseudonymous session replays of your visit, with all input fields (such as the waitlist email box) masked so the values you type are not recorded. See section 7 for detail.
We use your data to:
We process your personal data under the following lawful bases under UK GDPR Article 6:
When you connect a bank account, Yapily Connect Ltd accesses your transaction data on your behalf as our FCA-authorised Open Banking provider. Steerplan Ltd is registered as a PSD Agent of Yapily Connect Ltd on the FCA Financial Services Register, authorised to provide Account Information Services (AIS) only.
Our access is strictly read-only. We can see your transactions and balances, but we cannot initiate payments, transfers, standing orders, or any other movement of money. We never receive your banking login credentials, and consent must be reconfirmed every 90 days under FCA rules.
You can revoke bank access at any time through the App's settings or directly with your bank. When you revoke, we delete the consent on Yapily's side as well as our own.
Your financial data and messages are processed by a third-party large language model provider to provide insights and categorisation. Data sent to the AI provider is used solely for generating your responses and is not used to train AI models. We send only the data necessary to fulfil your request.
To understand how visitors use our public websites and to improve them, we use the analytics tools below. This applies to our websites only, not to your bank data or AI conversations.
Product analytics and heatmaps (PostHog): PostHog, hosted in the European Union, collects pages viewed, clicks, scrolls and other interaction events, your device and browser type, and approximate location derived from your IP address. This powers aggregate heatmaps and usage analytics. It also records pseudonymous session replays of website visits so we can diagnose usability issues. All input fields, including the waitlist email box, are masked, so the text you type is never captured. We do not create identified profiles for anonymous visitors, and we route this data through our own domain. PostHog acts as our data processor under a data processing agreement.
Aggregate traffic and performance (Vercel): We use a privacy-friendly, cookieless provider for aggregate visitor counts and page-performance metrics. This data is anonymous and is not tied to you as an individual.
Cookies and similar technologies: PostHog stores a pseudonymous identifier (via cookies or local storage) to recognise a returning browser within a session. We ask for your consent before any analytics or session-recording technology runs: on your first visit a cookie banner lets you accept or decline, and PostHog is not loaded and sets no cookies unless you accept. You can also opt out using your browser's tracking protection or an ad-blocker, by sending a Global Privacy Control or Do Not Track signal, or by emailing privacy@steerplan.com. Opting out does not affect your ability to use our websites.
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. AI conversation history is retained for the duration of your account.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us at privacy@steerplan.com. We will respond within one calendar month.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or on 0303 123 1113.
We prefer providers with UK or EU data residency. Our product-analytics and session-recording provider (PostHog) is hosted in the European Union. Where a service provider processes data outside the UK/EU (currently our AI provider, our subscription management provider, and our website hosting and aggregate-analytics provider, based in the USA), we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as published by each provider. We conduct a Transfer Impact Assessment for each such transfer and send only the minimum data necessary for the processing purpose.
We implement appropriate technical and organisational measures to protect your personal data, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, multi-factor authentication on administrative accounts, least-privilege access controls, and continuous vulnerability scanning of our software dependencies. Our primary data stores hold SOC 2 Type II certification.
Steerplan is not intended for users under 18 years of age. We do not knowingly collect data from children.
We may update this Privacy Policy from time to time. We will notify you of material changes through the App.
For privacy-related enquiries, contact us at privacy@steerplan.com.
Steerplan Ltd (Company No. 16633884)
3rd Floor, 86-90 Paul Street
London, England, EC2A 4NE
United Kingdom