Last updated: 14 April 2026
Steerplan Ltd (“we”, “us”, “our”), a company registered in England and Wales (Company No. 16633884) with its registered office at 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE, United Kingdom, operates the Steerplan mobile application and the Steerplan web properties. We are registered with the UK Information Commissioner's Office under reference ZC105156. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Steerplan acts as the Data Controller for the personal data described below.
Account data: Name, email address, and profile picture provided through your Google, Apple, or X authentication via Clerk.
Financial data: Bank transaction data (amounts, dates, descriptions, merchant names) accessed through Yapily Open Banking or uploaded via CSV files.
App usage data: Income sources, budgets, savings pots, reminders, and spending categories you create within the App.
AI conversation data: Messages you send to the AI assistant and the responses generated.
Subscription data: Subscription status and billing information managed by RevenueCat and Apple. We do not directly access your payment card details.
We use your data to:
We process your personal data under the following lawful bases under UK GDPR Article 6:
When you connect a bank account, Yapily (an FCA-authorised provider) accesses your transaction data on your behalf. We receive transaction details but never your banking login credentials. You can revoke bank access at any time through the App's settings or directly with your bank.
Your financial data and messages are processed by Anthropic's Claude AI to provide insights and categorisation. Data sent to the AI is used solely for generating your responses and is not used to train AI models. We send only the data necessary to fulfil your request.
We use the following third-party services:
Each provider operates under their own privacy policy and data processing agreements.
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. AI conversation history is retained for the duration of your account.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us at privacy@steerplan.com. We will respond within one calendar month.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or on 0303 123 1113.
We prefer providers with UK or EU data residency. Where a service provider processes data outside the UK/EU — currently Anthropic (Claude AI, USA) and RevenueCat (subscription management, USA) — we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as published by each provider. We conduct a Transfer Impact Assessment for each such transfer and send only the minimum data necessary for the processing purpose.
We implement appropriate technical and organisational measures to protect your personal data, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, multi-factor authentication on administrative accounts, least-privilege access controls, and continuous vulnerability scanning of our software dependencies. Our primary data stores (Supabase, Upstash, Clerk) hold SOC 2 Type II certification.
Steerplan is not intended for users under 18 years of age. We do not knowingly collect data from children.
We may update this Privacy Policy from time to time. We will notify you of material changes through the App.
For privacy-related enquiries, contact us at privacy@steerplan.com.
Steerplan Ltd (Company No. 16633884)
3rd Floor, 86-90 Paul Street
London, England, EC2A 4NE
United Kingdom