Last updated: 2026-04-25 · Version 1.0 · © 2025 Open Finance Infrastructure Ltd.
Open Finance Infrastructure Ltd. ("we", "us") provides the OpenBanqing platform. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have under GDPR, UK GDPR, and other applicable laws.
Account data (name, email, organisation), authentication data (hashed credentials, MFA tokens), telemetry (API request metadata, IP, user-agent), and platform data you submit via the APIs (transactions, account references, payment instructions). We do NOT sell personal data.
We process data on the basis of: (a) contract performance — to deliver the Services you subscribe to; (b) legitimate interest — security, fraud prevention, service improvement; (c) legal obligation — anti-money-laundering, tax, regulatory reporting; (d) consent — for any optional analytics.
Operational data: 7 years for financial transactions (regulatory minimum). Telemetry: 90 days. Audit logs: 7 years. Marketing data: until consent withdrawal. Backups: 30-day rolling window.
We share data with: (a) sub-processors listed in our DPA (cloud hosting, observability, payment networks); (b) regulators and auditors as required; (c) successors in a merger or acquisition; (d) law enforcement under valid legal process. All sub-processors are bound by data-protection terms equivalent to GDPR Art. 28.
Data is hosted in the EU/EEA and UK. Where transfers outside the EEA are necessary, we rely on Standard Contractual Clauses (Decision 2021/914) and supplementary measures (encryption at rest and in transit, pseudonymisation).
You have the right to: access, rectification, erasure, restriction, portability, and objection. To exercise these rights, contact [email protected]. You may also lodge a complaint with the UK ICO (ico.org.uk) or your national supervisory authority.
We implement TLS 1.3 in transit, AES-256 at rest, role-based access control with Cerbos ABAC policies, audit trails on every data access, encrypted backups, and ISO 27001 / SOC 2 Type II controls.
See our Cookie Policy at /legal/cookies for details on cookies and similar technologies, including how to manage your preferences.
We may update this Privacy Policy. Material changes will be announced via email and a banner on the platform 30 days before they take effect.
Data Protection Officer: [email protected]. Postal: registered office of OpenBanqing Ltd.