Skip to main content

Is My Data Safe?

How we protect your personal information

Updated over 3 months ago

We take the security of your personal data seriously. Here's how we protect it.

How we protect your data

We use multiple layers of security to keep your information safe:

  • 256-bit TLS encryption – your data is encrypted when it travels between your device and our servers

  • Secure data centres – your information is stored in protected, monitored environments

  • Read-only bank access – we can view your transactions to power saving rules, but we cannot move money or make changes to your bank account

  • We never store your bank login credentials – when you connect your bank, you authenticate directly with your bank, not through us

What data we collect

We collect information necessary to provide our services, including:

  • Personal details (name, address, date of birth, National Insurance number)

  • Contact information (email, phone number)

  • Financial information (bank transactions for saving rules, pension contributions)

  • Identity documents (for verification purposes)

We only collect what we need, and we're transparent about how we use it.

Who we share data with

We share your data only where necessary to provide our services:

  • Quai Investment Services Ltd – to administer your SIPP

  • Legal & General Investment Management – to manage your investments

  • Identity verification providers – to verify your identity

  • Open Banking providers – to connect to your bank account

We never sell your data to third parties for marketing purposes.

Your rights under GDPR

Under data protection law, you have the right to:

  • Access the data we hold about you

  • Request correction of inaccurate data

  • Request deletion of your data (subject to legal requirements)

  • Object to certain processing of your data

  • Request a copy of your data in a portable format

To exercise any of these rights, contact us at hello@joinchest.com.

Data retention

We keep your data for as long as necessary to provide our services and meet our legal obligations. Financial records must be retained for a minimum period under regulatory requirements.

If something goes wrong

In the unlikely event of a data breach, we have procedures in place to respond quickly, notify affected customers, and report to the Information Commissioner's Office (ICO) where required.

Still need help?

If you have questions about your data or our privacy practices, contact us at hello@joinchest.com. Our full Privacy Policy is available in the app under My Account → Documents.

Did this answer your question?