Our
Privacy
Policy
Privacy Policy
Last updated: August 18, 2025
This privacy notice, our Terms and any additional terms of use incorporated by reference into the Terms for Tail Offers Limited, trading as Verve (“Verve”, “we”, “us” or “our”), a company registered in England and Wales under Company Number 10008580, describes how and why we might collect, store, use and/or share (“process”) your information when you use the Verve mobile application (the “App”) and any related interactive, supplemental, and informational services made available to you (the “Services”) on any media platform (together the “Platform”).
Your use of our Services and Platform may include:
- Visiting our website at https://verve.cash, or any website of ours which links to this privacy notice
- Downloading and using our Verve mobile application
- Engaging with us in other related ways, including but not limited to any sales, marketing, social media platforms, communications of any kind, meetings and/or events
This privacy notice applies to all personal information we process in connection with these activities.
Contents
- Contact Details
- Information We Don’t Collect
- What Information We Collect, Use, and Why
- Our Lawful Bases and Your Data Protection Rights
- Where We Get Personal Information From
- How Long We Keep Information
- Who We Share Information With
- How We Keep Your Information Safe
- Changes to this Privacy Notice
- How to Complain
Contact Details
Tail Offers Limited, trading as Verve
- Address: 15 Belgrave Square, London, England, SW1X 8PS
- Email: privacy@verve.cash
- Group Compliance Officer: Steven Newman
- Company Registration: England and Wales, Company Number 10008580
- FCA Registration: Account Information Services Provider (AISP), FRN: 791697
- ICO Registration: ZA288358
For all privacy-related inquiries, data protection rights requests, and compliance matters, please use the contact information above. Our Compliance Officer oversees data protection matters and will ensure your inquiry is handled appropriately.
What Information We Don’t Collect
For clarity, we do not collect any data related to convictions or criminal offences. We also do not collect nor infer any Special Categories of Personal Data about you, which include:
- Racial or ethnic origin
- Religious or philosophical beliefs
- Sex life or orientation
- Political opinions
- Trade union membership
- Health
- Genetic or biometric data
If you inadvertently provide any of this information to us, please contact us immediately so we can delete it from our systems.
Children’s Privacy
Our Platform is intended for users 18+ years of age, and is not intended for children. We do not knowingly market to or collect data from children under our user age requirement.
If we learn that personal information has been collected from users who do not meet our age requirement, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of data we may have unknowingly collected from children under 18 years of age, please contact us immediately using the contact details above.
What Information We Collect, Use, and Why
Consequences of Not Providing Personal Data
If you fail to provide personal data where we need to collect it by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may need to cancel a product or service you have with us and notify you of such action.
How We Use Your Information
We collect and use this information for the following purposes:
Service Delivery and Account Management
We collect and use the following information to provide our services, manage your account, and process transactions:
Personal Information:
-
- Names and contact details
- Payment details (including card or bank information for transfers and direct debits)
- Purchase and account history
- Account information and settings
- Authentication and security information
- Records of meetings, decisions, and customer interactions
- Information relating to compliments, complaints, or support queries
Technical and Usage Information:
-
- App version and browser type/version
- IP address and approximate location derived from IP address
- Precise location data (only if you grant permission)
- App interactions and user journey information
- Page views and time spent on different sections
- Key events and user actions within the app
- Device information and operating system details
- Crash logs and error reports for troubleshooting
Marketing and Communications
We collect and use the following information for service updates and marketing purposes:
Personal Information:
-
- Names and contact details
- Marketing preferences and consent status
- Purchase and viewing history
- Demographic and interest data for personalised content
Technical and Behavioural Data:
-
- App usage patterns and interaction data
- Page views, session duration, and navigation paths
- Device and browser information for content optimisation
- Location data (with permission) for location-based offers
Communication Preferences: We distinguish between two types of communications:
-
- Service Communications: Non-promotional messages containing necessary legal, administrative, or customer service information (mandatory for service provision)
- Marketing Communications: Promotional messages about Brands, products, services, or offers (optional – you can unsubscribe at any time by emailing contact@verve.cash)
Customer Support and Legal Compliance
We collect and use the following information for handling queries, complaints, legal obligations, and fraud prevention:
- Contact and account information
- Transaction and financial information
- Communication records and case histories
- Relevant information from previous investigations
- Identity verification documents when required
Automated Processing and Profiling
In order to provide you with more tailored Services and offer content most relevant to you, we will process and evaluate your transaction data, where available with permissions, in regards to the type and location of prior purchases you have made as well as location data of app usage.
This automated processing helps us to:
- Personalise your app experience and content
- Show you relevant offers and promotions
- Improve our service recommendations
- Provide location-based services and offers
Your Rights: Our mobile app is fundamentally designed to provide you with the best possible offers based on your historical spending data, which is essential to our service delivery. While this automated processing is necessary for the core functionality of our Services, under data protection law you have the right to:
- Request information about the automated processing we conduct
- Request human review of automated decisions that have legal or significant effects on you
- Challenge any automated decisions that produce legal or similarly significant effects
- Receive explanations about the logic involved in automated decision-making
Please note that opting out of our core automated processing would prevent us from providing our personalised cashback service, as this functionality is integral to how our Platform operates. However, you can adjust your marketing preferences and limit certain types of automated processing for promotional purposes through the app settings.
You can exercise these rights by contacting us using the Contact Details above.
Our Lawful Bases and Your Data Protection Rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. We rely on the following lawful bases:
Our Lawful Bases
Consent
- Used for: Marketing communications, non-essential cookies, optional features
- Your rights: You can withdraw consent at any time through app settings or by contacting us
Contract
- Used for: Account creation, service delivery, payment processing, essential app functionality
- Your rights: All data protection rights apply except the right to object (as this processing is necessary for our contract with you)
Legitimate Interests
- Used for: Service improvement, fraud prevention, analytics, personalised content delivery, app performance monitoring
- Our legitimate interests include:
- Service Optimisation: Improving app features, analysing user behaviour, monitoring app performance, fixing bugs and crashes, and personalising your experience
- Security and Fraud Prevention: Using IP addresses and usage patterns to detect suspicious activity and protect our users
- Business Operations: Understanding how users interact with our app, measuring feature effectiveness, and operational efficiency
- Technical Maintenance: Crash reporting, error logs, and performance monitoring to ensure app stability
- Your rights: All rights apply except data portability
Legal Obligation
- Used for: Regulatory compliance, tax obligations, anti-money laundering checks
- Your rights: All rights apply except erasure, objection, and data portability
From time to time, where applicable, processing your personal information may also be for reasons of:
Vital Interests
- Used for: Collecting or using information when someone’s physical or mental health or wellbeing is at urgent or serious risk
- Your rights: All data protection rights may apply, except the right to object and the right to portability
Public Task
- Used for: Carrying out tasks laid down in law, which the law intends to be performed by an organisation such as ours
- Your rights: All data protection rights may apply, except the right to erasure and the right to portability
Your Data Protection Rights
You have the following rights regarding your personal information:
- Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
- Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
- Your right to erasure – You have the right to ask us to delete your personal information.
- Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information.
- Your right to object to processing – You have the right to object to the processing of your personal data.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
- Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.
How to Exercise Your Rights
Making a Request
To make a data protection rights request, please contact us using the contact details above.
Identity Verification
When you make a request, we may need to ask for specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
Response Times and Process
We will consider and act upon any request in accordance with applicable data protection laws. We must respond to you without undue delay and in any event within one month. Occasionally, we could require additional time if your request is particularly complex or you have made several requests. In any case, we will notify you and keep you updated as to expected timings.
Fees
You will not have to pay a fee to access your personal data or exercise any of the other rights. However, we may charge a reasonable fee if your request(s) is/are reasonably unfounded, repetitive, or excessive. Alternatively, under the same circumstances, we could refuse to comply with your request either in part or in full.
Where We Get Personal Information From
- Directly from you when you register, use our services or Platform, contact or otherwise engage with us
- Automatically from your device and app usage including:
- Technical data (IP address, device type, app version, browser information)
- Usage analytics (page views, session duration, app interactions, key events)
- Performance data (crash logs, error reports, loading times)
- Location data (precise location with your permission, approximate location from IP address), if enabled by you
- Affiliate marketing data (click tracking, referral information, commission data)
- Gift card interaction data (browsing, purchase preferences, redemption patterns)
- Partnership performance data (engagement metrics, conversion tracking)
- Third parties including:
- Payment processors and financial institutions including open banking payment services
- Service providers (authentication verification services, analytics, performance, user engagement metrics, social features integration, and advertising services for personalized marketing where consented)
- Gift card providers (purchase and redemption data)
- Affiliate networks (marketing attribution, performance metrics, conversion attribution, referral and partnership tracking)
- Participating Brands (When you click from our App to a Brand, your browser may redirect you via an affiliate network which drops a cookie on your device. This cookie stores tracking information so that when you visit the same Brand, purchases made will result in the Brand knowing you and your purchase were referred by us. No personal information is involved in this affiliate tracking process.)
- Other marketing partners
- Publicly available sources where necessary for verification
Cookies and Tracking Technologies
We use cookies and similar technologies in our App and website for essential functionality, performance monitoring, and marketing purposes. This includes:
Essential Cookies:
- Authentication session cookies for secure login management
- CSRF protection tokens to prevent security attacks
- Session management and user authentication state
Website Cookie Consent Management:
When you visit our website (verve.cash), we use GDPR Cookie Consent plugin cookies to manage your cookie preferences:
- cookielawinfo-checkbox-analytics (11 months): Stores your consent for analytics cookies
- cookielawinfo-checkbox-functional (11 months): Records your consent for functional cookies
- cookielawinfo-checkbox-necessary (11 months): Stores your consent for necessary cookies
- cookielawinfo-checkbox-others (11 months): Records your consent for other cookie categories
- cookielawinfo-checkbox-performance (11 months): Stores your consent for performance cookies
- viewed_cookie_policy (11 months): Tracks whether you have consented to cookie use (contains no personal data)
Performance and Analytics Cookies:
- App and website authentication, usage analytics and performance monitoring
- Crash reporting and error tracking
- User experience optimisation data, distinction and tracking
Marketing and Advertising Cookies:
- Affiliate marketing tracking for commission attribution
- Cross-device advertising attribution
- Personalised content delivery
- Campaign effectiveness measurement
Third-Party Cookies:
- Website statistics and user behaviour
- Affiliate network tracking
- Social media integration features and tracking
You can manage your cookie preferences through your device settings, app preferences, or through the cookie consent banner on our website. Essential cookies cannot be disabled as they’re necessary for app and website functionality.
For detailed information about specific cookies, their purposes, retention periods, and your control options, please see our comprehensive Cookie Policy.
How Long We Keep Information
We keep your personal information for as long as necessary to provide our services and comply with legal obligations:
Account and Service Data:
- Account Information: Retained while your account is active, plus 7 years after account closure for regulatory compliance
- Transaction Records: 7 years from transaction date for tax and regulatory purposes
- Open Banking Data: Retained according to FCA requirements and consent duration
- Cashback and Rewards Data: Until redeemed or account closure
- Gift Card Data: Retained according to provider terms and consumer rights requirements
- Partnership Data: Affiliate and partnership performance data retained for 3 years for analytics and commission purposes
Operational Data:
- Gift Card Data: Retained according to Brand terms and statutory rights periods
- Customer Support Records: 3 years from case resolution for quality assurance
- Customer Service Inquiries: Records retained for 3 years to maintain service quality and resolve disputes
Marketing and Technical Data:
- Marketing Data: Until you withdraw consent or 3 years from last interaction
- Technical Data:
- App usage analytics: 2 years, then anonymised for trend analysis
- Crash logs and performance data: 1 year for debugging purposes
- IP address logs: 30 days for security monitoring
- Location Data: Deleted immediately after use unless you consent to longer storage for personalised services
- Affiliate Marketing Data: Commission and referral data retained for 3 years for financial and regulatory compliance
Account Activity Triggers:
- Inactive accounts: Accounts with no activity for 180+ days may be closed with potential forfeiture of unredeemed balances
- Open banking consent renewal: Regulatory compliance requires renewing open banking consent every 90 days; failure to reconsent may result in service limitations and potential data deletion
- Consent withdrawal: Open banking consent withdrawal may result in service limitation and data deletion
- Account deletion: User-initiated deletion results in potential forfeiture of unredeemed rewards and unused balances
For specific retention periods or deletion requests, please contact us.
Who We Share Information With
Data Processors
We work with trusted service providers who may process data on our behalf:
- Internal third parties including any current or future member of the Verve group of companies, which may entail subsidiaries or holding companies
- External third party service providers acting as processors who assist us in our Services, including: Platform hosting, infrastructure, authentication services, performance monitoring, user optimisation, analytics and crash reporting; marketing agencies and/or CRM; affiliate networks for tracking referrals, commissions and campaign attribution
All processors are contractually required to protect your data and use it only for specified purposes.
Other Data Sharing
We may from time to time as business, regulatory and legal obligations require share your information with:
- Accountancy services: Accounting, payroll, budget management, and financial reporting
- Professional advisors: Legal, financial, insurance and business consultants
- Potential buyers or investors: Should we choose to restructure, sell, transfer or merge parts of our business or our assets
- Regulatory authorities: When required by law or for compliance purposes
- Financial institutions: For payment processing and fraud prevention
- External auditors: For compliance and audit purposes
- Warranty providers: For product guarantees and support services
- Law enforcement: When legally required or to protect our users and services
We never sell your personal information to third parties for their own marketing purposes.
International Data Transfers
The data we collect from you may be transferred to and stored at a destination outside of the European Economic Area. It may also be processed by staff operating outside of the EEA who work for us or for one of our suppliers in their provision of services to us. By submitting your personal data, you agree to this transfer, storing, and/or processing. We will take all reasonably necessary steps to ensure your data is treated securely with adequate level of protection and in accordance with this Privacy Policy and regulatory compliance.
Some of our service providers may process your data outside the UK and EEA. When this happens, we ensure appropriate safeguards are in place through:
- Adequacy decisions by the UK government
- Standard contractual clauses approved by UK authorities
- Other legally recognised transfer mechanisms
We carefully vet all international data processors to ensure they maintain appropriate security standards and comply with applicable data protection laws.
How We Keep Your Information Safe
We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.
Technical Security Measures
Encryption and Data Protection:
- All data transmissions between your device and our servers are encrypted using industry-standard SSL/TLS protocols
- Sensitive data is encrypted both in transit and at rest using advanced encryption standards
- Payment and financial data is processed using secure, PCI-compliant systems
- Open banking connections utilise strong customer authentication as required by FCA regulations
Infrastructure Security:
- Secure cloud hosting with enterprise-grade security controls
- Regular security monitoring and threat detection systems
- Automated backup systems with encrypted storage
- Multi-factor authentication for administrative access
- Regular security updates and patch management
Access Controls:
- Role-based access controls limiting data access to authorised personnel only
- Regular access reviews and permission audits
- Secure authentication systems for all user accounts
- Activity logging and monitoring for suspicious behaviour
Organisational Security Measures
Data Governance:
- Dedicated Compliance Officer overseeing data protection practices
- Regular staff training on data protection and security procedures
- Clear data handling policies and procedures
- Regular security risk assessments and audits
Incident Response:
- Established incident response procedures for security events
- Regular testing of security controls and procedures
- Continuous monitoring for potential security threats
- Prompt response protocols for any identified vulnerabilities
Third-Party Security:
- Due diligence assessments of all data processors and service providers
- Contractual security requirements for all third parties handling your data
- Regular security reviews of third-party integrations
- Secure API connections with authentication and authorisation controls
Your Role in Security
You can help protect your account by:
- Keeping your devices and app updated to the latest version
- Using strong, unique passwords for your account, where applicable
- Not sharing your magic link email or account credentials with others
- Reporting any suspicious activity immediately
- Reviewing your account regularly for unauthorised transactions
If you suspect any security issues with your account, please contact us immediately at contact@verve.cash.
Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we are committed to transparency and will handle the situation in accordance with applicable data protection laws and our Data Breach Response Process. For more information about how we would handle a data breach, please contact privacy@verve.cash.
Changes to this Privacy Notice
We may need to change our Privacy Policy from time to time for security, legal, best practice, and/or regulatory reasons, or when we add or further develop certain features or parts of the Platform.
When we make changes, we will:
- Post the updated privacy notice on this page with a new “Last updated” date
- Where appropriate, notify you through various channels including: Push notifications through the App Email communications Text messages/SMS Other electronic communications sent outside of or within the App
- Push notifications through the App
- Email communications
- Text messages/SMS
- Other electronic communications sent outside of or within the App
- Display new terms on-screen in the App where you may be required to read and accept them for continued use of the Platform
Your continued use of our services after changes are posted constitutes acceptance of the updated notice. For significant changes that materially affect how we process your personal information, we will seek your explicit consent where required by law.
How to Make a Complaint
If you have concerns about how we handle your personal data:
- Please allow us to address your concern first by contacting us using the Contact Details provided above
- If you remain unsatisfied, you may choose to contact the ICO, whose information is provided below for your convenience:
Information Commissioner’s Office
-
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
- Website: https://www.ico.org.uk/make-a-complaint/
________________________________
This privacy notice should be read alongside our Cookie Policy and Terms for complete information about how we handle your data.