PRIVACY POLICY

Effective Date: 1 June 2026

Last Updated: 1 June 2026

Statement Makers, Inc. (United States) and Statement Makers, Limited (United Kingdom) (collectively, "Statement," "we," "us," or "our") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our app, website, and related services (collectively, the "Services").

This policy complies with the UK and EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The short version

Statement is a social platform backed by real bank transactions. That means we handle financial data, and we take that seriously. Here's what you need to know upfront:

We never see your bank login credentials. Ever.

We never see your account balance.

We never have the ability to move your money.

We use Plaid (US) and Yapily (UK) to connect to your bank. These are the same services used by apps like Venmo, Robinhood, and Monzo.

Your bank connection is read-only. We receive transaction details - merchant name, amount, date - and nothing more.

No transaction is shared publicly unless you choose to make a Statement with it.

We do not sell your personal data. Not now, not ever.

The rest of this policy goes into the legal detail. But that's the foundation.

1. Information we collect

Information you give us

Account information: Name, email address, date of birth, username, and profile details you provide when you sign up.

Content you create: Statements you post, comments, Props you give, and any other content you share on the platform.

Communications: Messages you send to our support team or feedback you submit.

Information we receive from your bank

When you connect a bank account or card through our open banking partners, we receive:

Transaction data: Merchant name, transaction amount, transaction date, and transaction category.

We do not receive:

Your bank login credentials (username, password, security questions)

Your account balance

Your full account number or sort code / routing number

Access to initiate payments, transfers, or any movement of funds

Your bank connection is facilitated by Plaid (for US banks) and Yapily (for UK banks). These providers are regulated, use bank-level encryption, and act as a secure intermediary between your bank and Statement. At no point does Statement have direct access to your bank.

Information we collect automatically

Device and technical data: IP address, browser type, operating system, device identifiers, and app version.

Usage data: Pages visited, features used, time spent on the platform, and interactions with content.

Location data: General location derived from your IP address. We do not collect precise GPS location unless you explicitly grant permission.

2. How we use your information

We use your information to:

Run the platform: Create and manage your account, display your Statements, show you relevant content, and enable features like Props, the Vault, and the Discover Map.

Verify transactions: Confirm that every Statement is backed by a real bank transaction. This is the core of what Statement does.

Keep things safe: Detect fraud, prevent abuse, enforce our terms, and protect the integrity of the platform.

Improve the product: Understand how people use Statement so we can make it better. This includes aggregated, anonymized analytics - never individual financial data.

Communicate with you: Send account notifications, respond to support requests, and share product updates (with your consent for marketing communications).

Meet legal obligations: Comply with applicable laws, regulations, and legal processes.

3. Legal basis for processing (GDPR)

If you're in the UK or EU, we process your data under one or more of the following lawful bases:

Contract: Processing necessary to provide you with the Statement service - including account management and transaction verification.

Consent: When you give us explicit permission, such as connecting your bank account or opting into marketing emails. You can withdraw consent at any time.

Legitimate interests: To operate, improve, and secure our platform - provided your rights don't override ours.

Legal obligation: To comply with laws and regulations, including financial reporting requirements.

4. What we share and with whom

We do not sell your personal data.

We may share your data with the following categories of providers, all of whom are bound by data protection agreements:

Open banking providers: Plaid (US) and Yapily (UK) - to securely connect your bank account and retrieve transaction data. Plaid's privacy policy. Yapily's privacy policy.

Cloud infrastructure: To host and operate the platform securely.

Analytics providers: To understand usage patterns in aggregate. No individual financial data is shared for analytics purposes.

Professional advisors: Legal counsel and accountants, when necessary.

Law enforcement or regulators: When required by law, court order, or regulatory request.

What other Statement users can see:

When you make a Statement, the following is visible to other users: your username, your profile photo, the merchant name, the transaction amount, the transaction date, and whatever commentary you add. Your bank name, account number, and any other financial details are never visible to other users.

5. International transfers

Statement operates in the United States, the United Kingdom, and Europe. Your data may be processed in either country, as well as in countries where our infrastructure providers operate.

When data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the relevant authorities.

6. Data retention

We keep your data only as long as we need it:

Account data: Retained while your account is active. If you delete your account, we remove your personal data within 30 days, except where we're legally required to retain it.

Transaction data: Retained for up to 7 years after your last activity to comply with financial record-keeping regulations.

Statements and content you posted: Deleted when you delete them individually or when you delete your account.

Technical and usage data: Retained in anonymized form for analytics. Identifiable technical data is deleted within 12 months.

7. Your rights

If you're in the UK or EU (GDPR), you have the right to:

Access your personal data

Correct inaccurate data

Delete your data ("right to be forgotten")

Restrict or object to processing

Port your data to another service

Withdraw consent at any time

If you're in California (CCPA), you have the right to:

Know what personal data we collect and how it's used

Request deletion of your data

Opt out of the sale of your data (we don't sell it, but you have the right)

Not be discriminated against for exercising your rights

To exercise any of these rights, email us at privacy@statementapp.com.

We will respond within 30 days (GDPR) or 45 days (CCPA).

8. Cookies

We use cookies to keep you logged in, remember your preferences, and understand how people use the platform. For full details, see our Cookie Policy.

You can manage your cookie preferences at any time through the Cookie Preferences link in the footer of our website.

9. Children's privacy

Statement is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If we learn that we've collected data from a child under 16, we will delete it promptly.

10. Security

We use industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews. Your bank connection is handled entirely by Plaid and Yapily - we never receive or store your bank credentials.

No system is 100% secure. If we ever discover a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice in the app before the changes take effect. The "Last Updated" date at the top will always reflect the most recent version.

12. Contact us

If you have questions about this policy or how we handle your data:

Statement Makers, Inc. One Sansome Street, San Francisco, CA 94104

Statement Makers, Limited [Cotton Court, Church Street, Preston, PR1 3BY]

Email: privacy@statementapp.com

If you're in the UK or EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (the ICO in the UK, or your national DPA in the EU).