EU Cookies Consent by PrivacyPolicies

Privacy Policy

Welcome to the ZavFit Privacy Policy. As a wellbeing company your health and happiness is really important to us. We take your privacy, personal information and data security very seriously. Our goal is to provide a great user experience without causing extra stress or anxiety about data security. You can find all the details outlined in this Policy.

ZavFit Limited (“we”, “our” or “us”) is committed to respecting your privacy.

This Privacy Policy describes how we collect, use and disclose personal information we receive when you use the ZavFit app or (together, the “Site”), or otherwise interact with us, whether online or offline. It also tells you about your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns.


ZavFit Limited (company no. SC581898) is the data controller of the personal information we hold about you. Our registered address is 24a Ainslie Place, Edinburgh, United Kingdom, EH3 6AJ. We are registered as a data controller with the Information Commissioner’s Office under data protection registration number ZA559197.


If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at


We collect personal information about you from the different sources listed below. Information you give us You may provide us with personal information, including when you:

  • sign up to receive our services;
  • use the Site; and
  • communicate with us (whether through the app, online or by email).

The categories of personal information you provide may include:

  • Contact details, such as your name, email address and telephone number;
  • Account details, including username and PIN;
  • Wellbeing information, including how you feel from a mental, physical and financial perspective, as well as information relating to different aspects of your wellbeing, such as relationships, career, interests and the environment, and how you feel about tailored targets that suggest positive ways to use your money via the Site;
  • Correspondence and communications data, including any personal information contained in your correspondence and communications with us and any survey responses you provide us;
  • Marketing data, such as your marketing preferences. We will indicate to you where the provision of certain personal information is required in order for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested.

Information we process automatically

We also collect, store and use information about your use of the Site, and about your computer, tablet, mobile or other device through which you access the Site. This includes the following information:

  • Technical Data: including the Internet protocol (IP) address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location; and
  • Usage Data: including the full Uniform Resource Locators (URL), clickstream to, through and from the website, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, website navigation and search terms used, interaction with marketing emails,

(referred to together in this Privacy Policy as “Technical and Usage Data”).

Information we collect from third parties

In order to provide you with our services, we ask you to provide information regarding your spending habits. We collect this through a third party service provider, TrueLayer, which provides us with information regarding your:

  • bank account, including your account balance, account details and the name of the account provider; and
  • transaction data, including transaction amounts and the date and time of transactions,

(referred to together in this Privacy Policy as “Open Banking Information”).

ZavFit is acting as an agent of TrueLayer, who is providing the regulated Account Information Service, and is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Reference Number: 901096).

We may also obtain personal information about you from the following third parties:

  • your employer (i.e. if your access to the Site has been procured by your employer);
  • analytics providers;
  • our advertising partners; and
  • social media networks.
Aggregated Data

We may anonymise and aggregate any of the personal information we collect about you (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Site and our services and developing new products and features. We may also share such anonymised information with others.


The Site is not intended for or directed at children under the age of 16 and we do not knowingly collect personal information relating to anyone under this age.


As a data controller, we will only use your personal information if we have a legal basis for doing so. The table at Annex 1 sets out the purposes for which we use your personal information as well as the legal bases which we rely on to process your personal information.


We disclose personal information with the following recipients to achieve the purposes set out in Annex 1 or as otherwise described below:

  • Service providers: we may share your personal information with third parties that perform services for us or on our behalf, which may include providing data hosting, website hosting, email marketing, customer relationship management, online surveys and analytics services.
  • Our social media audience: if you tag us in a social media post or share information publicly about us, we may share this information with our own social media audience or users of our website in certain circumstances.
  • Law enforcement, regulators, governmental authorities and other parties for legal reasons: we may share your personal information with third parties if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions or to protect the rights, property or our safety, or the safety of our users, a third party, or the public.
  • Purchasers and third parties in connection with a business transaction: if we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your personal information as part of that transaction.

In addition, we may share your personal information with other third parties if you have provided your consent for us to do so.


You have the following rights in respect of the personal information we hold about you under applicable data protection law:

  • Right of access. You have the right to obtain access to your personal information.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  • Right to object. You have a right to object to the processing we carry out on the basis of legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the "unsubscribe" link set out in any marketing communication or contacting us using the contact details set out below.
  • Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent (without affecting the lawfulness of our processing prior to you having withdrawn your consent).
  • Please note that not all of the above rights are absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.

If you wish to exercise one of these rights, please contact us at


We may need to transfer your personal data to third party service providers which are located outside the UK. For example, we use Mailchimp, who are based in the USA, to send marketing messages on our behalf and TypeForm, who are based in Spain, for our online surveys.

In the event we need to transfer your personal data to a country which is not recognised by the UK government as ensuring an adequate level of protection for personal data, we shall ensure that appropriate safeguards are in place to ensure adequate protection for your personal data (for example, by entering into standard contractual clauses with the recipients of your personal information).

Further details regarding the relevant safeguards we implement can be obtained from us on request at


We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

If you have created an account with us, we will process your personal data until such time as your account is terminated, following which we will normally delete your personal data within one and a half years. Please note, however, that we may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.


We use appropriate technical and organisational security measures (including encryption) to protect personal information both online and offline from unauthorised use, loss, alteration or destruction. Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal information.

Despite these precautions, however, we cannot guarantee the security of information transmitted over the internet or that unauthorised persons will not obtain access to personal information.


We use cookies and similar technologies to distinguish you from other users of our service. For more information on cookies and the purposes for which we use these, please refer to our Cookies Policy.


The Site may, from time to time, contain links to and from the websites of our business partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.


If you have any queries or complaints about how we process your personal information, please contact us at

You also have the right to lodge a complaint to your national data protection authority. The relevant data protection authority in the UK is the Information Commissioner's Office (


We reserve the right to change this Privacy Policy from time to time. Any changes will be posted on the website and app with an updated revision date. If we make any material changes to this Privacy Policy, we may notify you by email or by means of a prominent notice on the website or app prior to the change becoming effective.

Last updated: 25 November 2021


Categories of personal data

Purposes of processing 

Lawful basis for processing

Contact details;account details

To register you with the Site.

Administration of account (including sending you information regarding changes to our policies, other terms and other administrative information).


Performance of a contract

Performance of a contract

Contact details


To verify your identity via SMS or email.


It is in our legitimate interests to verify the email address or phone number you have given during registration is yours to ensure the accuracy of the data and for security purposes.


Contact details; account details; wellbeing information; Open Banking Information; Technical and Usage Data



To provide you with the services we make available through the Site. This includes:

  • conducting wellbeing assessments at periodic intervals;
  • combining your wellbeing information and Open Banking Information to create targets that are tailored to you. These targets suggest positive ways to use your money and can be rejected at any time (“ZavTargets”);
  • displaying ZavTargets to you;
  • updating the ZavScore for you when you meet a ZavTarget;
  • collecting information on your mood once you have met a ZavTarget;
  • allowing you to reject ZavTargets.


Performance of a contract

To the extent such processing requires us to process any information relating to your health, such processing is based on your explicit consent.

Contact details; marketing data


Marketing and advertising (including sending you newsletters and measuring the effectiveness of our marketing).




Wellbeing information; Open Banking Information


To improve the ZavTarget generation process to better suit your wellbeing (based on the information you provide us relating to the wellbeing assessment and past purchases).

To anonymise the data for various purposes, including  testing our IT systems, research (including sharing the anonymised data with our research partners), data analysis, improving the Site and our services and developing new products and features.

It is in our legitimate interests to provide you with a service that is tailored to your needs for the purpose of improving your experience of the service.

It is in our legitimate interests to anonymise data for research purposes, so that we can improve our systems and our services and deepen our understanding of the link between money, health and wellbeing. We also consider it in the broader public interest that user information is anonymised and shared for this purpose.

Correspondence and communications data; contact details; account details

To respond to queries and complaints and provide you with information and materials that you request from us.

To carry out surveys with a view to improving the Site and our services.


It is in our legitimate interests to respond to your queries and provide any information and materials requested in order for you to have a positive experience with us and to maintain good customer relations.

It is in our legitimate interests to understand how our users feel about our service so we can take steps to improve this.

Account details; Technical and Usage Data


To correct errors and problems with the Site.

To protect the security of systems and data.

It is in our legitimate interests to monitor the Site and resolve errors to ensure that it functions properly.

To comply with our legal and regulatory obligations under data protection legislation.

It is also in our legitimate interests to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

Technical and Usage Data

To turn off notifications relating to a new ZavTarget which you have already seen.

To analyse your usage of the Site for the purpose of improving the Site and to ensure that content is presented in the most effective manner for you.

It is in your legitimate interests not to be notified of information you have already had sight of.