Boodil - Modern Payment Solutions for Businesses

Boodil Ltd ("Boodil", "we", "us", or "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website (boodil.com), our payment services, integrations (such as checkout buttons or plugins), or any related apps or services (collectively, the "Services").

Boodil provides open banking-powered payment solutions, allowing merchants to accept cardless payments securely via bank technology, and enabling consumers to pay faster and safer without sharing card details. We act as a data controller for personal data processed through our website and merchant dashboard, and in some cases as a data processor for transaction data on behalf of merchants.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws. Please read it carefully.

1. Information We Collect

We collect personal data in the following ways:

a. Information You Provide Directly

Contact details (name, email address, phone number, job title)
Business information (for merchants: company details, bank account information for settlements)
Account credentials (username, password for merchant dashboards)
Communication data (when you contact us via email, forms, or support)

b. Information Collected During Payments

As an open banking payment provider, we facilitate direct bank-to-bank transactions. We do not store or process full payment card details. Instead:

Transaction details (amount, reference, merchant information)
Bank account information (as provided securely via your bank's authenticated interface)
Device and session information for fraud prevention

Consumers do not need a Boodil account to pay; payments are initiated via your own bank.

c. Automatically Collected Information

Technical data: IP address, browser type/version, operating system, device information
Usage data: Pages visited, time spent on site, referral sources
Cookies and similar technologies: We use essential cookies for functionality, analytics cookies (e.g., Google Analytics) for improving our Services, and marketing cookies (with consent). See our Cookie Policy for details.

2. How We Use Your Information

We use personal data for the following purposes and legal bases:

Purpose	Legal Basis
Providing and managing our Services (e.g., processing payments, settlements, integrations)	Performance of a contract with you or the merchant
Communicating with you (support, updates, service notifications)	Performance of a contract or legitimate interests
Improving our website and Services (analytics, troubleshooting)	Legitimate interests
Fraud prevention, security, and compliance (e.g., detecting suspicious activity)	Legitimate interests and legal obligations
Marketing (newsletters, promotions) – only with your consent	Consent
Internal record-keeping and business operations	Legitimate interests
Legal compliance (e.g., anti-money laundering checks, responding to authorities)	Legal obligations

We minimise data use and only process what is necessary.

3. Sharing Your Information

We share personal data only where necessary:

Service Providers: With trusted third parties (e.g., cloud hosting, analytics providers, open banking APIs, payment initiators) who act as processors under strict contracts.
Financial Partners: Banks and regulated payment institutions to facilitate transactions (using secure open banking protocols).
Merchants: Transaction details shared with the merchant you pay (as required for fulfilment).
Legal Requirements: With authorities if required by law (e.g., for fraud investigations).
Business Transfers: In case of merger, acquisition, or sale, with protections in place.

We do not sell your personal data.

International transfers: If data is transferred outside the UK/EEA, we use approved mechanisms (e.g., UK Adequacy Regulations or Standard Contractual Clauses) to ensure equivalent protection.

4. Data Security

We implement robust technical and organisational measures to protect your data, including:

Encryption in transit and at rest

Access controls and authentication

Regular security assessments

Secure open banking connections (leveraging banks' own security)

No system is completely secure, but we strive to minimise risks. If a breach occurs that risks your rights, we will notify you and the relevant authorities as required.

5. Data Retention

We retain personal data only as long as necessary:

Transaction data: Up to 7 years for legal/tax compliance
Account data: While your account is active, plus a reasonable period after closure
Marketing data: Until you withdraw consent

You can request deletion earlier where possible.

6. Your Rights

Under UK data protection laws, you have rights including:

Access

Request a copy of your data

Rectification

Correct inaccurate data

Erasure

Request deletion (subject to legal retention requirements)

Restriction

Limit processing in certain cases

Portability

Receive data in a machine-readable format

Objection

Object to processing based on legitimate interests

Withdraw Consent

At any time for consent-based processing

To exercise rights, contact us at info@boodil.com. We respond within one month (extendable if complex). You can complain to the UK Information Commissioner's Office (ico.org.uk) if unsatisfied.

7. Cookies and Tracking

Our website uses cookies. You can manage preferences via our cookie banner. Essential cookies cannot be disabled.

8. Links to Third-Party Sites

Our Services may link to merchant sites or banks. Their privacy policies apply there – we are not responsible.

9. Changes to This Policy

We may update this policy. Significant changes will be notified via email or on our website. Continued use constitutes acceptance.

10. Contact Us

For questions or to exercise rights:

Boodil Ltd

249 North, Lynnfield House Church Street, Altrincham, England, WA14 4DZ

Email: info@boodil.com

Company Registration: 13990233 (England and Wales)

Thank you for trusting Boodil. We value your privacy and aim to be transparent.