App User Privacy Notice

Updated on: October 24, 2025

Data that we hold and how we use it

This notice describes our processing of your personal data where we act as the Controller, please note that we do not act as the Controller for the messages between you and the Provider.

We are the Controller of your registration data for the App itself, any log data and then your Nivo Identity if you have set one up. Your Nivo identity will include the results of your ID&V check, if you have agreed to share it with us for future use with a new provider. When you attempt to start a conversation with a provider on Nivo, you will be asked to consent to share your Nivo identity information. If you choose to consent that identity will be shared with the provider. If you use our Digital Assistant channel then we will process your any conversation that you have with the Digital Assistant, along with a conversation ID that we can link to your Nivo identity. This conversation is processed by OpenAI, but only the conversation ID is sent to them, they do not have any other identifying data for you. We recommend that you do not put personal information in the question box.
‍
Purpose of Processing

We process your personal data for the purpose as set out in the table below, which also shows our lawful basis under UK data protection legislation (UK GDPR) for doing so.

Lawful Basis under UK GDPR (Nivo App)

Purpose	Lawful Basis under UK GDPR
To register you as a new user of the App	Performance of the contract we have with you
To create and manage your Nivo ID	Performance of the contract we have with you
To validate your ID as part of your Nivo ID	Our legitimate interests in validating your ID as part of the provision of the Nivo ID
Managing our AML, sanctions and political exposure processes as part of your Nivo ID	Our legitimate interests in recording the output of these checks as part of the provision of the Nivo ID
Sharing your Nivo ID with third parties such as lenders and brokers	Your consent
Managing your enquiries	Our legitimate interests in managing, responding and recording the details of your enquiries and our responses
Soliciting reviews of the Nivo app from you, or asking you to take part in market research surveys	Our legitimate interests in soliciting reviews and conducting market research
Managing the reliability and security of the App	Our legitimate interests in protecting the security of, and improving the reliability of, the App
To process analytics information about how the App is used	Consent

‍Data we collect

The table below gives information on the categories of personal data we process for the purpose shown above

Categories of Data Processed (Nivo App)

Purpose	Categories of Data Processed
To register you as a new user of the App	ID and contact details
To create and manage your Nivo ID	ID and contact details, financial details
To validate your ID as part of your Nivo ID	Biometric data (see Special Category Data section below)
Managing our AML, sanctions and political exposure processes as part of your Nivo ID	Criminal Offence data (see Special Category Data below), sanctions data and information about political positions held
Sharing your Nivo ID with third parties such as lenders and brokers	All of the above data categories as included within your Nivo ID
Managing your enquiries	ID, contact details, enquiry details
Soliciting reviews of the Nivo app from you, or asking you to take part in market research surveys	ID, contact details, review details, survey responses
Managing the reliability and security of the App	ID, contact details and technical usage details
To process analytics information about how the App is used	ID, contact details and technical usage details

Special category data

We process Special Category Data in the following ways:

Validating your ID using biometric tools – done so with your explicit consent
Processing criminal offence data as part of our AML checks – done so with your explicit consent

How long do we keep your data for?

We will retain your personal data by default for the following periods:

Maximum Retention Period (Nivo App)

Purpose	Maximum Retention Period
To register you as a new user of the App	7 years after you cease to be an active user
To create and manage your Nivo ID	7 years after you cease to be an active user
To validate your ID as part of your Nivo ID	7 years after you cease to be an active user
Managing our AML, sanctions and political exposure processes as part of your Nivo ID	7 years after you cease to be an active user
Sharing your Nivo ID with third parties such as lenders and brokers	7 years after you cease to be an active user
Managing your enquiries	7 years after you cease to be an active user
Soliciting reviews of the Nivo app from you, or asking you to take part in market research surveys	7 years after you cease to be an active user
Managing the reliability and security of the App	7 years after you cease to be an active user
To process analytics information about how the App is used	7 years after you cease to be an active user