When you use financial services powered by Weavr, your data is shared and handled carefully by several parties:
Weavr: The platform provider that works with financial institutions (FIs) to power the service.
Embedders (also called Corporates): These are the companies or organisations offering you embedded financial products.
Partner Financial Institutions: Banks or licensed financial entities that handle your actual financial transactions.
Each plays a role in managing and protecting your personal and financial information to keep your data secure and comply with the law.
Who Handles Your Data?
Embedders (Corporates): May collect and process your data to provide their services. They are responsible for managing your data properly and securely.
Weavr: Provides the technology and ensures that Embedders and partner FIs follow strict data handling standards.
Partner Financial Institutions: Process your payments and financial transactions securely and in compliance with financial regulations.
What Types of Data Are Collected?
Personal Data: Your name, contact details, government IDs — information that identifies you.
Financial Data: Details of your payments, transactions, and account balances.
Transaction Logs: Records of your activity within the embedded finance service.
System Data: Technical data such as app or platform usage logs used for security and performance.
How Long Is Your Data Kept?
Your data is kept only as long as necessary to provide the service, meet legal obligations, or comply with partner FI rules. Typical retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Personal Data | Only as long as necessary | Privacy laws (e.g., GDPR) |
| Financial Data | 5 to 7 years | Tax, audit, and financial reporting |
| Transaction Data | 3 to 5 years | Fraud prevention, support |
| System Data | As needed | Service performance and security |
When data is no longer needed, it is securely deleted or anonymised.
How Is Your Data Protected?
Data Minimisation – We only collect what’s strictly necessary.
Access Controls – Only authorised individuals can access your data.
Encryption – Data is encrypted during transmission and storage.
Accuracy & Integrity – Systems are in place to keep data up to date and protected from tampering.
Regular Audits – We conduct security reviews of our systems and those of our partners.
Sharing Your Data with Third Parties
Your data may be shared with:
Trusted service providers (e.g. payment processors, identity verification partners).
Partner Financial Institutions for the purpose of managing accounts and processing transactions.
Before sharing:
We ensure that all third parties meet strict security standards.
Contracts are in place to protect your data and define responsibilities.
Cross-border transfers are only done using approved legal mechanisms, like Standard Contractual Clauses (SCCs).
Third parties are required to delete or return your data when no longer needed.
Your Rights as an End Customer
You have the right to:
Access the data held about you.
Request corrections to any incorrect information.
Ask for your data to be deleted, where allowed by law.
Embedders and Weavr are committed to helping you exercise these rights quickly and securely.
What Happens If There’s a Data Breach?
If your data is exposed or accessed without permission:
The responsible party will act immediately to contain the breach.
You and the authorities will be notified as required by law.
Steps will be taken to investigate and prevent future breaches.
You can report concerns or incidents by contacting dpo@weavr.io.
How We Ensure Compliance
Weavr monitors and enforces data protection standards across Embedders and partner FIs.
Regular audits and assessments verify that your data is handled securely and in line with regulations.
We keep policies updated with changing laws to maintain the highest standards.
What To Do If You Suspect Fraud or a Security Breach
If you believe your account or personal information has been compromised, or if you notice any suspicious activity:
Contact the Embedder immediately. They have the tools to investigate and help secure your account.
Report the issue to Weavr by emailing dpo@weavr.io so that we can assist with managing the situation and ensure your data is protected.
Consider notifying your local law enforcement if you suspect fraud or identity theft.
Follow any additional guidance provided by your Embedder or Weavr to protect your accounts and personal information.
Acting quickly helps minimise any potential harm and enables us to respond effectively.
Questions?
If you want to learn more or have any concerns about how your data is handled, please contact the Embedder you receive services from, or reach out to Weavr at support@weavr.io
Was this article helpful?
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article