Verifi Mortgages Official Logo, in a blue colour
📞

Theo App Privacy Policy

Last Updated: March 2026

Privacy Policy

This Privacy Policy explains how personal data is collected, used, and protected when you use the Theo application (“Theo” or the “App”).

Theo is operated by Theo App Ltd.

For the purposes of UK GDPR, Theo App Ltd is the Data Controller.

  1. Scope

This Privacy Policy applies to:

The Theo mobile application
The Theo web application
Related services

It does not apply to third-party websites, lenders, or services provided by Verifi Mortgages Ltd.

  1. Personal Data We Collect

We may collect and process the following categories of data:

Identity & Contact Information
Name
Email address
Telephone number
Mortgage & Property Information (User-Provided)
Property value
Mortgage balance
Product type
Loan-to-value (LTV) band
Interest rate
Repayment type
Fixed term end date
Alert preferences
Account & Technical Data
User ID
Device information
IP address (where applicable)
App usage data
Push notification tokens (e.g. Firebase Cloud Messaging)
Subscription Data

Subscriptions are processed via:

Apple App Store
Google Play Store
RevenueCat
Stripe (for web users)

We do not store full payment card details.

  1. Special Category Data

Theo does not intentionally collect special category data (such as health, biometric, or sensitive personal data).

Users should not input sensitive personal information into the App.

  1. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract

To provide the core functionality of Theo, including mortgage monitoring, alerts, and account services.

Legitimate Interests

To improve system performance, prevent fraud, ensure platform security, and enhance user experience.

Consent

For push notifications and any optional communications. Users may withdraw consent at any time.

  1. How We Use Your Data

We use personal data to:

Provide mortgage monitoring and calculations
Generate alerts and notifications
Operate subscriptions and billing
Improve system performance and features
Provide customer support
Maintain platform security

Mortgage data entered into Theo is used solely for automated functionality and is not shared with lenders or product providers.

  1. Relationship with Verifi Mortgages Ltd

Theo operates independently of Verifi Mortgages Ltd.

If you choose to engage Verifi Mortgages Ltd for regulated mortgage advice:

Your data will only be shared with Verifi with your explicit consent
Verifi will act as a separate Data Controller for any advice-related services

Theo does not share your data with Verifi by default.

  1. Data Storage & Security

Data is hosted on Google Cloud Platform within the European region (europe-west2).

Security measures include:

Encryption in transit
Encrypted storage
Authentication controls
Role-based access control
Secure cloud infrastructure

While we take appropriate measures, no system can guarantee absolute security.

  1. Data Sharing

We do not sell personal data.

Data may be shared with:

Cloud hosting providers (e.g. Google Cloud)
Payment processors (Apple, Google, RevenueCat, Stripe)
Notification services (Firebase)
Analytics providers (if applicable)
Legal or regulatory authorities where required

All third parties process data under contractual safeguards.

  1. International Transfers

Where data is transferred outside the UK or EEA, appropriate safeguards are used, including:

Standard Contractual Clauses
Approved transfer mechanisms

  1. Data Retention

We retain personal data:

While your account remains active
As required for contractual obligations
Where required by law

You may request account deletion at any time.

Certain data may be retained where legally required.

  1. Your Rights Under UK GDPR

You have the right to:

Access your personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing
Data portability

Requests should be sent to:

support@theoapp.co.uk

We may require identity verification.

  1. Complaints

If you have concerns about your data, please contact us first.

You also have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)
http://www.ico.org.uk

  1. Children

Theo is not intended for individuals under 18.

We do not knowingly collect data from minors.

  1. Changes to This Policy

We may update this Privacy Policy from time to time.

Continued use of Theo constitutes acceptance of any updates.