Dilly Privacy Policy
Controller: Catapult Financial Technologies (UK) Limited (Company No. 15302950), 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ Last updated: 28/05/2025
This Privacy Policy explains how Catapult Financial Technologies (UK) Limited (“Dilly”, “we”, “us”, “our”) collects, uses and protects personal data when you use the Dilly website, mobile app, or related services (the “Service”).
1. Who we are
Catapult Financial Technologies (UK) Limited is the data controller of personal data collected through the Service. You can contact us at:
• Email: marketing@getdilly.io
• Post: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
2. The personal data we collect
2.1 Data you give us
• Account data: name (if provided), email address, password (encrypted), date of birth or age confirmation.
• Profile and preference data: any information you choose to add about your financial well being, goals, life circumstances, marketing preferences.
• Conversation data: the questions you ask Dilly and the context you provide in those conversations.
• Communications data: any correspondence you send us by email, in-app message, or otherwise.
2.2 Data we collect automatically
• Technical data: IP address, browser type and version, device identifiers, operating system, time zone, and similar.
• Usage data: pages or screens viewed, features used, session length, error logs.
• Cookies and similar technologies: as described in our Cookie Policy.
2.3 Data we receive from third parties
• Authentication providers (if you sign in with a third-party account such as Google or Apple).
• Analytics and crash reporting providers.
3. Why we use your data and our lawful bases
Purpose
Lawful basis (UK GDPR)
Creating and maintaining your Dilly account
Performance of a contract (Article 6(1)(b))
Providing the AI guidance service in response to your questions
Performance of a contract (Article 6(1)(b))
Sending service emails (account verification, password resets, important Service updates)
Performance of a contract (Article 6(1)(b))
Sending marketing emails
Your consent (Article 6(1)(a)) and PECR; you can withdraw at any time
Our legitimate interests in improving the Service (Article 6(1)(f))
Service security, fraud prevention, abuse detection
Our legitimate interests in keeping the Service safe (Article 6(1)(f))
Compliance with legal obligations
Article 6(1)(c)
4. Important: what Dilly is and is not
Dilly provides general financial guidance and educational content. It is not regulated financial advice. Dilly does not assess your individual circumstances against specific products and does not make recommendations to buy, sell, or hold any financial product. If you need regulated advice on a specific decision, please consult an FCA-authorised adviser. See our Terms of Service for further details.
5. AI and conversation data
Your conversations with Dilly are used to provide you with answers in the moment and to maintain your conversation history within your account.
6. Who we share your data with
We share personal data only with the following categories of recipients, and only where necessary:
• Hosting, infrastructure and storage providers (e.g. Squarespace, ChatGPT)
• AI model and inference providers (e.g. [INSERT])
• Email and communications providers (e.g. Squarespace)
• Analytics, monitoring and error-reporting providers (e.g. [INSERT])
• Payment processors, if and when paid features are added (e.g. Monzo)
• Professional advisers (legal, accounting, audit) on a confidential basis
• Regulators, courts and authorities where required by law
• Acquirers, in the event of a sale, merger or restructuring of our business, subject to appropriate confidentiality and data protection safeguards
We do not sell your personal data.
7. International transfers
Some of our processors may operate outside the UK. Where personal data is transferred outside the UK, we ensure it is protected by an appropriate safeguard under UK GDPR Article 46 (such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or an adequacy decision). You may request a copy of the safeguards in place by emailing marketing@getdilly.io.
8. How long we keep your data
We keep personal data only for as long as we need it, for the purposes set out in this Policy.
• Account data: for the lifetime of your account, plus 24 months after closure for legal record-keeping.
• Conversation history: for as long as your account is open, unless you delete individual conversations earlier. You can delete conversations within the app at any time.
• Marketing preferences: until you withdraw consent or your account is closed.
• Technical/usage logs: typically 12 months, unless retained longer for security or legal reasons.
• Records required by law or regulation: for the period required.
9. Your rights
Under UK GDPR, you have the right to:
• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data (“right to be forgotten”) in certain circumstances
• Restrict processing in certain circumstances
• Port your personal data
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent (including marketing)
To exercise these rights, contact marketing@getdilly.io. We will respond within one month.
You also have the right to complain to the Information Commissioner’s Office at www.ico.org.uk or 0303 123 1113.
We’d be grateful for the chance to address your concerns first.
10. Security
We use technical and organisational measures appropriate to the risk to protect your personal data, including encryption in transit, encryption at rest where appropriate, access controls, logging and regular review. No system is perfectly secure; please use a strong, unique password and tell us immediately if you suspect your account has been compromised.
11. Children
The Service is not directed at, or intended for use by, anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, please contact us and we will delete it.
12. Cookies and similar technologies
See our Cookie Policy.
13. Changes to this Policy
We may update this Policy from time to time. The “Last updated” date will reflect the most recent change. We will notify you of material changes by email or in-app.