Streem Connect Limited (“Streem Connect”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use and safeguard your personal data when you use our website, platform and mobile applications, including the Streem Connect iOS app.

This policy also explains your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

This website and our services are not intended for children, and we do not knowingly collect data relating to individuals under 18.

1. Important Information and Who We Are

Controller

Streem Connect Limited is the data controller for the personal data we collect and use in connection with our services.

Our Relationship With Plaid

Streem Connect acts as an Agent of Plaid Financial Ltd, which is authorised and regulated by the Financial Conduct Authority to provide Account Information Services (AIS).

When you choose to connect your bank account:

• Plaid Financial Ltd is an independent controller of any Financial Data it collects, processes or stores to provide AIS.

• Streem Connect is a separate controller for any Financial Data we retrieve from Plaid and use within our platform.

Each organisation determines its own purposes and means of processing.
Plaid’s privacy notice applies separately:
https://plaid.com/legal

Plaid may process and store data outside the UK/EEA.

2. How to Contact Us

Email: support@streemconnect.com
Address: 15 Front Street, Sherburn Hill, Durham, DH6 1PA

You may contact our Data Protection Officer using the same details above.

You have the right to complain to the Information Commissioner’s Office (ICO) at any time: www.ico.org.uk.
We would appreciate the opportunity to respond before you contact the ICO.

3. The Data We Collect

We may collect, use, store and transfer the following categories:

Identity Data

Name, date of birth, username, title.

Contact Data

Email address, postal address, telephone number.

Technical Data

IP address, browser type/version, device identifiers, operating system, app diagnostics, log data.

Usage Data

Interactions with our website or app, features used, time spent, user navigation patterns.

Marketing & Communications Data

Preferences for marketing and notifications.

Financial Data (via Plaid)

Read-only account information and transaction data made available through Plaid’s AIS service.
This includes:

• Account holder name

• Account identifiers (masked where provided)

• Transaction descriptions, amounts and timestamps

• Account balance information

Streem Connect never sees or stores bank login credentials.

Aggregated Data

Aggregated or statistical data derived from your personal data but not identifying you.

We do not collect Special Category Data.

4. How We Collect Data

Directly from you

When you create an account, subscribe, complete forms, or contact us.

Automatically

Through cookies, analytics tools, technical logs and app diagnostics.

Through Third Parties

• Plaid Financial Ltd (Financial Data via AIS)

• Google Analytics (usage/analytics data)

• Meta Pixel (marketing analytics)

• CookieYes (consent management)

5. Cookies & Tracking Technologies

We use the following categories:

• Strictly Necessary Cookies – essential for security and platform function.

• Analytics Cookies – including Google Analytics, used only with explicit opt-in consent.

• Marketing Cookies – including Meta Pixel, used only with explicit opt-in consent.

• Preference Cookies – remembering user settings.

Consent for non-essential cookies is obtained via CookieYes.

Our cookie policy is available at:
https://streemconnect.com/cookie-policy

6. How We Use Your Personal Data

We use your data only when legally permitted:

To provide our services, including:

• Account creation

• Secure access to Financial Data

• Displaying and analysing bank transaction information

• Document upload and client-accountant interactions
  Legal basis: Performance of contract

To administer and protect our platform

Technical monitoring, debugging, fraud prevention.
Legal basis: Legitimate interests; legal obligation

To improve our website, app and services

Analytics, diagnostics, service optimisation.
Legal basis: Legitimate interests (service improvement)

For marketing communications

Email and SMS marketing only where consent is given.
Legal basis: Consent

To comply with law

Regulatory reporting, anti-fraud measures.
Legal basis: Legal obligation

7. Legitimate Interests Assessment (LIA)

Where we rely on legitimate interests, we conduct an internal balancing assessment to ensure our interests do not override your rights.

Our LIA covers:

• analytics

• app and website optimisation

• security monitoring

• fraud prevention

A summary of our LIA is available upon request.

8. Automated Decision-Making and Profiling

Streem Connect does not use automated decision-making that produces legal or significant effects.

We may carry out limited profiling, such as categorising transactions or identifying activity patterns, strictly to provide your requested service.

This profiling does not produce decisions about you without human involvement.

9. Disclosures of Your Personal Data

We may share data with:

Service Providers (Processors):

• Cloud hosting providers (UK & EEA)

• IT and security providers (UK & EEA)

• Support and maintenance partners

• Email and communication providers

Plaid Financial Ltd (Independent Controller)

Plaid may process and store data in the United Kingdom, United States, and other jurisdictions.
They use safeguards such as UK IDTA or SCCs.

Professional Advisers

Lawyers, accountants, auditors (UK).

Regulators / Authorities

HMRC, FCA, ICO where legally required.

Business Transfers

In the event of a merger or acquisition.

We require all processors to follow strict contractual requirements consistent with UK GDPR.

10. International Transfers

Because Plaid, Google, and Meta may process data outside the UK, your data may be transferred to:

• United States

• EEA

• Other countries where service providers operate

Whenever we or our partners transfer data outside the UK, we ensure appropriate safeguards such as:

• UK International Data Transfer Agreement (IDTA)

• Standard Contractual Clauses (SCCs)

• Technical security protections

• Contractual commitments regarding access and deletion

11. Data Security

We implement technical and organisational measures including:

• encryption of data in transit and at rest

• strict access controls

• role-based permissions

• monitoring and audit logging

• staff confidentiality obligations

12. Data Retention

We retain personal data only for as long as necessary:

Statutory and regulatory requirements may require longer retention in some cases.

Aggregated data may be retained indefinitely.

13. Your Rights

You have the right to:

• Access your data (Subject Access Request)

• Correct inaccurate data

• Request erasure (“right to be forgotten”)

• Object to processing (including profiling and marketing)

• Restrict processing

• Withdraw consent at any time

• Data portability

• Complain to the ICO

14. Withdrawing Bank Access / AIS Consent

You can revoke bank connection access in two ways:

1. Directly via Streem Connect:
   Within the platform or by contacting support@streemconnect.com.

2. Through your online banking portal:
   Most banks allow you to revoke third-party permissions under the “Connected Apps” or “Third-Party Access” section.

Revoking access stops future data flows but does not delete previously collected data.
You may request deletion of Financial Data separately.

15. Children’s Data

We do not knowingly collect data relating to children under 18.
If we discover data relating to a minor, we will delete it immediately.
We take reasonable steps to prevent under-18 registrations, including internal monitoring and reporting mechanisms.

16. Changes to This Policy

We may update this policy periodically.
The “Last Updated” date at the top will reflect the latest revision.
We will notify users of any material changes.