Last Updated:
Dec 9, 2025
Privacy Policy
At a glance Who we are – Odola Ltd is a UK-based financial services company empowering customers with better financial services via our mobile app. Why we collect data – To open your account, keep it safe, meet the law and, if you agree, tell you about new Odola features. Key facts:
| ||
For the purposes of these laws, Odola Ltd (Company No. 16180580) with registered office at 9th Floor, 107 Cheapside, London, EC2V 6DN, is the data controller of the personal data described in this Policy. This Privacy Policy has been prepared in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). We are committed to protecting your privacy and handling your personal information in a fair, transparent, and secure manner. | ||
|---|---|---|
1. Who this notice covers
This notice applies to anyone who uses the Odola app and our marketing website. By creating or using an Odola account you agree to the practices below. If anything is unclear, please contact the Odola Support team for guidance.
1.1 Who can use Odola?
Odola is not for people under 18. We do not knowingly collect children's data and will delete it if we discover it. Parents can contact us at the address above to remove a child's data.
2. The data we collect
Category | Examples | Why we need it |
|---|---|---|
Identification | Name, date of birth, ID document and a selfie/video (biometric data) | To prove who you are |
Contact | Email, phone, address | Send statements and security alerts |
Account | Sort code, account number, debit-card PAN, balance, transactions | Provide and protect your account |
Usage | Log-ins, device and IP | Improve app and spot fraud |
Marketing and analytics | Device identifiers (for example, advertising IDs, app instance IDs and other analytics identifiers), install source, and in-app events (such as app opens, registration completion and certain feature usage), together with approximate location derived from IP address | To understand how people find and use Odola, measure and optimise our marketing campaigns, and help detect fraud or misuse of the app. |
Communications | Chats, emails, call recordings | Customer support and training |
Third-party checks | Sanctions flags and PEP Screening | Meet AML and KYC rules |
We do not seek special-category data such as health or ethnicity. If you choose to share it, we'll handle it carefully and may ask for consent.
3. How we use your data (and the legal bases)
Running your account – in keeping with our contractual obligations, we open, operate and service your Odola products using the data you have consensually provided.
Safety and compliance – We have a legal obligation and public interest to verify identity, fight fraud and money-laundering.
Improve Odola – we have a legitimate interest to analyse anonymised usage to fix bugs and build new features that make Odola work better for you.
Attribution and analytics – we have a legitimate interest, and where required your consent, to understand how people discover and use Odola, which of our marketing campaigns are effective, and to prevent fraud and abuse. To do this we use third-party analytics and marketing-measurement providers that process device identifiers, install and in-app event data on our behalf.
Talk to you – in keeping with our contractual obligations and legitimate interest, we will send statements, updates and security warnings to keep you in the loop.
Marketing – emails or push messages about Odola features only with your consent (or the PECR soft-opt-in for existing customers). You can opt out at any time by clicking unsubscribe.
Automated tools (including AI) help us flag risky activity, but a trained specialist always reviews any decision that could significantly affect you. You can ask for human review or to challenge a decision.
4. Sharing your data
We never sell your information. We only share it with:
Trusted service partners who host our platform, provide IT, analytics and marketing-measurement services, deliver SMS/email or push notifications, print cards or run identity and sanctions checks – all under contracts that keep your data safe and prevent them from using your information for their own purposes.
Regulators, courts or law-enforcement when the law says we must.
Fraud-prevention and credit-reference agencies to confirm identity and protect the financial system.
Other Odola group companies on a need-to-know basis.
These partners may include cloud-hosting providers, messaging providers, fraud-prevention tools and mobile analytics or attribution SDKs integrated into the app.
4.1 International transfers
Most data sits on servers in the UK. Some suppliers (for example cloud hosting) are in the EEA. When we transfer data abroad we rely on one of: An adequacy decision (EEA) - The UK Addendum to the EU Standard Contractual Clauses or the UK IDTA - Binding corporate rules adopted by our supplier. We keep a list of international transfers – ask us if you'd like to see it.
5. How long we keep your data
Record type | How long we keep it | Statutory / business reason |
|---|---|---|
Customer profile and ID documents | 5 years after account closure | UK Money-Laundering Regulations |
Transaction records | 7 years | Taxes, audits, AML |
Customer-service chats and call recordings | 6 years | Quality, dispute resolution |
Marketing preferences (opt-out list) | Indefinite | Honour your choice |
Device and usage logs | 2 years | Security and troubleshooting |
Anonymised or aggregated data | No personal data – can be kept indefinitely | Analytics |
We delete or irreversibly anonymise your data once these periods expire. You can ask for more detail at any time.
6. Cookies and similar tech
Mobile app – The Odola app uses software development kits (“SDKs”) and similar technologies for security, analytics and, where you allow app-tracking on your device, marketing-measurement. These tools may collect device identifiers (for example the advertising ID on your device, app instance identifiers and other analytics identifiers), IP address and app-usage events so that we can keep your account safe, understand how people use the app and measure the performance of our marketing campaigns. Where required by law (for example, iOS App Tracking Transparency), we rely on your consent and you can change your choice at any time in your device privacy settings.
Website – The Odola website uses essential cookies to make the site work and, with your consent, optional analytics cookies. For full details see our Cookie Policy and the banner shown on your first visit.
7. Your rights
You can:
Access – get a copy of the data we hold.
Correct – fix inaccurate information.
Delete – ask us to erase data we no longer need.
Restrict – pause certain processing.
Object – especially to direct marketing.
Port – move data you gave us to another provider.
Challenge automated decisions – request human review.
Withdraw consent – at any time, where consent is the basis.
We usually reply within one month. To exercise a right, email privacy@odola.com.
8. Keeping your data safe
We use encryption at rest and in transit, multi-factor log-ins, strict access controls, 24/7 monitoring and regular penetration tests. You can help by keeping your device secure and never sharing your PIN.
9. Complaints
We hope we can resolve any concern. If not, you can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113. If you live in the EEA you may complain to your local authority.
10. Changes to this notice
We'll post any changes in-app and on our website. If the update is significant, we'll email or notify you. The date at the top tells you when we last changed the notice.
Thank you for choosing Odola.