Data protection

Data Handling Policy

How Pay Cycle Budgeting UK handles customer information safely, fairly and in line with UK GDPR principles.

Our approach

Pay Cycle Budgeting UK handles personal information only for clear household budgeting, booking, payment, support and customer-service purposes. We aim to collect the minimum information needed, keep it accurate, protect it, and only keep it for as long as needed.

This policy should be read alongside our Privacy Policy, Cookie Policy, Terms, Service Boundaries, Safeguarding Policy and Call Recording Notice.

What information we may handle

  • Contact details, such as name, email address, phone number and town/city.
  • Booking and service details, including selected services, appointment notes and customer preferences.
  • Household budgeting information provided by the customer, such as income categories, bill names, due dates, payment frequency and household costs.
  • Support Rate evidence, where the customer chooses to apply and provides limited proof.
  • Payment status information from payment providers. We do not ask for card numbers or banking passwords.
  • Messages, emails, consultation notes and call/meeting recordings where notice has been given.

What we do not need

Customers should not send bank login details, card details, passwords, full bank account numbers, full addresses unless necessary, National Insurance numbers, claim reference numbers or unrelated transactions.

Where evidence is needed, customers are encouraged to hide or redact information that is not relevant to the review.

How we use data

  • To prepare and explain household budgeting spreadsheets.
  • To book consultations and provide customer support.
  • To process payments and subscriptions through payment providers.
  • To review Support Rate applications using limited evidence.
  • To keep service records, handle complaints, prevent misuse and meet legal obligations.

We do not sell customer data. We do not use customer budget information for advertising profiling.

Data minimisation and redaction

We only ask for information needed to provide the service or review eligibility. If a document includes more information than needed, the customer should redact unrelated transactions, reference numbers, account numbers and private details before sending it.

Storage and security

Customer information is stored using password-protected business systems and accounts. Access is limited to the person or people who need it to provide the service. Files should not be stored on shared public devices, and unnecessary copies should be deleted.

Support Rate evidence should be checked and then deleted unless there is a clear reason to keep a limited record of the decision.

Retention

We keep customer information only for as long as needed for service delivery, customer support, complaints, tax/accounting records, legal obligations or safeguarding reasons. Internal retention periods are reviewed regularly and set out in our internal retention schedule.

Sharing information

Information may be shared with trusted providers where needed, such as website hosting, email, payment processing, booking tools, cloud storage or professional advisers. Where beneficial and with customer agreement, we may signpost or refer customers to relevant third-party support partners.

We do not share personal budgeting information publicly. Published examples or case studies must be anonymised or approved by the customer before publication.

Customer rights

Customers can ask to access, correct or delete their personal information, or object to certain uses. Some records may need to be kept where required by law or where needed to handle disputes, complaints or safeguarding concerns.

Contact: hello@paycyclebudgeting.co.uk

Data breaches

If personal data is lost, sent to the wrong person, accessed without permission or otherwise compromised, we will assess the risk, take steps to reduce harm, keep an internal record and report to the ICO and affected people where required.

Last reviewed

Last reviewed: July 2026. This policy should be reviewed when services, systems, providers or legal requirements change.