Privacy Policy

Womho (“we”, “us”, “our”) is a UK personal finance education platform. We are the data controller for the personal data you provide when using Womho.

Contact us about privacy: privacy@womho.co.uk

When you use Womho we collect and store the following categories of data:

• Account data: email address and authentication credentials, managed via Supabase Auth.
• Financial profile data: information you voluntarily enter, including gross salary, region, pension contribution rate, student loan plan, monthly housing cost, savings amounts, debts, and other financial details used to power your dashboard.
• Usage data: XP, level, badges, quiz history, and game-related progress stored to personalise your experience.
• Technical data: browser type, device type, and IP address collected automatically when you access Womho.

We do not collect bank account numbers, credit card numbers, or payment credentials. All financial data you enter is manually provided by you.

• To provide and operate your personalised financial dashboard.
• To generate AI-powered financial information using your profile (see Section 5 on AI processing).
• To save your progress and sync your profile across devices.
• To send transactional emails (account confirmation, password reset) via our email provider.
• To improve Womho’s features and fix bugs (aggregated, anonymised usage analytics only).

Legal basis (UK GDPR): We process your data on the basis of contract performance (to provide the service you signed up for) and legitimate interests (to improve the platform and prevent abuse).

• Your financial profile is stored in Supabase, a cloud database service. Data is encrypted at rest and in transit.
• Access to your data is protected by Row-Level Security (RLS) — only you can read or write your own profile.
• We use HTTPS across all pages and APIs. Our infrastructure provider enforces TLS 1.2 or higher.
• We do not share, sell, or rent your personal data to third parties for marketing purposes.

When you interact with the Womho AI assistant, your messages and a summary of your financial profile are sent to Groq, Inc. (an AI inference provider) to generate responses. This means your financial data is processed on Groq’s servers.

Please review Groq’s privacy policy at groq.com/privacy-policy. We do not send more data than is necessary to generate a helpful response.

Other third-party processors we use:

• Supabase — database and authentication (supabase.com/privacy)
• Vercel — hosting and edge infrastructure (vercel.com/legal/privacy-policy)
• Resend / email provider — transactional email delivery

Womho uses essential cookies only to maintain your authentication session. We do not use tracking or advertising cookies. If we introduce optional analytics cookies in future, we will request your consent first.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from staying logged in.

• Your account and financial profile data is retained for as long as your account is active.
• If you delete your account, all personal data is deleted from our systems within 30 days.
• Some anonymised, aggregated data may be retained for product analytics.

You have the following rights regarding your personal data:

• Right of access: request a copy of the data we hold about you.
• Right to rectification: correct inaccurate data (you can do this directly in your Profile settings).
• Right to erasure: delete your account and all associated data (available in Profile → Danger Zone → Delete Account).
• Right to data portability: export your data as JSON (available in Profile → Danger Zone → Export Data).
• Right to object: object to certain types of processing.
• Right to restrict processing: ask us to limit how we use your data.

To exercise any of these rights, contact us at privacy@womho.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Womho is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice within the app. The date at the top of this page shows when it was last updated.