Privacy

Privacy notice.

Last updated: May 2026  ·  England and Wales

This privacy notice explains how Treasurii ("we", "us", "our") collects, uses, stores, and shares personal data when you use our website at treasurii.co.uk, our platform at app.treasurii.co.uk, or when you contact us. We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

If you have questions about this notice or how we handle your data, contact us at privacy@treasurii.co.uk.

1. Who we are

Treasurii is a company registered in England and Wales. Our registered office address is available on request.

Treasurii is a technology platform and is not authorised by the Financial Conduct Authority. FX execution, payment services, and client money handling are provided by FCA-authorised third-party execution partners. Clients who wish to use those services onboard with the partner directly; the partner performs KYC, AML, and client-money safeguarding under its own regulatory permissions. Treasurii's role is to transmit instructions to the partner's API and surface confirmations and audit records back to the client.

2. What personal data we collect

2.1 When you visit our website

We do not currently use any web analytics tool on the marketing website. We do not collect IP addresses, page-view records, referrers, or any other browsing data via treasurii.co.uk. If we deploy analytics in the future, we will use a privacy-preserving, cookieless tool (e.g. Plausible Analytics) that does not require a consent banner under UK GDPR, and we will update this notice in the same change.

2.2 When you request a demo or contact us

  • Full name and work email address
  • Company name and your role
  • Monthly FX volume range
  • ERP / accounting system (optional)
  • Any additional information you choose to include in your message

2.3 When you sign up for the platform

  • Full name and work email address
  • Company name, company type, and jurisdiction
  • Registered address
  • For the Authorised tier: KYC information including identity documents, beneficial ownership information, and source of funds
  • Bank account details for settlement purposes
  • FX trading history and exposure data you input into the platform

2.4 When you use the platform

  • Trade records, exposure data, and hedge positions
  • Audit log entries (who did what and when)
  • Session and authentication data
  • Communications with support

3. Why we process your data and our lawful basis

Purpose Lawful basis (UK GDPR)
Providing the platform and executing trades Contract (Art. 6(1)(b))
KYC / AML checks required by regulation Legal obligation (Art. 6(1)(c))
Responding to demo requests and enquiries Legitimate interests (Art. 6(1)(f))
Improving the platform and understanding usage Legitimate interests (Art. 6(1)(f))
Sending product and service updates to customers Contract / legitimate interests
Meeting record-keeping obligations under applicable law (e.g. MLR 2017) and supporting our execution partners' regulatory record-keeping Legal obligation / legitimate interests (Art. 6(1)(c), 6(1)(f))
Fraud prevention and security monitoring Legitimate interests (Art. 6(1)(f))

4. Who we share your data with

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary:

4.1 Sub-processors

  • Supabase Inc. — database infrastructure and authentication. Data stored in the EU (Ireland region) with point-in-time recovery. Supabase privacy policy.
  • Vercel Inc. — website and platform hosting. Edge network with data processed globally; platform data stored in the EU. Vercel privacy policy.

4.2 Execution partners

To execute FX trades on the Authorised tier, we pass necessary trade data (currency pair, amount, value date, client identifier) to our FCA-authorised execution partners. The execution partner is the regulated counterparty for the trade and the controller of any personal data you provide directly to them through their own onboarding. We do not pass unnecessary personal data beyond what is required to transmit your instruction.

4.3 Regulatory bodies

We may share data with the Financial Conduct Authority (FCA), HM Revenue & Customs, or other regulatory or law enforcement bodies where we are legally required to do so.

4.4 Professional advisers

Our legal, accounting, and compliance advisers may have access to personal data where necessary to provide their services, under duties of confidentiality.

5. International transfers

We store all customer data in the EU (Supabase Ireland region). Some of our sub-processors (including Vercel) operate globally. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including reliance on the UK's adequacy regulations or standard contractual clauses.

6. How long we keep your data

  • Demo requests and enquiries: 2 years from last contact, unless you become a customer.
  • Customer platform data: For the duration of your contract, plus 7 years thereafter, to support our execution partners' financial services record-keeping obligations and to meet contractual record-keeping commitments.
  • KYC and AML records: Where Treasurii holds them, 5 years from the end of the business relationship, in line with the Money Laundering Regulations 2017 where applicable. Primary KYC/AML records are held by the FCA-authorised execution partner that performed the onboarding.
  • Trade records: 7 years from the date of the trade, mirroring the record-keeping standard expected of regulated execution counterparties.
  • Audit logs: Immutable for the duration of the platform relationship; archived for 7 years thereafter.

7. Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can ask us to correct inaccurate or incomplete data.
  • Erasure: You can ask us to delete your data in certain circumstances (subject to our legal retention obligations).
  • Restriction: You can ask us to restrict processing of your data in certain circumstances.
  • Portability: You can ask for your data in a machine-readable format where processing is based on consent or contract.
  • Objection: You can object to processing based on legitimate interests.
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@treasurii.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Cookies

Our website does not use tracking, advertising, or analytics cookies. We use one functional cookie for session management when you are logged into the platform.

See our cookie policy for full details.

9. Security

We use industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, row-level security at the database layer, and role-based access controls. See our security page for more detail.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33.

10. Changes to this notice

We may update this privacy notice from time to time. We will notify active platform users of material changes by email. The "last updated" date at the top of this page will always reflect when the notice was last revised.

11. Contact us

For any questions about this privacy notice or how we handle your personal data:

If you are not satisfied with our response, you may escalate to the ICO at ico.org.uk.