Privacy policy

Last updated: 26 March 2026

1. Introduction

Hot Mint Limited (company number 08152462), trading as Lifed ("we", "us", "our"), is committed to protecting your privacy. This Privacy policy explains how we collect, use, store, and protect your personal data when you use the Lifed application and website (the "Service").

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data controller

The data controller for the Service is Hot Mint Limited, trading as Lifed, registered at 86-90 Paul Street, London, England, EC2A 4NE. For any data protection enquiries, please contact us at data@lifed.app.

3. What data we collect

3.1 Account data

When you create an account, we collect:

• Email address
• Name (if provided)
• Profile picture (if provided)
• Authentication data (managed by our provider, Clerk)

3.2 Financial data

If you use the Finance module, we may collect:

• Bank account and transaction data (via open banking, with your explicit consent)
• Manually entered transactions, categories, and money pot details
• Expense flexibility ratings and financial preferences

3.3 Health and fitness data

If you use the Health & Fitness module, we may collect:

• Data from connected wearable devices and fitness trackers (e.g. sleep, activity, heart rate, stress)
• Manually entered health notes or metrics

This data is classified as special category data under UK GDPR and is processed only with your explicit consent.

3.4 Contacts and relationship data

If you use the Contacts module, we may collect:

• Contact names, birthdays, and notes you choose to store
• Interaction logs and relationship notes
• Pet information (names, species, vet details)

3.5 Property and vehicle data

If you use the Home or Garage modules, we may collect:

• Property addresses and EPC certificate data
• Vehicle details (make, model, registration, key dates)

3.6 AI interaction data

When you use AI advisors, we collect:

• Conversation history with AI advisors
• AI-generated insights and memory data derived from your interactions

3.7 Technical data

We automatically collect:

• Device type, browser, and operating system
• IP address (anonymised for analytics)
• Usage patterns and feature interactions
• Error and performance data (via Sentry)

4. How we use your data

We use your data to:

• Provide the Service — store and display your data, process transactions, sync with connected services
• Personalise your experience — power AI advisors with context about your data to provide relevant insights
• Improve the Service — analyse anonymised usage patterns to improve features and fix issues
• Communicate with you — send account-related notifications, security alerts, and service updates
• Ensure security — detect and prevent fraud, abuse, and unauthorised access

We do not use your data for:

• Advertising or ad targeting
• Selling to third parties
• Profiling for purposes unrelated to the Service

5. Legal basis for processing

We process your data under the following legal bases:

6. Data sharing

We share data only with the following categories of third parties, and only to the extent necessary to provide the Service:

• Clerk — authentication and account management
• Open banking provider — bank account connections and transaction retrieval (with your consent)
• Fitness tracker APIs — health data retrieval (with your consent)
• Sentry — error monitoring and performance tracking (anonymised)
• Hosting providers — infrastructure and data storage (DigitalOcean, Vercel)

We do not sell your personal data. We will disclose data to law enforcement or regulatory bodies only when required by law.

7. Data storage and security

Your data is stored on servers located within the EEA/UK. We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS/SSL) and at rest
• Authentication via secure JWT tokens
• Regular automated database backups
• Access controls limiting data access to authorised processes only
• Regular security reviews

8. Data retention

We retain your data for as long as your account is active. Upon account deletion:

• Your personal data will be deleted within 30 days
• Anonymised, aggregated data may be retained for analytical purposes
• Backups containing your data will be purged within 90 days
• Data required for legal compliance may be retained for the period required by law

9. Your rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — request that we limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — withdraw consent for processing at any time (e.g. disconnect open banking or fitness trackers)

To exercise any of these rights, contact us at data@lifed.app. We will respond within one calendar month.

10. Cookies

The Service uses essential cookies for authentication and session management. We do not use advertising or tracking cookies.

11. Children's data

The Service is not intended for children under 16. We do not knowingly collect data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

12. Changes to this policy

We may update this Privacy policy from time to time. If we make material changes, we will notify you through the Service or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact and complaints

For any questions or concerns about this Privacy policy or our data practices, contact us at data@lifed.app.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.