Skip to main content

Terms & Policies

Privacy Policy

Introduction

At Plexos, protecting your personal data is fundamental to everything we do. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have.

When we say 'Plexos', 'we', 'us', or 'our', we're referring to the Plexos entity that provides your account. You can find out which entity that is by scrolling to the bottom of your profile page in the app.

By using the Plexos app, website, or any of our services, you agree to the collection and use of your information in accordance with this policy.

What data do we collect?

We collect information you provide directly, information generated by your use of our services, and information from third-party sources. Here's a breakdown:

Information you provide

When you sign up and use Plexos, we ask you for personal details such as your full name, date of birth, nationality, residential address, email address, phone number, and government-issued ID. We also collect a selfie for identity verification purposes. If you contact our support team, we keep a record of that communication to help us resolve your issue and improve our service.

Information we collect automatically

When you use the Plexos app or website, we automatically collect certain technical and usage data. This includes your device type, operating system, IP address, app version, browser type, language preferences, and how you interact with our services (such as pages visited and features used). We also collect transaction data — including amounts, currencies, dates, and recipient details — as part of providing our payment services.

Information from third parties

We may receive information about you from third-party sources such as identity verification providers, credit reference agencies, fraud prevention services, and public databases. This helps us verify your identity, assess risk, and meet our regulatory obligations.

How do we use your data?

We use your personal data for the following purposes:

Providing our services

To open and maintain your account, process transactions, deliver your debit card, facilitate currency exchange, and provide customer support.

Security and fraud prevention

To protect your account and our platform from fraud, money laundering, and other financial crime. This includes monitoring transactions in real-time, verifying your identity, and conducting security checks.

Legal and regulatory compliance

To meet our obligations under applicable laws and regulations, including anti-money laundering (AML) rules, know your customer (KYC) requirements, tax reporting obligations (CRS and FATCA), and requests from regulatory bodies or law enforcement.

Improving our services

To understand how people use Plexos so we can improve the app, fix bugs, develop new features, and make better decisions about our product. We may use aggregated, anonymised data for this purpose.

Communications

To send you important account notifications (such as transaction alerts, security warnings, and regulatory updates). We may also send you marketing communications if you've opted in — you can change your preferences at any time in the app.

Our legal basis for processing

Depending on the type of data and the purpose, we rely on one or more of the following legal grounds to process your personal data:

Contractual necessity — processing that is required to provide you with our services under the terms of your account agreement.

Legal obligation — processing that is necessary to comply with laws and regulations that apply to us as a regulated financial institution.

Legitimate interests — processing that serves our business purposes (such as fraud prevention, product improvement, and security) provided it doesn't override your rights and freedoms.

Consent — where you've given us explicit permission, for example to send you marketing communications or to use certain cookies. You can withdraw consent at any time.

Who do we share your data with?

We don't sell your personal data. We may share it with the following categories of recipients when necessary:

Service providers

Third parties that help us run our business — such as cloud hosting providers, identity verification services, card issuers (Mastercard), payment processors, and customer support tools. These providers are contractually bound to protect your data and can only use it for the purposes we specify.

Regulatory and legal authorities

Government bodies, regulators, tax authorities, law enforcement agencies, and courts where we're legally required to share information or where it's necessary to prevent financial crime.

Partner institutions

Banking partners and financial institutions involved in processing your transactions, delivering your card, or providing specific account features.

Within the Plexos group

Other Plexos entities may access your data where necessary to provide services, ensure compliance, or support operations across our group.

International data transfers

Because Plexos operates across multiple countries, your data may be transferred to and processed in countries outside your country of residence. When this happens, we ensure appropriate safeguards are in place — such as standard contractual clauses or equivalent protections — to keep your data secure.

By using Plexos, you acknowledge that your data may be processed in jurisdictions that have different data protection laws from your own.

How long do we keep your data?

We keep your personal data for as long as your account is active and for a period after closure as required by law. The exact retention period depends on the type of data and the legal obligations that apply.

For most financial records, we're required to retain data for at least 5 to 7 years after your account is closed. Some data may be kept longer if needed for ongoing legal proceedings or regulatory investigations.

Once the retention period expires, your data is securely deleted or anonymised so that it can no longer be linked to you.

Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

Right of access

You can request a copy of the personal data we hold about you at any time.

Right to rectification

If any of your data is inaccurate or incomplete, you can ask us to correct it. You can also update most details directly in the app under 'Personal details'.

Right to erasure

You can ask us to delete your personal data in certain circumstances. However, we may need to retain some data to comply with legal obligations.

Right to restrict processing

You can ask us to limit how we use your data in certain situations — for example, while a complaint is being resolved.

Right to data portability

You can request your data in a structured, machine-readable format so you can transfer it to another provider.

Right to object

You can object to certain types of processing, including direct marketing. If you object to marketing, we'll stop immediately.

Right to withdraw consent

Where we process your data based on your consent, you can withdraw it at any time. This won't affect any processing that already took place.

How to exercise your rights

You can exercise most of your data rights directly in the Plexos app by going to your profile and tapping 'Privacy'. You can also contact our support team via the in-app chat or by emailing support@plexos.com.

We'll respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

How we protect your data

We take the security of your personal data seriously and use a combination of technical and organisational measures to protect it. These include:

Encryption of data in transit and at rest, strict access controls so that only authorised personnel can access personal data, regular security audits and vulnerability testing, employee training on data protection and security practices, and incident response procedures to handle any data breaches quickly and effectively.

While no system is completely immune to risk, we continuously invest in our security infrastructure to stay ahead of emerging threats.

Children's privacy

Plexos is currently available only to individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that we've inadvertently collected data from a minor, we'll delete it promptly.

Support for younger users is on our roadmap — when it launches, it will have its own age-appropriate privacy practices.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we'll notify you via the app or email before they take effect.

We encourage you to review this policy periodically. The date at the bottom of this page tells you when it was last updated.

Contact us

If you have questions about this Privacy Policy or how we handle your data, get in touch:

Email: support@plexos.com

In-app chat: Go to your profile and tap 'Help'

If you're not satisfied with how we've handled a data protection concern, you may have the right to lodge a complaint with your local data protection authority.

Last updated: February 2026