Revolut uses automated systems to build a profile of you and make decisions about whether you can access products like credit or loans, without a human necessarily reviewing your individual case.
This analysis describes what Revolut's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automated credit and fraud decisions can directly affect your access to financial products, and you have the legal right to request that a human reviews any decision that significantly affects you.
Interpretive note: The document states the use case at a high level; the full technical scope of automated profiling systems and the specific safeguards in place are not detailed in this notice, creating uncertainty about whether all UK GDPR Article 22 equivalent obligations are fully documented internally.
This provision means a computer algorithm may decide whether you are eligible for a Revolut credit product or flag your account for fraud without a human review, which could result in denial of services or account restrictions.
How other platforms handle this
For information on how we process personal data through "profiling" and "automated decision-making", please see our FAQ.
For information on how we process personal data through "profiling" and "automated decision-making", please see our FAQ.
inferences (i.e., our understanding) of your age, interests and preferences based on your usage of the Spotify Service; estimated or confirmed age from an Age Check by a third party provider.
Monitoring
Revolut has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"we use your personal data to run our services, stop fraud, make decisions about whether you're eligible to use certain products, improve our products, and send you relevant offers (where allowed).— Excerpt from Revolut's Revolut Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages UK GDPR provisions on automated individual decision-making and profiling, equivalent to Article 22, which restricts solely automated decisions producing legal or similarly significant effects unless specific conditions are met. The ICO is the relevant supervisory authority. The provision must be supported by documented safeguards including the ability for the data subject to obtain human intervention, express their point of view, and contest the decision. (2) GOVERNANCE EXPOSURE: High. Automated credit decisioning in a financial services context is a high-risk processing activity. Failure to implement adequate human review mechanisms, explainability, or objection rights could constitute a breach of UK GDPR obligations and attract ICO enforcement attention. The use of profiling for fraud detection, while permitted under legitimate interests or legal obligation bases, requires documented balancing tests. (3) JURISDICTION FLAGS: UK GDPR is the primary framework for UK customers. For EEA customers served by other Revolut group entities, EU GDPR Article 22 applies directly. California residents would engage CCPA profiling-related rights if any US entity is involved. The ICO's guidance on AI and automated decision-making creates heightened expectations for explainability and human oversight in financial services. (4) CONTRACT AND VENDOR IMPLICATIONS: Where automated decisioning relies on third-party scoring models or credit reference agency data, data processing agreements must ensure the vendor's processing is compatible with Revolut's stated purposes and that Revolut retains the ability to provide explanations to data subjects. Procurement teams should assess whether algorithmic vendors provide sufficient transparency to support Revolut's subject access and explanation obligations. (5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that documented processes exist for handling requests for human review of automated decisions, that the logic of automated systems is sufficiently documented to support explanation obligations, and that Data Protection Impact Assessments have been completed for high-risk automated processing activities as required under UK GDPR.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automated credit and fraud decisions can directly affect your access to financial products, and you have the legal right to request that a human reviews any decision that significantly affects you.
This provision means a computer algorithm may decide whether you are eligible for a Revolut credit product or flag your account for fraud without a human review, which could result in denial of services or account restrictions.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Revolut.