Revolut uses automated systems to build a profile of you and make decisions about whether you can access products like credit or loans, without a human necessarily reviewing your individual case.
This analysis describes what Revolut's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Automated credit and fraud decisions can directly affect your access to financial products, and you have the legal right to request that a human reviews any decision that significantly affects you.
Interpretive note: The document states the use case at a high level; the full technical scope of automated profiling systems and the specific safeguards in place are not detailed in this notice, creating uncertainty about whether all UK GDPR Article 22 equivalent obligations are fully documented internally.
This provision means a computer algorithm may decide whether you are eligible for a Revolut credit product or flag your account for fraud without a human review, which could result in denial of services or account restrictions.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Revolut has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"we use your personal data to run our services, stop fraud, make decisions about whether you're eligible to use certain products, improve our products, and send you relevant offers (where allowed).— Excerpt from Revolut's Revolut Privacy Policy
(1) REGULATORY LANDSCAPE: This provision engages UK GDPR provisions on automated individual decision-making and profiling, equivalent to Article 22, which restricts solely automated decisions producing legal or similarly significant effects unless specific conditions are met. The ICO is the relevant supervisory authority. The provision must be supported by documented safeguards including the ability for the data subject to obtain human intervention, express their point of view, and contest the decision. (2) GOVERNANCE EXPOSURE: High. Automated credit decisioning in a financial services context is a high-risk processing activity. Failure to implement adequate human review mechanisms, explainability, or objection rights could constitute a breach of UK GDPR obligations and attract ICO enforcement attention. The use of profiling for fraud detection, while permitted under legitimate interests or legal obligation bases, requires documented balancing tests. (3) JURISDICTION FLAGS: UK GDPR is the primary framework for UK customers. For EEA customers served by other Revolut group entities, EU GDPR Article 22 applies directly. California residents would engage CCPA profiling-related rights if any US entity is involved. The ICO's guidance on AI and automated decision-making creates heightened expectations for explainability and human oversight in financial services. (4) CONTRACT AND VENDOR IMPLICATIONS: Where automated decisioning relies on third-party scoring models or credit reference agency data, data processing agreements must ensure the vendor's processing is compatible with Revolut's stated purposes and that Revolut retains the ability to provide explanations to data subjects. Procurement teams should assess whether algorithmic vendors provide sufficient transparency to support Revolut's subject access and explanation obligations. (5) COMPLIANCE CONSIDERATIONS: Legal teams should confirm that documented processes exist for handling requests for human review of automated decisions, that the logic of automated systems is sufficiently documented to support explanation obligations, and that Data Protection Impact Assessments have been completed for high-risk automated processing activities as required under UK GDPR.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Automated credit and fraud decisions can directly affect your access to financial products, and you have the legal right to request that a human reviews any decision that significantly affects you.
This provision means a computer algorithm may decide whether you are eligible for a Revolut credit product or flag your account for fraud without a human review, which could result in denial of services or account restrictions.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Revolut.