Revolut shares your personal data with its service providers, credit reference agencies, the people you transact with, and government authorities when legally required.
This analysis describes what Revolut's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your personal data flows to multiple third-party organisations including credit reference agencies, which can affect your credit profile at other institutions, and to counterparties in your transactions.
When you make a payment or transfer, information about you may be shared with the recipient or their financial institution; additionally, Revolut shares your data with credit reference agencies, which can influence your credit record and borrowing eligibility at other banks.
How other platforms handle this
We may share your personal information with third parties, including service providers, financial institutions, regulatory authorities, and fraud prevention agencies, where necessary to provide our services, comply with legal obligations, or protect against fraud and financial crime.
We share your personal data with your consent or as necessary to complete any transaction or provide any product you have requested or authorized. We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors or agents working on our behalf for the purposes described in this...
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
Monitoring
Revolut has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Who we share it with: we share your personal data with companies that help us provide our products and services, credit reference agencies, people or companies you send money to or receive money from, and government agencies (if the law requires it).— Excerpt from Revolut's Revolut Privacy Policy
(1) REGULATORY LANDSCAPE: Third-party data sharing engages UK GDPR controller-to-controller and controller-to-processor obligations. Sharing with credit reference agencies is a standard practice in UK financial services and is typically grounded in legitimate interests or legal obligation. Sharing with government agencies is governed by AML, tax reporting, and regulatory information request obligations. Sharing personal data with transaction counterparties is inherent to payment processing and governed by PSD2-derived regulations. (2) GOVERNANCE EXPOSURE: Medium. The breadth of the sharing disclosure, covering service providers, credit reference agencies, counterparties, and government agencies, is consistent with standard financial services practice. However, the absence of a specific list of third-party processors and sub-processors in this master notice means users cannot identify all entities receiving their data without consulting separate documentation. (3) JURISDICTION FLAGS: International data transfers to third countries, including transfers to service providers or Revolut group entities outside the UK, require appropriate safeguards such as SCCs. The notice states these are in place but does not identify specific destination countries, which may be relevant for users assessing risk. (4) CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with all third-party processors must comply with UK GDPR requirements. Credit reference agency sharing arrangements should include provisions on data accuracy, rectification, and the right to query entries. Due diligence on sub-processor security practices is a standard requirement. (5) COMPLIANCE CONSIDERATIONS: Legal teams should maintain an up-to-date register of third-party processors and sub-processors, ensure controller-to-controller sharing agreements are in place where relevant, and confirm that international transfer mechanisms are current and documented. The basis for sharing with group companies for group-wide purposes such as risk management and fraud prevention should be clearly documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your personal data flows to multiple third-party organisations including credit reference agencies, which can affect your credit profile at other institutions, and to counterparties in your transactions.
When you make a payment or transfer, information about you may be shared with the recipient or their financial institution; additionally, Revolut shares your data with credit reference agencies, which can influence your credit record and borrowing eligibility at other banks.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Revolut.