What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This notice operates primarily under UK GDPR and the UK Data Protection Act 2018, with the Information Commissioner's Office (ICO) as the lead supervisory authority. The document also engages with PSD2-derived Open Banking requirements, AML/CTF obligations referenced in a standalone AML Data Collection Notice, and financial services regulatory frameworks applicable to Revolut's banking, investment, and credit activities. Automated decision-making disclosures engage UK …

How does Revolut's Revolut Privacy Policy affect users?

Revolut collects a broad range of personal data including identity documents, financial account details, location, device information, transaction history, and data from your other bank accounts via Open Banking, and uses this data for automated profiling that can affect your eligibility for credit and other financial products. The policy discloses that these automated decisions can have significant legal or similarly significant effects, though the document states users have the right to reque…

How often is Revolut's Revolut Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Revolut updates this document?

Yes. Watcher subscribers ($9.99/month) can add Revolut to their watchlist and receive same-day email alerts whenever this document or any other Revolut document changes.

CA-D-000538

Revolut Privacy Policy

Revolut

Last change detected May 5, 2026 Privacy policy

SHA-256: 56384532346e3ed06e2… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Revolut ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

1 High severity

6 Medium severity

3 Low severity

Summary

This is Revolut's privacy policy for UK customers, explaining how the company collects and uses your personal data including your identity documents, bank account details, card numbers, location, device activity, transaction history, and even data derived from Open Banking access to your other bank accounts. The most important thing for most users is that Revolut uses automated profiling and decision-making to make decisions about your eligibility for products like credit, meaning a computer may make significant financial decisions about you based on your data without a human reviewing it first. You have the right to request human review of automated decisions and can manage your privacy preferences directly in the Revolut app or by contacting dpo@revolut.com.

Technical / Legal Breakdown

This is the Revolut Ltd Customer Privacy Notice (effective 17 March 2026), governing personal data processing for UK customers across all Revolut products and services, with the stated legal controller being either Revolut Bank UK Ltd or Revolut Ltd depending on the product used. The notice states that Revolut collects identity documents, financial details, device and location data, transaction history, biometric data for identity verification, credit reference agency data, Open Banking data, and behaviorally inferred data; the terms authorize use of this data for service delivery, fraud prevention, credit decisioning, automated profiling, product improvement, and marketing where permitted. A notable provision is the explicit commitment that Revolut will never sell personal data, alongside a broad automated decision-making disclosure including credit scoring and fraud detection that relies on profiling with potentially significant legal effects, which the document states is subject to rights of human review under applicable law. The notice engages UK GDPR and the UK Data Protection Act 2018 as primary frameworks, with the ICO as the lead supervisory authority, and separately references compliance obligations under AML, PSD2/Open Banking, and financial services regulation; international data transfers to third countries are disclosed and stated to be covered by Standard Contractual Clauses or other appropriate safeguards. For customers using investment, crypto, or credit products, additional standalone notices and just-in-time disclosures apply, creating a layered privacy framework where this document serves as the master notice but does not contain the full picture for all product lines.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 1 provision

Automated Decision-Making and Profiling Compare →

Revolut uses automated systems to build a profile of you and make decisions about whether you can access products like credit or loans, without a human necessarily reviewing your individual case.

Added May 9, 2026 Common Seen across 104 platforms

Medium — 6 provisions

Open Banking and Third-Party Financial Account Data Collection Compare →

If you choose to use Open Banking features, Revolut can access data from your accounts at other banks and financial institutions.

Added May 9, 2026 Standard Seen across 251 platforms
Special Category and Biometric Data Processing Compare →

Revolut collects copies of your identity documents and processes biometric-style data as part of identity verification, which is a more sensitive category of personal data under UK data protection law.

Added May 9, 2026 Standard Seen across 251 platforms
Data Sharing with Third Parties and Group Companies Compare →

Revolut shares your personal data with its service providers, credit reference agencies, the people you transact with, and government authorities when legally required.

Added May 9, 2026 Standard Seen across 246 platforms
Children and Minors Data Processing Compare →

Revolut collects and processes personal data about children through its Revolut Kids and Teens product, with parental approval required for registration.

Added May 9, 2026 Standard Seen across 189 platforms
International Data Transfers Compare →

Revolut states it transfers personal data internationally and uses Standard Contractual Clauses or other appropriate safeguards to protect data when it leaves the UK.

Added May 7, 2026 Common Seen across 122 platforms
Device, Location, and Behavioural Data Collection Compare →

Revolut collects data from your phone or computer including your location and IP address, as well as information about how you use the Revolut app.

Added May 9, 2026 Standard Seen across 251 platforms

Low — 3 provisions

Commitment Not to Sell Personal Data

Revolut explicitly promises it will never sell your personal data to third parties for money.

Added May 9, 2026 Rare
Marketing and Profiling for Offers

Revolut may use your personal data to send you targeted offers and marketing communications based on your profile and usage patterns, where you have consented or where the law otherwise permits.

Added May 9, 2026 Rare
User Rights Over Personal Data

You have the right to access, delete, or restrict the use of your personal data, and you can exercise these rights either through the Revolut app or by emailing dpo@revolut.com.

Added May 9, 2026 Rare