whoamipaying?

Privacy Policy

Last updated: 14 April 2026

WhoAmIPaying is a trading name of Ebanking Integration Limited (company number 06596920), registered at Chapel Meadows, Sugar Lane, Adlington, Macclesfield, England, SK10 5SQ.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information we collect

We may collect the following personal data when you use our service:

  • Account information — email address and password when you create an account
  • Verification data — payee names, bank sort codes and account numbers, company names, VAT numbers, and invoice details that you submit for verification checks
  • Payment information — processed securely by Stripe; we do not store your full card details
  • Usage data — pages visited, features used, browser type, device information, and IP address
  • Communication data — if you contact us, we retain your correspondence

2. How we use your information

We use your personal data to:

  • Provide verification checks against bank records, Companies House, HMRC, and other data sources
  • Create and manage your account
  • Process payments for credit purchases and subscriptions
  • Send you verification results and service updates
  • Improve our service and develop new features
  • Detect and prevent fraud or misuse of our platform
  • Comply with legal obligations

3. Legal basis for processing

We process your data under the following legal bases:

  • Contract — to provide the verification services you have requested
  • Legitimate interests — to improve our service, prevent fraud, and ensure security
  • Consent — for marketing communications and non-essential cookies (you can withdraw consent at any time)
  • Legal obligation — to comply with applicable laws and regulations

4. Cookies

We use cookies and similar technologies on our website. Cookies are small text files placed on your device that help us provide and improve our service.

Essential cookies

These are necessary for the website to function and cannot be switched off. They include:

  • Authentication cookies to keep you signed in
  • Security cookies to protect against fraud
  • Session cookies to remember your preferences during a visit

Analytics cookies

These help us understand how visitors use our website, so we can improve it. We may use services such as Google Analytics or similar tools. These cookies collect anonymised data about page visits, time spent on site, and navigation patterns.

Functional cookies

These enable enhanced functionality such as remembering your preferences, wizard progress, and display settings.

Managing cookies

You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Please note that disabling essential cookies may affect the functionality of our service.

For more information about cookies, visit allaboutcookies.org.

5. Data sharing

We may share your data with:

  • Third-party verification providers — including banks (for Confirmation of Payee), Companies House, and HMRC (for VAT checks), to perform the verification services you request
  • Payment processors — Stripe processes your payment information securely
  • Hosting and infrastructure — Vercel (hosting) and Supabase (database) process data on our behalf
  • AI services — Anthropic (Claude) processes invoice data for extraction purposes (see our AI Statement)

We do not sell your personal data to third parties.

6. Data retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

  • Account data — retained while your account is active, and for up to 12 months after deletion
  • Verification results — retained for up to 24 months to allow you to access your history
  • Payment records — retained for 7 years as required by UK tax law
  • Usage and analytics data — retained in anonymised form for up to 24 months

7. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal retention requirements)
  • Restriction — ask us to limit how we use your data
  • Portability — request your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@whoamipaying.co.uk.

8. Data security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), encryption at rest, access controls, and regular security reviews.

9. International transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Children

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised “last updated” date.

12. Contact us

If you have questions about this privacy policy or wish to exercise your data rights, please contact:

Ebanking Integration Limited
Trading as WhoAmIPaying
Chapel Meadows, Sugar Lane
Adlington, Macclesfield
England, SK10 5SQ
Email: privacy@whoamipaying.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.