Privacy Policy | GoHenry

Date of last revision: 1st March 2026

At GoHenry, our mission is simple: to help every kid be smart with money in a safe and secure place. Your family's privacy is a huge part of that security.

This notice is our chance to be completely transparent with you. It explains exactly what personal information we collect, why we need it, how we use it, and how we keep it safe.

If you're a child or young person, we've got versions of this notice just for you that explain things clearly. You can find them on our website here for children and here for teens.

IDT Financial Services Limited ("IDT") is the issuer and operator of the GoHenry card. IDT is an independent controller of your personal data as it relates to, and is required for, the administration and operation of the card. A copy of IDT's privacy policy may be found at https://idtfinance.com/privacy-policy/. We perform certain services for and on behalf of IDT, and may therefore process your data as part of these.

The Information We Collect About You

We only collect information that helps us run your account, keep it secure, and make our product better. We keep things clear and only hold the minimum data necessary.

The personal information we might hold about you depends on how you interact with us. Here is a simple breakdown of the different types of data and what they mean:

Identity data such as name, username, identification documents, and date of birth;
Family data such as your parental status, your legal guardians and siblings;
Contact data such as address, email address, and telephone number;
Image data such as photographs you choose to provide;
Derived data which is information about you and your habits based on the way you use our services, which we use to create a profile;
Financial data such as bank account details, income, transaction details and credit checks;
Technical data such as internet protocol (IP) address, your login data, browser type and version, operating system and platform, device ID, and other technology on the devices you use to access this website
Usage data such as information about how you interact with and use our website, products and services, including your location
Biometric data such as the unique facial characteristics of your face, which we create by scanning your selfie and ID to confirm it's really you

How and Why We Use Your Information

We collect data either directly from you, like when you sign up, chat with us, or use the app, or collected from other trusted sources (like your bank when you pay in).

We have specific, clear rules for how we handle your data. The legal reason we're allowed to use a piece of information (this is called the 'lawful basis') is always connected to why we need it.

Information You Provide Directly To Us:

You are	Personal data	What we use it for	Lawful Basis (Our legal reason)
Applicant OR account holder parent/guardian	Identity, Family, Contact, Financial data, Biometric data	To set up and administer your app account, including fulfilling our duties under Anti Money Laundering legislation.	Contract, Legal obligation, Consent
Account holder parent/guardian	Image data	To personalise your app account and the services we provide.	Consent
Account holder parent/guardian OR Enquiring about our services	Contact data	To provide you with information about our services, including newsletters and surveys.	Consent
Paying into a GoHenry account	Identity, Contact, Financial data	To process your payment and communicate with you about the payment on behalf of a payment service provider.	Contract
Using our app	Technical data, usage data	To understand how you interact with our app, so that we can improve the services we provide.	Necessary for our legitimate interests in providing and improving our app
Contacting us via our website, live chat, or chatbot	Identity, Contact, Usage, Derived, Transactional data	To respond to queries and meet our legal and regulatory obligations, we use AI-assisted tools to analyse chat content. This helps us to provide you with the best answer, identify where you might need extra support, and detect or prevent financial crime and fraud.	Necessary for our legitimate interests in providing and improving our services
Contacting us via our customer phone service	Identity, Contact, Family, Financial data	To respond to queries and to record our calls for training and quality purposes.	Necessary for our legitimate interests in providing and improving our services

Information we get from other sources:

You are:	Source of data	Personal data	What we use it for	Lawful Basis (Our legal reason)
Child account user	Parent/guardian	Identity, Family, Contact data	To enable you to use our services and those of the parties we partner with.	Necessary for our legitimate interests in providing our services
Child account user	Parent/guardian	Image data	To personalise our services.	Consent (of your parent/guardian)
Child account user	Merchant	Financial data	To identify transactions you make.	Necessary for our legitimate interests in providing our services and preventing fraud
GoHenry account user	Automatic collection	Financial data	To monitor usage via a risk tool to detect fraud.	Necessary for our legitimate interests in preventing fraud
Account holder parent/guardian	Created by GoHenry based on your usage	Derived data, Contact data	To help us to market our products to you and others, via social media and ad platforms.	Necessary for our legitimate interests in providing our services
Account holder parent/guardian	Local Authority or other relevant body	Family data	To validate your parental authority (e.g., for Junior ISAs).	Legal obligation under the Individual Savings Account Regulations 1998
Contact of parent/guardian or child	Parent/guardian or child via phone contacts	Contact data	To facilitate payments.	Necessary for our legitimate interests in providing our services
Paying into a GoHenry account	Your bank	Identity data, Financial data	To facilitate payments.	Contract
Website OR App user	Automatic collection	Technical data, Usage data	To develop and improve our services.	Necessary for our legitimate interests in improving our services
Website OR App user	Automatic collection	Usage data	To provide you with relevant advertising content.	Consent, via our cookie banner

If we ever rely on your consent for any activity, like for using an image you upload or for advertising, you can withdraw it at any time and we'll stop processing your data for that activity.

In very rare cases, you might share sensitive information with us (like health details) to help us provide you with extra support. If this happens, we only use the absolute minimum data required to tailor that specific help. We do this for reasons of substantial public interest (safeguarding your financial well-being).

Automated Decision Making

To keep our service fast and secure, we use an automated system to check your identity when you sign up for an account. The system uses artificial intelligence to compare your selfie with your ID. It looks for a match between the unique features of your face in both photos to confirm you are the person in the document. If the system can't confirm a match, your application will be rejected. However, you have the right to ask for one of our team members to manually review your photos.

Staying in Touch & Marketing

We only send you marketing (eg newsletters, offers, and updates) if you have given us your consent.

You can always update your preferences or opt-out by using the unsubscribe link in any of our emails or by emailing [email protected]

Just so you know, we will always send you important information related to the service, even if you opt-out of marketing (like notifications about a transaction or a change to our terms).

Sharing Your Data

We only share your data with trusted partners who help us run the business and provide our service securely.

We share data with:

IT System Providers
Third parties who perform services to you that are available via the app
Third parties making payment for services we provide to you
Insurers
Professional Advisers
Law Enforcement and government agencies
Advertising Partners (to ensure our ads are relevant to you and to find new families who could benefit from GoHenry).

We only work with third parties who promise to use your data only on our instructions and keep it safe according to all relevant laws. They are not allowed to use your personal data for their own purposes.

We may also share your data with Acorns Grow Incorporated, our parent company.

When we work with advertisers to promote GoHenry, we may share information about our users (like identifiers) to ensure that we and our partners are showing relevant adverts to you, or to find families who are similar to our current customers. This helps us make sure you aren't seeing irrelevant ads.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn.

Our use of cookies

We use cookies and similar tracking technologies to analyse the use of our website, provide functionality, and personalise content.

For more information about the cookies we use, the data they collect, and your options for managing your preferences, please review our separate cookie policy.

International Transfers

Some of our partners or internal company teams might store or access data outside of the UK, sometimes in places that don't have the exact same level of data protection as UK law.

We will only transfer your personal data when one of the following is true:

The country is officially recognised by the UK as having adequate protection (this includes all EU countries).
We use strong, official contracts that legally require the transferred data to have the same high level of protection as it does in the UK.

Keeping Your Data Secure

We treat the security of your data like we treat the security of your money, with the highest level of care. We have strong security measures in place to protect your personal data from being accidentally lost, used without authorisation, or altered.

We limit access to your data only to employees and partners who absolutely need it to do their jobs.

Data Retention

We keep your personal data only for as long as we need it to achieve the purposes we collected it for (e.g., to comply with legal, tax, or accounting requirements). In most cases, we'll hold your data for six years after you close your account.

In rare cases, we might need to hold onto data for a bit longer if it's necessary to deal with legal claims, disputes, or to manage business risks.

Your Rights

You have a right to know what data we hold about you and how we use it. Under data protection laws, you have the right to ask for:

A Copy: A copy of your personal data (often known as a "subject access request").
Correction: That we correct any error in the data that we hold about you.
Erasure: That the data we hold about you be erased (unless we have an overriding reason to retain it).
Transfer: That we transfer your data directly to a third party.
Restriction: Restriction of the processing of your data.
Objection: That we stop a particular processing activity where we are relying on a legitimate interest for that particular use of your data.

You can exercise any of these rights by contacting us using the contact details at the bottom of this page.

If you have a complaint about how we handle your data, please contact us first. You can reach our Data Protection Officer at [email protected]. You can also raise a complaint at any time with the Information Commissioner's Office (ICO), the UK regulator for data protection (www.ico.org.uk).

Got Questions? We're Here to Help.

If anything is still unclear after reading this, please reach out

Email us: [email protected]
Call us: 0330 100 7676
Write to us: Spectrum Point, 279 Farnborough Road, Farnborough, GU14 7LS

This version was last updated on 1st March 2026.

Privacy Notice