Tabr← Back home

Legal

Privacy Policy & Data Protection

Effective date: 10th April 2026

Tabr ("we", "our", "us") is a receipt-matching service that connects your financial accounts to your receipts, giving you clear, itemised records of your spending. We also use aggregated, anonymised data derived from receipt and point-of-sale information — not from your bank connection — to provide merchants and advertisers with insights into general customer trends. This policy explains exactly what we collect, why, and how we keep it safe.

What we collect

Account information

We collect your name and email address when you create an account. This information is necessary to provide you with a Tabr account.

Financial data (via Plaid)

We use Plaid to connect your bank or payment accounts so we can match your transactions to your receipts. Through this connection we retrieve:

  • Transaction amounts
  • Merchant names
  • Dates and timestamps

This data is used solely to deliver the receipt-matching functionality you signed up for. We do not use it for advertising, merchant analytics, research or any other purpose. We do not store your bank login credentials — authentication is handled entirely by Plaid via their secure interface.

Receipt data

We collect receipt and transaction data from point-of-sale and payment providers, which may include Square, SumUp, Dojo, Zettle and Lightspeed. This may include line items and prices, merchant details and transaction timestamps. We use this to match receipts to your transactions and display itemised records to you. In aggregated, anonymised form, this data also helps us generate insights about general customer trends and is never shared at an individual level.

Profile information

During onboarding we ask for your date of birth and gender. We use this to support the product and to generate aggregated, anonymised audience segments that may be used for advertising within the Tabr platform.

  • We convert date of birth into age ranges — we never use or share your exact date of birth in analysis or reporting.
  • We never combine your profile information with your Plaid transaction data.
  • We never share your profile information at an individual level.
  • You can object to your profile data being used for advertising at any time — just email support@tabr.co.uk.

We process this data because we have a legitimate interest in understanding our users in aggregate to support the platform. We've assessed that doing so, using only anonymised and aggregated outputs, does not adversely affect your individual rights.

Usage & analytics data

We collect limited data about how you use Tabr, such as pages viewed, features used, and device and browser information to help us understand and improve the product. We use Google Analytics and PostHog for this. Both may use cookies.

How we use data

Receipt matching and your expense records

The primary reason we collect your data is to match your bank transactions with your receipts and give you clear, itemised spending records. Your Plaid transaction data is used exclusively for this purpose.

Improving the product

We use usage and analytics data to understand how Tabr is being used and to make it better. This includes identifying bugs, improving features, and understanding which parts of the product are most useful.

Aggregated insights and research

We use anonymised, aggregated data derived from receipt and point-of-sale information to generate insights about general customer and spending trends. These insights may be shared with or sold to merchants and research partners. Receipt data used for insights is obtained directly from point-of-sale systems and is processed independently of Plaid transaction data.

  • Built from receipt data, not from your Plaid transaction data.
  • Do not identify you or any individual user.
  • Designed to prevent re-identification of any individual or business.

Advertising within Tabr

We may show advertising within the Tabr platform. To help advertisers reach relevant audiences, we use aggregated segments based on age range, gender and general spending categories derived from receipt data.

  • Advertisers see aggregated audience segments, not your personal data.
  • No advertiser can identify or contact you individually.
  • We never use your Plaid transaction data for advertising purposes.

We do not:

  • Use Plaid transaction data for advertising.
  • Share identifiable financial or personal data with advertisers.
  • Allow advertisers to access raw transaction or receipt data.

How data is shared

We do not sell your personal data. We share data only in the following circumstances.

Service providers

We share data with third-party providers who help us operate Tabr. These providers process data strictly on our behalf and are not permitted to use it for their own purposes:

  • Plaid — financial account connectivity
  • Square, SumUp, Dojo, Zettle, Lightspeed — receipt and point-of-sale data
  • Google Analytics, PostHog — product analytics
  • Cloud infrastructure providers — secure data storage and processing

Aggregated insights

We may share anonymised, aggregated insights derived from receipt and point-of-sale data with merchants, advertisers and research partners. These insights do not identify individual users, do not include raw transaction or receipt data, and do not include or rely on your Plaid transaction data.

Business transfers

If Tabr is involved in a merger, acquisition or sale of assets, your data may transfer to the acquiring entity. Any such entity will be required to honour this Privacy Policy, and we will notify you where required by law.

Legal requirements

We may disclose your data if required to do so by law or in response to a valid request from a public authority.

Data security

We take the security of your data seriously and use industry-standard practices to protect it, including:

  • Encryption in transit and at rest — your data is encrypted when transmitted and when stored.
  • Access controls — access to personal data is restricted to staff who need it to do their job.
  • Secure cloud infrastructure — we use reputable, enterprise-grade hosting providers.
  • Financial account security — bank connections are handled entirely by Plaid, who maintain their own rigorous security standards.

If we become aware of a data breach that affects your rights, we will notify you and the ICO as required by law.

Your rights

Under UK GDPR you have the following rights over your data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — ask us to delete your data where we no longer have a legitimate reason to hold it.
  • Restriction — ask us to pause processing your data in certain circumstances.
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests, including the use of your profile data for advertising segments.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting anything we did before withdrawal.
  • Disconnect your financial account — disconnect your Plaid connection at any time from within the app.

To exercise any of these rights, email support@tabr.co.uk. We will respond within one month. If you are unsatisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Data retention

  • Account & profile information — until you delete your account.
  • Plaid transaction data — deleted within 30 days of disconnecting your financial account.
  • Receipt data — until you delete your account.
  • Usage & analytics data — up to 26 months.
  • Anonymised, aggregated insights — indefinitely, as these cannot be traced back to you.

Where law requires us to keep data longer, we will. In all other cases we delete or anonymise your data as soon as it is no longer needed.

Plaid disclosure

Tabr uses Plaid to connect your bank or payment accounts. When you connect an account, you will interact directly with Plaid's secure interface (Plaid Link) to authenticate — we never see or store your bank login credentials. Through this connection, Plaid retrieves transaction data on our behalf, including transaction amounts, merchant names and dates. We use this data solely to match your transactions with receipts. We do not use Plaid transaction data for advertising, research or merchant analytics.

Plaid may also collect and use your data independently in accordance with its own privacy policy, which you can read at plaid.com/legal/#privacy-policy. By connecting your financial account through Tabr, you agree to Plaid's terms alongside ours.

If you wish to disconnect your financial account at any time, you can do so from within the app. Your Plaid transaction data will be deleted from our systems within 30 days of disconnection.

Changes

We may update this Privacy Policy as the product evolves. We will notify you of material changes via email.

Contact

For any questions relating to this privacy policy, please email support@tabr.co.uk. Postal enquiries can be sent to:

Tabr Ltd
167–169 Great Portland Street,
London, England, W1W 5PF