This Privacy Policy explains how and why we collect, retain, share, transfer, store or otherwise process your personal data, and sets forth your data protection rights.

When we say “Cauri” (or “we”, “us”), we mean “Cauri Ltd”, a company registered in 13 Penhurst House 352 Battersea Park Road London SW11 3BY United Kingdom. Cauri Ltd is the data controller of all collected and processed personal data for the purposes of the Data Protection Act 2018 (“UK GDPR”).

We also use “website” to refer to, which belongs to Cauri Ltd. This policy applies only to our website, and does not apply to other websites which are hyperlinked to this one.

If you have any concerns, requests or questions about your data, or think that some of our data protection practices are not addressed in this policy, please contact us at
Personal data - what we collect and what we use it for
We collect information about you when you visit our website or use our services, including the following:

1. When you visit our website
When you visit our website, we may automatically collect some personal data from your device for analytics purposes. This information is related to site usage and performance - we want to know how you interact with our website (e.g. where you came from, pages visited, links clicked) in order to understand who visits it and which pages they find interesting, so we can improve the site and provide relevant content.
We process this data based on your consent, which you can give or not give when you visit our website for the first time. If you have given consent and wish to revoke it at a later time, you can do so in your cookie preference center.

2. When you contact us
If you fill out the “Sign up” form on our website, we collect your name, e-mail, URL and phone number. If you email us, we collect your email address and any information you put in the body of your request. Please do not share any sensitive personal data or documents, either concerning yourself or others, unless specifically requested by us.
We process this information in order to respond to your questions and provide information requested by you, so the lawful basis for the processing of related personal data is contract. This data will be kept for as long as it takes to respond to your request, and then deleted. Some correspondence may also be retained longer if we have reason to believe that it may be needed in the future, for example for defence against legal claims.

3. Acquiring and providing payment account service
In order to fulfil the obligations under a contract with a client (receiving and transmitting data for generating requests) and the AML Compliance obligations (researching a client's profile to prevent regulatory, economic and reputational risks), we process the following personal data:
  • Full name, the place of residence, contact phone, email, identification via video records;
  • The fact of disputes and negative information in open sources;
  • In relation to beneficiaries and/or shareholders – information on welfare and its sources (tax returns, CV, property documents, other documents if required);
  • Absence / presence on banned lists or sites dedicated to PEP, etc.;
  • Payment details.
The lawful basis for processing data is fulfillment of obligations under a contract, as well as legal obligation - Customer Identification Requirements of United Kingdom ("UK”) and European Union.
Under general rule, the data is stored for the duration of the contractual relationship plus 6 years. However, the data retention obligations may differ within the Cauri Group, subject to local law.

4. Intermediary program and contractors’ representatives
In the course of business we must collect personal data of our partners’ representatives, as well as data of the participants of the intermediary (agency) program. The following categories of personal data may be processed: full name or title, information about the company or individual entrepreneur, position, address, contact details.
This data is processed because it is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract. Generally the data is stored for the duration of the contractual relationship plus 6 years. However, the retention obligations may differ within the Cauri Group, subject to local law.
Who we share your personal data with
In order to provide you with certain functions and services, we have to share your personal data with partners, external third party service providers, related and regulatory entities. They process your personal data on the basis of data processing agreements and according to strict instructions, which do not allow them to use your data for any other purposes without notifying you or asking for your consent. Here are some of the categories of the parties we may share your data with:
  • Cauri Group companies
  • Partners providing services for KYB
  • Credit institutions, banks
  • Payment card schemes and processing providers,
  • Technical or information service providers (APIs, gateways)
  • E-wallet providers
  • Acquirers

We, our partners, service providers and others may also be required to share your personal data with various financial institutions and/or enforcement or court authorities to comply with applicable laws, prevent fraud, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or agents.

Additionally, we may reveal your personal data to third-parties if: (1) you request or authorize it; (2) to address emergencies or acts of God; and (3) to address disputes, claims, or to persons demonstrating provable legal authority to act on your behalf.

If you would like to receive more detailed information regarding third parties we share your personal data with, please contact us at
Data transfers to third countries
Some of our partners, service providers or other parties we transfer your personal data to may be located in countries throughout the world, including outside the UK and/or the EU. Therefore, the data may be sent to countries with different data protection laws than your country of residence. In such cases, to ensure that your personal data receives a comparable level of protection, we provide appropriate safeguards, such as adequacy decisions and frameworks or Standard Data Protection Clauses approved by the Information Commissioner’s Office or Standard Contractual Clauses approved by the European Commission (if applicable). If you would like to receive more information about the transfers or safeguards, please contact us at
Automated processing and profiling
As per Article 22(1) of the UK GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
In those cases where we may use automated decision making, should the decision result in a significant negative effect on you, you have the right to ask us to explain the logic involved in making any automated decisions and for the decision to be reviewed by a human being.
How long we keep your data
We keep your personal data for as long as it is necessary to achieve the purpose for which it was collected, usually for the duration of our contractual relationship plus any period thereafter as required or permitted by law, or to satisfy any legal obligations. When the data is no longer required, it will be deleted.
Your rights
Data protection laws provide you with rights to help you understand and control how your personal data is used. These are your rights:

  • Right to be informed about why and how we are processing your personal data - we hope we achieved this by providing you with this Privacy Policy.
  • Right to have access to your data - you have the right to ask us if we are processing your personal data, why we are doing so, under what lawful basis, the categories of your personal data, whether the data is being sent outside the UK and/or EU, who we share your data with, how long we keep it, and request a copy of the data we are processing. If you are unable to find sufficient information in our Privacy Policy, please contact us at
  • Right to object to some processing - direct marketing, or if processing is based on legitimate interests.
  • Right to have your data deleted - otherwise known as “right to be forgotten”. You can exercise this right if you withdraw your consent and there is no further legitimate interest or lawful basis in our processing of your data, your objection to processing under legitimate interests outweighs our interests, the processing is no longer necessary, there is a law that requires the data to be deleted, or the processing is unlawful.
  • Right to restrict processing - if the personal data we are processing is inaccurate, if our processing is unlawful, if the data is no longer necessary for the original purpose of processing but needs to be kept for potential legal claims, or you have objected to processing carried out under legitimate interests and we’re still in the process of determining whether there is an overriding need to continue processing.
  • Right to data portability - you can ask for your data that we process by using a computer, which you provided to us on the basis of consent or because it was necessary for a contract.
  • Right to ask us about automated decision-making - you have the right to ask us to explain the logic involved in making any automated decisions and for the decision to be reviewed by a human being, if that decision had an effect on your rights or freedoms.
  • Right to rectification - if any of your personal data that we hold is inaccurate, you can request to have it corrected.
  • You have the right to lodge a complaint with the competent data protection authority if you have concerns about how we process your personal data. However, we would appreciate it if you contacted us first and gave us an opportunity to resolve the issue.

If you would like to exercise any of these rights, or find out more about how we process your personal data, please contact us at Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, we will let you know the date when the information will be provided. If for some reason we cannot satisfy your request, we will provide an explanation why.
We use advanced technologies, and our website has security measures in place to protect against the loss, misuse, and alteration of any data and information received by us. We continuously strive to safeguard the confidentiality of any such data and information and improve our security measures. However, we cannot ensure, and you should not expect, that any data and information received from you or otherwise obtained in connection with our services will always remain private and secure. We are not liable for any kind of loss caused by events that are beyond our control.
Changes and updates to this Privacy Policy
As our organization and services change from time to time, this Privacy Policy may change as well. We reserve the right to amend it at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy on our website or in the mobile app. We may email periodic reminders of our notices and terms and conditions and will notify you of material changes thereto, but you should check our site or the app to see the Privacy Policy that is in effect and any changes that may have been made to it.
If you have any questions about this document, please contact:

Local Contacts:
  • the United Kingdom, 13 Penhurst House 352 Battersea Park Road London SW11 3BY .