Privacy Policy

This Privacy Policy explains how Double AI Limited, trading as Caspian, collects, uses, shares, and protects your personal data. Please read it carefully before using our services.

1. Who We Are

Caspian is operated by Double AI Limited, a company registered in England and Wales (company number 16887230), registered with the Information Commissioner's Office (ICO reference ZC067774). Our registered address is 6 Old Rydon Ley, Exeter, Devon, EX2 7UA.

You can contact us at [email protected].

Caspian is intended for adults aged 18 and over only.

2. Types of Personal Data We Collect

2.1 Account Information

When you register, we collect your name, email address, login credentials, account identifiers, and preferences.

2.2 Financial Account Data

Via open banking connections, we collect account names, identifiers, balances, transaction histories, descriptions, merchant information, and timestamps from your linked financial institutions. Enhanced security controls are applied to this data.

2.3 Manually Entered Financial Data

We collect any transactions, assets, liabilities, income, expenses, and notes that you enter directly into Caspian.

2.4 Transaction Enrichment Data

We process your transaction data to identify merchants, assign categories, detect recurring payments, and surface spending patterns. This enrichment is performed using Ntropy via a secure API integration.

2.5 AI Interaction Data

We collect the questions, prompts, and responses from your interactions with our AI features, along with contextual data such as your goals, plans, and financial circumstances. This information may be stored as contextual memory to personalise your experience.

Our AI features use infrastructure provided by Anthropic, OpenAI, and Google. Caspian does not use your data to train AI models.

2.6 Household Data

If you participate in a shared household environment, financial data and contextual memory may be shared with other household members. If you leave a household, your directly associated data will be deleted within 30 days. Derived insights or aggregated data relating to the household may persist beyond that period.

2.7 Device and Technical Data

We automatically collect your IP address, device type, operating system, app version, browser type, session activity, and diagnostic logs when you use the Services.

2.8 Usage Data

We collect information about pages viewed, features used, actions taken within the app, and performance diagnostics to help us improve the Services.

3. How We Collect Your Data

• Directly from you— when you register, connect accounts, or interact with features
• From financial institutions— via open banking connections you authorise
• From service providers— enrichment and analytics partners
• Automatically— via cookies, logs, and usage tracking when you use the Services

4. How We Use Your Data

We use your personal data to:

• Aggregate and display your financial data, including balances and transaction histories
• Categorise transactions, identify merchants, and detect recurring payments
• Generate financial insights, analytics, and projections
• Power AI features and build contextual memory to personalise your experience
• Provide shared household financial views
• Monitor and improve platform performance
• Ensure the security of the Services and prevent fraud
• Comply with legal and regulatory obligations

5. Legal Bases for Processing

• Contract— processing necessary to provide the Services you have signed up for
• Legitimate interests— improving the Services, maintaining security, and preventing fraud
• Consent— open banking connections, third-party integrations, and non-essential cookies
• Legal obligations— where we are required to process data to comply with applicable law

6. Sharing Your Data

We share your data only as necessary with:

• Infrastructure providers— hosting, storage, and cloud services
• Enrichment providers— Ntropy, for transaction categorisation and merchant identification
• AI providers— Anthropic (US), OpenAI (US), and Google (US), for AI features
• Open banking providers— to establish and maintain financial account connections
• Professional advisers— legal, financial, and compliance advisers where necessary
• Authorities— law enforcement or regulators where required by law

We do not sell your personal data.

7. International Transfers

Some of our service providers are located outside the United Kingdom, including our AI providers in the United States. Where we transfer data internationally, we rely on UK adequacy regulations, Standard Contractual Clauses (SCCs), or other approved transfer mechanisms to ensure your data remains protected.

8. Data Retention

• Account information— retained for 30 days after account closure
• Financial account data— retained for 30 days after disconnection
• AI interaction data and contextual memory— retained for 30 days after account closure
• Household data— direct data deleted within 30 days of leaving; derived insights may persist
• Technical and diagnostic logs— retained for 90 days
• Third-party AI provider data— subject to each provider's own retention terms

9. Data Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, monitoring, secure infrastructure, and internal data access restrictions. However, no system is 100% secure and we cannot guarantee absolute security.

10. Your Rights

Under UK data protection law, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your personal data in certain circumstances
• Restrict our processing of your data
• Object to processing based on legitimate interests
• Data portability— receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent

We will respond to requests within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. AI and Automated Processing

Caspian uses machine learning models to analyse your transactions, assign categories, detect spending patterns, generate financial insights, and build contextual memory. These outputs are generated automatically and may be incomplete, inferred, inaccurate, or out of date.

AI-generated outputs are not financial advice. Caspian does not make automated decisions that produce legal effects or similarly significant impacts on you.

12. Cookies

We use the following categories of cookies:

• Strictly necessary— required for login, sessions, and security. These do not require your consent and cannot be disabled without breaking the Services.
• Analytics— help us understand how the Services are used. These require your consent.
• Functionality— remember your preferences and settings. These require your consent.

You can manage cookie preferences via your settings or browser. Blocking strictly necessary cookies may prevent the Services from functioning correctly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you with reasonable notice before they take effect.

14. Contact Us

To exercise your rights or make a privacy-related request, please contact us at:

Double AI Limited
6 Old Rydon Ley, Exeter, Devon, EX2 7UA
Email: [email protected]
Please use the subject line "Privacy Request" so we can handle your enquiry promptly.