Privacy policy

Who we are

TILLIT Limited (“TILLIT”, “we”, “our”, “us”) is registered in England & Wales with company number 12357713. We are authorised and regulated by the Financial Conduct Authority (FRN 983417). We are committed to protecting your privacy and complying with applicable data protection and privacy laws. This privacy notice (the "Notice") is designed to help you to understand what kind of personal data we collect and how we process and use such data. It also sets out your rights in relation to how we look after your personal data.

We act as a data controller for the personal data we hold about you.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Notice. If you have any questions about this Notice, including any requests to exercise your legal rights as a data subject, please contact our data privacy manager using the details set out below.

Full name of legal entity: TILLIT Limited

Email address:

Postal address: 42-46 Princelet Street, London, E1 5LP

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues ( or any other competent data protection authority in the relevant jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or the other relevant authority so please contact us in the first instance.

Our products or services may contain links to a third party’s website or services. Unless that third party is processing your personal data on our behalf, we are not responsible for the privacy policies or practices of such a third party. We recommend that you carefully read the privacy notices of any such third parties.

Our services are not intended for children, and we do not knowingly collect data relating to children.

Personal data we collect

We collect your personal data typically when you register for our services, make a purchase, enter a sales promotion or otherwise interact with us. Below are examples of the categories of the data we collect on you.

Technical Information

For the most part, you may visit our websites without having to identify yourself. However, certain technical information is normally collected by us as a standard part of our services. This information relates to your IP-address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, including metadata about your use of our websites (such as when you use the website and how you interact with content). If you call us, additional information such as your telephone number may be saved as a standard part of that communication.

Information you provide us

To allow us to provide you with the products and services you have requested, or to communicate with you, we may ask you to provide us with certain information such as your name, title, nationality, date of birth or age, email address, home or postal address history, telephone number, national insurance number and bank details or financial situation. In registering for our services, you create usernames, passwords and other credentials that we use to authenticate you and to validate your actions. You may send us copies of your personal identity documents or details about other financial products to which you may be a party. We receive and act upon trading instructions, track and monitor cash movements, and may from time to time collect data such as identifiers about other investment accounts in the event you choose to transfer into or out of TILLIT from another provider.

You may also indirectly provide us with information through your consents, preferences and feedback.

Your transactions with us

We collect details of the queries or requests you have made, the products and services provided, details of agreements between us, records of contacts and communications, information and details relating to the content you have provided us with, details about payments to and from you and other such transactional information. We may, in accordance with applicable law, record your communication with our customer care or with other similar contact points.

Marketing information

We may also collect information regarding your preferences in receiving marketing from us and our third parties as well as your communication preferences.

Personal data obtained from third parties

We may obtain personal data about you from third party sources such as social media analytics platforms.

Aggregated data

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice.

Our legal bases to process your personal data

We collect and process your data for one or more of the following grounds:

To fulfil our contract with you

We use your personal data as is necessary to provide you with our products and services in line with our contractual arrangements with you. We process and use your personal data to provide you with a personalised service and the product or service you have requested, to fulfil your other requests, process your order(s), and as otherwise may be necessary to perform or enforce the contract between us.

We are required to do so by law or regulation

We are required by law to process and store some of your data in order to fulfil our regulatory obligations. We may capture and share your personal data with organisations who can confirm your identity and provide information necessary to prevent fraud or other financial crimes. We may also be required to share your personal details where requested by any competent legal or regulatory authorities or the Financial Ombudsman.

You have provided us with your consent

Where you have given your informed consent, we will process your data in accordance with the permission you have given us and this Notice. You may withdraw your consent at any time.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time

Our legitimate interests in using your data

Development of products and services

We may process and use your personal data to develop our products and/or services. However, for the most part we only use aggregated and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalise our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customised content and advertising. We may combine personal data collected in connection with your use of a particular product and/or service with other personal data we may hold about you, unless the purpose for which we collected that data is incompatible with such amalgamation.

Communicating with you and marketing

We may process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalised marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services. When contacting you for the purpose of marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you wish to unsubscribe or opt-out from any third-party websites, you must go to that specific website to unsubscribe or opt-out.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a purchase, warranty registration, product/service experience or other transactions.


We may process and use your personal data for profiling purposes aimed at targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.

You can ask us to stop processing your personal data for marketing profiling purposes by following the marketing preferences links on any marketing message sent to you or by contacting us at any time.

Business continuity

In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems) or wind down planning to protect your interests. This may involve a transfer of your personal data to a third party (see below).

Sharing your personal data

We only share your personal data if it is necessary to do so in order to provide our services to you or enhance our relationship with you. Whenever we share your personal data with a third-party provider, we ensure that this is done so in accordance with applicable data protection laws by implementing appropriate measures to maintain the security and confidentiality of your personal data, and to ensure that your personal data is used in accordance with this Privacy Notice. We may share your personal data with the following categories of recipients:

third-party service providers that: (i) provide hosting services; (ii) provide data processing services; or (iii) process personal data for other purposes detailed in this Privacy Notice. These include but are not limited to:

  • IT service providers, for example Amazon Web Services;
  • professional advisors, for example insurers, lawyers and other applicable professional bodies;
  • CRM service providers, for example Salesforce;
  • marketing service providers;
  • to any law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary, for example to exercise, establish or defend our legal rights, or we are compelled to disclose such personal data to comply with the law;
  • to a potential purchaser (and its agents and advisors) in connection with a proposed merger or acquisition of any part or all of our business, provided that the purchaser may not use your personal data for any purpose other than for the purposes detailed in this Privacy Notice; and
  • to any other person you have consented to us to share personal data with.

In all circumstances that we share personal data with a third party we only do so to the extent that it is required for them to provide their services to us. At all times your personal data must be processed in accordance with (i) this Privacy Notice; and (ii) any additional data protection terms, incorporated into the agreement that we have with them, which are no less stringent than the protection afforded by this Privacy Notice.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long do we keep personal data for?

We will only keep your personal data for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we relied when collecting it. In principle, we aim to delete redundant account information within fourteen (14) days of our relationship ending. However, where we are obliged to keep certain records of our relationship to comply with regulations and legal requirements, we will instead keep such personal data necessary for compliance and restrict access through our archiving processes. Subject to any actual or potential legal claim, the maximum time that we envisage retaining any of your information is six (6) to ten (10) years depending on the type of personal data, after which time it will be destroyed.

Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information or until your previously given consent is deemed to have expired and is not renewed by you.

International transfers

We may occasionally transfer your personal data outside the UK or EEA.

Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or by the UK’s Information Commissioner’s Office.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK or EEA (including the UK International Data Transfer Agreement, the UK Addendum and/or the EU Standard Contractual Clauses as amended from time to time) which give personal data the same protection it has in the UK or EEA.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.

What are your rights?

You have:

  • your right of access – you have the right to ask us for copies of your personal data;
  • your right to rectification – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
  • your right to erasure – you have the right to ask us to erase or delete your personal data in certain circumstances;
  • your right to restriction of processing – you have the right to ask us to restrict the processing of your personal data in certain circumstances;
  • your right to object to processing – you have the right to object to the processing of your personal data in certain circumstances;
  • your right to data portability – you have the right to ask that we transfer your personal data you gave us to another organisation, or to you, in certain circumstances; and
  • your right to lodge a complaint with a supervisory authority. We will use our best efforts to address and settle any requests or complaints brought to our attention. In addition, you have the right to approach the competent data protection authority with requests or complaints. This can be the supervisory authority in the country where you live.

You are not required to pay any charge for exercising your rights. If you do make a request, we will respond to you within one month. Please contact us by email using the details provided below.

How to contact us

If you wish to contact us, please send an email to Felicia Hjertman at or write to 42-46 Princelet Street, London, E1 5LP or contact support via

Use of cookies

A cookie is a small piece of code, sent from a website to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the best user experience and lets us continually improve our service.

You can block cookies by changing the settings on your browser, but if you do you may not be able to access all or parts of our website.

The types of cookies we use are:

Strictly necessary cookies

These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies

They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies

These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies

These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

We do not have any control over the use of cookies by third parties, including our partners and affiliates. To manage cookies from third party websites you will need to contact them or visit their site to adjust your settings.

If you want more information about how cookies operate, or how to manage them, please visit About Cookies.

Changes to this Notice

We may change this Notice from time to time. You should check this Notice occasionally to ensure you are aware of the most recent version.

This Notice was last updated on 13 October 2023.