Effective Date: 23 January 2026
Geoff (“we”, “us”, or “our”) takes your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data, and the choices you have when using Geoff.
Geoff is operated by Geoff Ltd, a company registered in the United Kingdom.
For the purposes of UK data protection law, Geoff Ltd is the data controller of your personal data.
You can contact us at:
When you create an account or join a waitlist, we may collect:
Your email address
Your name (optional)
If you choose to connect your email account (e.g. Gmail or Outlook), Geoff is granted read-only access via secure OAuth authentication provided by Google or Microsoft.
We request only the minimum access scope required (for example, gmail.readonly) and never request permission to send, delete, or modify emails.
Email data is processed automatically to identify information relevant to Geoff’s features, such as:
Receipts and purchase confirmations
Booking confirmations (travel, utilities, services)
Vouchers, promotions, and renewal notices
Travel booking confirmations, tickets, and itinerary updates
Delay, cancellation, or arrival notifications related to rail or air travel
Processing is performed by automated systems only, including rules-based filtering and machine-learning models, to extract specific, structured data points (e.g. merchant, date, amount, renewal timing).
Geoff does not use email access to read, interpret, or analyse personal conversations, opinions, or private correspondence.
Emails that do not meet relevant criteria are ignored or discarded automatically.
Geoff never receives or stores your email password.
You may revoke email access at any time via:
Your Geoff account settings, or
Your Google or Microsoft account security settings
If you choose to connect a bank account, Geoff accesses your financial data via Yapily, an FCA-authorised Open Banking provider.
Yapily is authorised and regulated by the UK Financial Conduct Authority (FCA).
Geoff accesses bank data under Yapily’s regulatory umbrella, using secure Open Banking APIs.
Through Yapily, Geoff may access:
Account details
Balances
Transaction data
Access is read-only, purpose-limited, and used solely to provide Geoff’s features.
Geoff never sees, receives, or stores your bank login credentials.
Authentication and consent occur directly between you, your bank, and Yapily.
We may also collect:
Feature usage and interaction data
Click activity on promotions or vouchers
Anonymised or pseudonymised identifiers for affiliate attribution
Basic diagnostic and performance data
We use your data to:
Provide and operate Geoff’s features (e.g. identifying vouchers, renewal timing, switching opportunities, travel price monitoring)
Generate insights, reminders, and notifications
Attribute referrals or purchases via affiliate partners
Improve reliability, performance, and usability
Communicate important service updates
Identify potential eligibility for travel-related refunds or compensation and generate draft claim content
We do not sell personal data and do not share personal data with third parties for their own marketing purposes.
We do not sell personal data and do not share personal data with third parties for their own marketing purposes.
Geoff uses automated processing, including machine-learning models, to:
No automated decision-making produces legal or similarly significant effects without appropriate human oversight.
Wherever possible:
Extracted data is linked to internal identifiers, not directly to personal details
Identifiers and personal details are stored separately with restricted access
Only structured outputs required for Geoff’s features are retained
Some data (e.g. financial records) cannot be fully anonymised without breaking functionality, but access is always restricted and purpose-limited.
We process data under the following lawful bases:
Consent – for email and bank connections
Performance of a contract – to provide Geoff’s services
Legitimate interests – service improvement, security, fraud prevention, affiliate attribution
You may withdraw consent at any time by disconnecting linked services.
We share data only where necessary:
Google / Microsoft – for OAuth authentication
Yapily – our FCA-authorised Open Banking provider
Affiliate partners – using anonymised or pseudonymised identifiers solely for attribution
We do not share raw email content with affiliate partners.
Some service providers may process data outside the UK/EEA.
Where this occurs, appropriate safeguards are in place.
Industry-standard encryption and access controls
Financial data encrypted in transit and at rest
Data retained only as long as necessary to provide the service or meet legal obligations
Geoff may use cookies or similar technologies to:
Enable core functionality
Analyse performance and usage
Support affiliate attribution
Where required, appropriate notice and choice are provided.
You have the right to:
Access your data
Correct inaccuracies
Disconnect email or bank access
Request deletion
Geoff is not intended for users under 18.
We do not knowingly collect children’s data.
We may update this policy. Material changes will be communicated via email or in-app.
Access is always optional, revocable, and limited to what is required to deliver Geoff’s features.