Privacy Policy

Last Updated: 18 March 2025

Introduction

Warren BV (“Warren,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our wealth enablement platform. Our platform includes mobile applications (iOS and Android) and a web portal designed to enhance financial well-being for companies’ employees, contractors, and their dependents through software, digital tools, education, and AI-powered coaching. We process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), and we implement strict data access controls to safeguard your information.

By using Warren’s services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please do not use the platform. We may update this Policy from time to time (see “Changes to This Privacy Policy” below). If you have any questions, feel free to contact us using the details provided at the end of this Policy.

Personal Data We Collect

We only collect personal data that is necessary for the purposes explained in this Policy. The types of data we may collect include:

• Identification and Contact Information: Such as your name, email address, telephone number, date of birth, nationality, and login credentials. If the service is provided through your employer, we may also collect your employer’s name, employee ID, or work contact details as needed for verification and access.
  
• Financial Profile Data: Information about your financial situation that you provide, such as income range, savings, debts, expenses, and responses to our financial questionnaires. This also includes any budget or spending information you input, transaction details you choose to link (e.g. via bank account integration), savings goals, and investment preferences (for future investment features).
  
• Dependents’ Information: If you add dependents (such as a spouse or family member) to the platform, we may collect their name, age, and relationship to you. Important: You should only provide dependent information if you have the appropriate permission or authority. If any dependent is a minor, you as the parent/guardian must consent to providing their data.
  
• Usage Data: Data on how you use our apps and portal, such as feature usage patterns, click streams, pages or screens viewed, and time spent. This may include technical data like your device type, operating system, unique device IDs, IP address, cookie identifiers, and browser type when you use the web portal.
  
• Communications and Support Data: Records of our communications with you, such as emails, chat messages, support requests, feedback, or survey responses. If you interact with our AI coach or human financial experts through chat or voice, we collect the content of those conversations to provide and improve these services.
  
• Compliance Data: Information collected for legal and compliance purposes. For example, to satisfy Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements, we may collect government identification numbers, copies of ID documents (like passport or national ID), facial recognition data for identity verification, and screening results against sanction or politically exposed persons lists. We also keep records of consents, preferences, and any communications related to exercising your privacy rights.
  

We collect most personal data directly from you when you sign up or use the platform’s features. In some cases, we may receive data from third parties with your permission – for example, if you connect your bank accounts through an integrated financial data service, or if your employer provides basic enrollment information to allow your access. We will not collect any special categories of personal data (such as health, genetic, or biometric data) unless it is strictly necessary (for instance, biometric ID verification for compliance) and, in such cases, we will do so in accordance with the law and with your explicit consent where required.

How We Use Your Personal Data

Warren uses your personal data to operate, provide, and improve our financial wellness platform and services. We always ensure that we have a valid legal basis (such as your consent, fulfilling our contract with you, complying with a legal obligation, or our legitimate interest) for each use of your data. Specifically, we use personal data for the following purposes:

• Account Creation and User Onboarding: To register you as a new user and set up your account. This includes using your identification information to create login credentials and profile, and processing your input on our financial health questionnaire to personalize your experience. We also use this data to tailor the initial setup of tools like budgeting or savings goals to your situation.
  
• Identity Verification and Compliance Checks: To verify your identity and comply with legal obligations. For example, during sign-up we may use your identification documents and personal details to perform KYC and AML checks as required by law. This may involve verifying your ID through compliance service providers and screening your information against sanction lists. These steps are done to ensure security, prevent fraud, and meet our regulatory obligations without compromising your privacy.
  
• Providing Budgeting & Expense Tracking Tools: To enable and support the budgeting features of the platform. For instance, if you choose to link your bank accounts or input expense information, we process your financial transaction data to display your spending history, categorize expenses, and generate spending insights. We use this data to help you track expenses, identify spending patterns, and provide you with visualizations or reports on your financial habits.
  
• Savings Management and Goal Tracking: To help you set and achieve savings goals. We use the information you provide (such as your savings targets, timelines, and financial profile) to track your progress and offer personalized tips. For example, the platform may process your income and expense data to recommend how much to save each month, and show projections of your savings growth. We will also use your data to send you reminders or alerts related to your goals (e.g. notifying you when you are close to reaching a goal or if you fall behind).
  
• Financial Education and Content Personalization: To operate our financial education hub and deliver relevant educational content. We use your profile and usage data (such as topics you’ve viewed or quiz responses) to recommend articles, videos, and interactive lessons that match your interests or identified knowledge gaps. This ensures the educational materials you see are tailored to your personal financial journey. We may also track your progress in learning modules to provide completion badges or certificates.
  
• AI-Powered Coaching and Insights: To deliver personalized financial coaching through our AI tools and human experts. If you engage with our AI-powered coach or ask questions in the app, we will process the information you provide (like your questions and financial data) to generate helpful, context-aware content. The AI analyzes your spending patterns, account data, and goals to offer insights such as recognizing trends (“You spent 20% more on groceries this month”) or predictive alerts (“Your utility bill is likely due next week”). For users who prefer human guidance, our accredited financial experts can access your relevant data (with strict confidentiality) to review your situation and provide tailored coaching. It is paramount for us to build trust in our AI features – for example, by ensuring transparency in how content is generated and allowing you to review or correct the data used by the AI.
  
• Communication and Support: To communicate with you about the service. We use your contact information to send necessary account and transactional communications, such as verification codes, login alerts, password reset links, and updates about new features or changes to the platform. If you reach out with questions or support needs, we will use your data to respond and resolve issues (for instance, accessing your recent activity to troubleshoot a problem). We may also send you educational newsletters or relevant tips if you have subscribed to them, but you can opt out of these at any time.
  
• Platform Analytics and Improvements: To analyze platform performance and improve our services. We use usage data and feedback to understand how users interact with our app and portal, which features are most used, and where improvements are needed. For example, we might analyze aggregated usage patterns to decide on new feature development or to improve the user interface. We ensure this analytical use of data is done in an aggregated or pseudonymized manner wherever possible, and we do not use it to identify individuals except as needed to investigate and fix specific issues you may be experiencing.
  
• Security and Fraud Prevention: To maintain the security of our platform, user accounts, and financial data. We may process data such as device information, IP addresses, and usage patterns to detect suspicious activities (like unauthorized access attempts or potential fraud). This helps us protect your account and our systems from breaches. We also use various automated tools that utilize your data strictly to monitor for anomalies that could indicate security issues.
  
• Legal Compliance and Record-Keeping: To comply with our legal obligations and to establish, exercise, or defend legal claims. This includes retaining and reviewing certain data for compliance with financial regulations (e.g. AML laws require us to keep identity verification records and transaction logs for a minimum period). We may also use personal data to fulfil reporting obligations to regulatory authorities, respond to lawful requests by public authorities, or as otherwise required by law.
  
• Optional New Features and Services: Warren is continually evolving. If we introduce new functionalities in the future – such as investment features for wealth growth, more advanced AI-driven financial recommendations, or employer-integrated financial wellness programs – we may use your personal data to support those services. For example, an investment feature might require collecting information about your investment accounts, risk tolerance, or portfolio preferences to provide appropriate tools and advice. An employer-sponsored program might involve sharing aggregated and anonymized information back to your employer (e.g. overall program engagement or aggregated financial wellness scores) but only with proper safeguards and, where necessary, your consent. Rest assured that any new use of your data will remain consistent with the purposes described in this Policy. If a new purpose arises that is not compatible with the original purposes for which your data was collected, we will seek your consent or provide you with appropriate notice and choice.
  

We will not use your personal data for purposes that are unrelated to the services you sign up for, unless we obtain your consent or have another lawful basis for doing so. We do not sell or rent your personal information to third parties for their own marketing or commercial purposes.

Third-Party Service Providers and Data Sharing

We treat your personal data with care and confidentiality. We may share your information only in the following circumstances and with appropriate safeguards:

• Service Providers (Processors): We employ trusted third-party companies and individuals to support our platform’s operations. These service providers process personal data on our behalf and under our instructions, and they include:
• Cloud Hosting and Infrastructure Providers: to securely store and manage data and ensure our applications run smoothly (for example, reputable cloud data center services).
  
• Analytics and Technology Tools: to help us analyze usage of our platform or to provide certain functionality. For instance, we might use analytics services to understand app performance, or AI/machine-learning services to power some of the coaching or insight features. These providers only receive the data necessary for their function (e.g. usage events for analytics, or anonymized financial patterns for AI model improvement) and are not allowed to use it for any other purpose.
  
• Financial Data Integrations: if you choose to connect external financial accounts, we use third-party financial data aggregators or payment processors to fetch your account and transaction information securely. These providers (such as open banking API services) are regulated and contractually bound to protect your credentials and data.
  
• Identity Verification and Compliance Partners: to assist with KYC/AML checks and other compliance workflows. For example, we may use specialized vendors for document verification, biometric checks, or sanction screening. They will receive the necessary personal data (like identification details or document images) solely to perform these compliance services and must handle it under strict privacy and security standards.
  
• Communication Services: to send emails, SMS messages, push notifications or in-app messages. We may use email delivery services or mobile notification services to contact you (for things like verification codes or newsletters). These providers have access to your contact details only for the purpose of sending communications on our behalf.
  
• Customer Support and CRM Tools: to manage support tickets, user inquiries, or surveys. If we use a customer support platform or a customer relationship management tool, it will process data like your name, contact, and support history to help us assist you efficiently.
  
• Professional Advisors: In certain cases, we may share necessary information with our auditors, lawyers, accountants, or similar professional advisors on a need-to-know basis. This would only occur for legitimate business or legal purposes (such as getting legal advice or completing a financial audit) and under a duty of confidentiality.
• In all cases, our service providers are carefully vetted and bound by data processing agreements under GDPR. They must only process personal data for the purposes we specify and must provide sufficient guarantees to protect your data (including confidentiality obligations and appropriate security measures). We remain responsible for ensuring our service providers handle your personal information in line with this Privacy Policy and applicable law.
• Within the Warren Group: If Warren BV has affiliates or subsidiaries involved in operating the platform, your data may be shared within our corporate group on a need-to-know basis. For example, if a subsidiary company in another region is helping to develop a particular feature, we might share relevant data with that team. Any internal data sharing is done in compliance with GDPR requirements and with our employees and associates under strict confidentiality obligations.
• Business Transfers: If Warren BV is involved in a merger, acquisition, investment, financing, due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be transferred as part of that transaction. We would only do this as necessary to continue providing the services to you, and we would ensure the recipient of your data is bound by privacy obligations at least as strict as those in this Policy. You would be notified of any change in data control as required by law.
• Legal Compliance and Protection: We may disclose personal data to third parties (such as law enforcement, regulators, courts, or others) if we believe in good faith that such disclosure is necessary to:
• Comply with any applicable law, regulation, legal process, or enforceable governmental request (for example, responding to a court order or lawful subpoena).
  
• Enforce our Terms and Conditions or other agreements, investigate potential violations, or protect the security or integrity of our platform.
  
• Protect the rights, property, or safety of Warren, our users, our partners, or the public, as required or permitted by law.
  

Importantly, we do NOT share your personal data with your employer (or sponsoring company) unless you explicitly instruct us to or as part of a clear program feature that you opt into. If your employer has provided you access to Warren as a benefit, they may receive aggregated, anonymized insights about the overall workforce’s financial wellness (for example, average improvement in financial wellness scores or total number of employees reaching savings goals). These reports will never include any of your personal or identifiable financial details without your consent. Your individual financial information, habits, and coaching discussions remain private to you, Warren, and our authorized service providers as outlined above.

International Data Transfers

Warren is based in the European Union (EU), and we strive to store and process data within the EU/European Economic Area (EEA) whenever possible. However, some of our third-party service providers or affiliates may be located outside of your home country, including in countries outside the EU/EEA. If we need to transfer your personal data to a country that is not recognized by the European Commission as providing an adequate level of data protection (for example, to the United States), we will ensure appropriate safeguards are in place to protect your information.

When transferring data internationally, we rely on one or more of the following legal safeguards:

• Standard Contractual Clauses (SCCs): We will implement the European Commission’s approved contractual clauses (or equivalent measures under GDPR) in our agreements with the recipient of the data. These clauses contractually require the recipient to protect personal data to EU standards.
  
• Adequacy Decisions: In some cases, we may transfer data to countries that have been officially deemed to have an adequate level of protection by the EU (meaning the country’s laws offer similar protections to EU law). In such cases, transfers are allowed based on that adequacy decision.
  
• Additional Safeguards: We may apply technical and organizational measures such as encryption and pseudonymization of data, as well as strict access controls, to further secure data that is transferred abroad. We also conduct risk assessments for international transfers and, where needed, will put in place supplementary measures recommended by EU authorities to ensure your data is afforded essentially equivalent protection to that in the EU.
  

You have the right to request more information about our international data transfers and obtain a copy of the relevant safeguards (such as SCCs). To do so, please contact us using the information in the “Contact Us” section below.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and to comply with legal and contractual requirements. The specific retention periods depend on the type of data and the purposes of processing. For example:

• We will keep your account information and profile data for as long as you maintain an active account with us. If you decide to close your account, we will delete or anonymize your personal data within a reasonable period after the account closure, except for data we are required to keep longer by law.
  
• Financial transaction data or budgeting information you provide is kept to power your tools and historical insights over time; this data will be erased or anonymized if you delete it from the platform or when your account is deleted.
  
• Compliance and KYC/AML records (such as identity verification data and transaction logs required by financial regulations) are retained for the duration mandated by applicable law. For instance, we may be required to keep certain records for 5 years after the end of the customer relationship or the date of a transaction, as per AML laws.
  
• Usage data used for analytics is typically aggregated or anonymized, and not tied to you after a short period. Raw logs and device identifiers may be kept only for a brief time (usually a few months) unless needed longer for security analysis.
  
• If you have consented to receive marketing or newsletter communications, we will retain your contact details for that purpose until you unsubscribe or ask us to delete them. If you opt out or the subscription ends, we may still keep a record of your contact information in a suppression list to ensure we honor your opt-out.
  

Once the applicable retention period expires or the purpose of processing has been achieved, we will either securely delete or irreversibly anonymize your personal data so that it can no longer be associated with you. If deletion or anonymization is not immediately feasible (for example, because the data is stored in backup archives), we will securely store and isolate the data from any further use until deletion is possible.

Your Rights and Choices

As a user of our platform and, if you are in the EU or a similar jurisdiction, as a data subject under GDPR, you have certain rights regarding your personal data. Warren is committed to honoring your rights and has established processes to enable you to exercise them. Your principal data protection rights include:

• Right of Access: You have the right to request confirmation of whether we are processing your personal data and, if so, to obtain a copy of the data we hold about you, along with supplementary information about how we use it.
  
• Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. We encourage you to keep your profile information up-to-date, and you can often make certain corrections yourself through your account settings.
  
• Right to Erasure: You have the right to request the deletion of your personal data (“right to be forgotten”) in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing it. Please note that this right is not absolute; sometimes we must retain certain information to comply with legal obligations or defend legal claims.
  
• Right to Restrict Processing: You have the right to ask us to restrict (pause) the processing of your personal data in certain scenarios, such as while we address a claim that the data is inaccurate or if you object to our processing and we are verifying overriding grounds. When processing is restricted, your data will just be stored and not actively used until the restriction is lifted.
  
• Right to Data Portability: You have the right to obtain a digital copy of personal data you have provided to us in a structured, commonly used, machine-readable format, and to request that we transfer that data to another service provider if technically feasible. This right applies when our processing is based on your consent or a contract with you and is carried out by automated means. We will assist with data portability requests to the extent required by law.
  
• Right to Object: You have the right to object to our processing of your personal data when that processing is based on our legitimate interests (or those of a third party) or when performed for direct marketing purposes. If you object to direct marketing, we will stop sending you marketing communications. If you object to processing based on legitimate interests, we will evaluate your request and will cease processing unless we have compelling legitimate grounds that override your interests or the processing is needed for legal claims.
  
• Right to Withdraw Consent: If we rely on your consent for any specific processing activity (such as for optional profiling or receiving certain communications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. If you withdraw consent, we will stop the related processing unless we have another legal basis to continue (such as a legal obligation).
  
• Right to Not Be Subject to Automated Decisions: We currently do not make any decisions about you that have legal or similarly significant effects solely by automated means (without human involvement). If that changes in the future (for example, if an AI feature would automatically determine your eligibility for a service), you would have the right to request human review of the decision, express your point of view, and contest the decision.
  
• Right to Complaint: If you believe we have infringed your data protection rights or processed your personal data unlawfully, you have the right to lodge a complaint with your local supervisory data protection authority. We would, however, appreciate the chance to address your concerns before you do so – please consider contacting us first, and we will do our best to resolve the issue.
  

You can exercise your rights at any time by contacting us (see “Contact Us” below). We will respond to your request in accordance with applicable law, usually within one month. Please note that for security reasons, we may need to verify your identity before fulfilling certain requests (such as providing access to data or deleting data) to ensure that your personal data is not disclosed to someone impersonating you.

Data Security Measures

Warren takes the security of your personal data very seriously. We have implemented a robust set of technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use encryption to protect personal data in transit and at rest. For example, our websites and apps are served over HTTPS, which encrypts data between our servers and your device. Sensitive information (like passwords, identification documents, and financial account details) is encrypted when stored in our databases or servers.
  
• Access Controls: We maintain strict role-based access controls. This means personal data is accessible only by those employees, contractors, or service providers who require it to perform their job duties or provide our services. All personnel with access to personal data are subject to confidentiality obligations and are trained in data protection best practices. We also implement multi-factor authentication and strong identity management for any internal systems handling sensitive data.
  
• Secure Development and Testing: Our platform is built with security in mind. We follow secure coding practices and conduct regular security testing, including vulnerability assessments and penetration tests by independent experts. Any identified vulnerabilities are promptly addressed according to a defined remediation process. We also maintain up-to-date software and infrastructure, applying security patches and updates as needed to mitigate risks.
  
• Network and System Security: We employ firewalls, intrusion detection/prevention systems, and continuous monitoring of our systems to guard against attacks and unauthorized access. Our servers are hardened and regularly audited for security configurations. We also utilize anti-malware tools and threat detection systems to prevent, detect, and respond to any suspicious activity.
  
• Data Minimization and Pseudonymization: In line with GDPR principles, we strive to collect only the data we need. Where feasible, we replace personally identifying information with codes or tokens (pseudonymization) in our internal systems, so that individuals are not readily identifiable without additional information kept separately. We also aggregate or anonymize data for analytics and research, ensuring that it can no longer be linked back to any individual.
  
• Continuous Monitoring and Audit: We continuously monitor our systems for potential breaches or anomalies. We also conduct regular audits and assessments of our privacy and security practices to ensure we remain compliant with regulations and up-to-date with emerging threats. If required, we maintain certifications or adhere to industry standards (such as ISO 27001 for information security) to demonstrate our commitment to data protection.
  

Despite our stringent measures, no system can be guaranteed 100% secure. However, we continuously update and improve our security practices to mitigate risks as much as possible. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the appropriate supervisory authorities as required by law.

Children’s Privacy

Our platform is primarily intended for use by adults (such as employees and contractors) in the context of financial wellness. It is not directed to children under the age of 18 for independent use. We do not knowingly collect personal data from children under 18 without appropriate consent. If you are a parent or guardian using Warren for the benefit of a dependent child (e.g. teaching them financial skills or managing savings for them), you must provide any necessary consent and supervision. If we become aware that we have collected personal data directly from a child under 18 without verifiable parental consent, we will take steps to delete that information.

If you have any concerns about your child’s personal data in our platform, please contact us and we will work with you to address the issue.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Last Updated” date at the top of this Policy. If the changes are significant, we may also provide a more prominent notice or seek your consent as required by law (for example, by notifying you via our app or by email of the update).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Warren platform after any changes to this Policy constitutes your acceptance of the updated terms (to the extent permitted by law). If you do not agree with any updates or changes, you should stop using the platform and you may exercise your rights as described herein.

Contact Us

Warren BV is the data controller responsible for the processing of your personal data in the context of our wealth enablement platform. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Warren BV
‍

Email: privacy@warren.eu (for privacy inquiries or to exercise your data protection rights)
Support: support@warren.eu (for general support or account-related questions)

We will endeavor to respond to your inquiry as soon as possible, and no later than within the timeframes required by law. Your privacy is important to us, and we welcome your feedback and questions as we strive to protect and respect your personal data.

‍