Built for trust. Earned by design.
Join the waitlist. Catcher launches with these protections from day one.
The number one question we get. Here's the full, honest answer โ not marketing speak.
Catcher can see transactions but can never move money, make payments, set up direct debits, or modify your account.
Your data is encrypted at rest and in transit โ the same standard used by banks and governments. Access is restricted to Catcher systems only.
Your data never leaves the European Union. Processed under GDPR. Hosted on EU servers.
Bank connection via TrueLayer โ an FCA-authorised Account Information Service Provider operating under PSD2.
1. You connect your bank. Catcher redirects you to your bank's own login page via our regulated Open Banking provider. We never see your username or password โ your bank authenticates you directly.
2. Catcher reads your transactions. Read-only. We receive transaction descriptions, amounts, and dates. We cannot see your full account number or initiate any payments.
3. AI classifies your spending. Transactions are categorised by our AI (large language model technology). Your data is pseudonymised before analysis โ no name, address, or account details are sent to the AI.
4. Letters are drafted for you. Negotiation letters are drafted using your transaction data. Sensitive personal information is never included unless you add it yourself before sending.
5. You're always in control. You review every letter before it's sent. You choose what to action. You can disconnect your bank and delete all data at any time โ one tap, everything gone.
โ Transaction descriptions and amounts
โ Classified spending categories
โ Findings and generated letters
โ Your savings goals and targets
โ Consent records with timestamps
โ Your bank login credentials
โ Your full account or sort code numbers
โ Your PPS number or government ID
โ Biometric data of any kind
โ Data from people you transact with
Right to access: See exactly what data we hold about you, in plain language โ not buried in a privacy policy.
Right to portability: Download all your data as a JSON file with one tap. Take it anywhere.
Right to erasure: Delete your account and all associated data permanently. We disconnect your bank, revoke all access tokens, and remove everything from our servers.
Right to withdraw consent: You gave consent to connect your bank โ you can revoke it at any time from your account settings.
Right to complain: If you're unhappy with how we handle your data, you can contact the Data Protection Commission at dataprotection.ie.
Third-party data processors:
TrueLayer (bank connection โ FCA-authorised AISP, PSD2) ยท Supabase (database โ EU hosted, SOC2 certified) ยท Anthropic (AI classification โ data pseudonymised) ยท Stripe (payments โ PCI DSS compliant) ยท Sentry (error monitoring โ PII scrubbed)
Data Processing Agreements in place with all providers. Full details in our Privacy Policy.
Join the waitlist. Catcher launches with these protections from day one.