Check Your RateCheck Your Rate
Back

Privacy Notice

Last updated: March 2026

1. Who we are

Check Your Rate is an informational tool that helps UK homeowners compare their current mortgage rate against live rates from major UK lenders including Barclays, HSBC, TSB and Santander. It is operated as a personal project and is not authorised or regulated by the Financial Conduct Authority (FCA). Nothing on this website constitutes financial advice or a regulated financial promotion.

We are the data controller for the personal data described in this notice. For any privacy queries, contact us at help@checkyourrate.co.uk.

2. What data we collect

  • Account data: Your name and email address, provided via Google OAuth sign-in.
  • Mortgage data: Details you enter about your current mortgage (lender, rate, balance, property value, term, deal end date). Used solely to personalise your rate comparison.
  • Rate alerts: The loan type and threshold rate you set for notifications.
  • Email preferences: Whether you have opted out of rate alert and weekly digest emails.
  • Session data: A secure session cookie to keep you signed in.
  • Account creation date: The timestamp your account was created, displayed as “Member Since” on your profile.

3. Lawful basis for processing (UK GDPR Article 6)

  • Contract performance (Art. 6(1)(b)): Processing your account, mortgage, and alert data is necessary to provide the service you have signed up for.
  • Legitimate interests (Art. 6(1)(f)): Sending transactional emails (rate alerts, weekly digests) is in our and your legitimate interest as a user of a rate-monitoring service. You can opt out at any time.
  • Legal obligation (Art. 6(1)(c)): We may retain certain data where required by applicable law.

4. How we use your data

  • To display a personalised mortgage rate comparison on your dashboard.
  • To send you email alerts when a rate drops below your chosen threshold.
  • To send you a weekly digest of current market rates.
  • To authenticate you securely via NextAuth.js.

We do not sell your data, share it with third parties for marketing, or use it for advertising profiling.

5. Cookies

We use only strictly necessary cookies. These are exempt from consent requirements under the Privacy and Electronic Communications Regulations (PECR):

  • Session cookie (next-auth.session-token): Keeps you signed in securely. Expires when you sign out or after 30 days.
  • CSRF token (next-auth.csrf-token): Protects against cross-site request forgery. Session-scoped.
  • Cookie consent preference (cookie-consent): Stores whether you accepted or declined this notice. Expires after 1 year.

We do not use tracking, analytics, or advertising cookies.

6. Your rights (UK GDPR)

Under UK GDPR you have the right to:

  • Access your data: download a copy from your Profile page (Article 15).
  • Erase your data: permanently delete your account and all associated data from your Profile page (Article 17).
  • Rectify your data: update your mortgage details or display name at any time (Article 16).
  • Object to email processing: unsubscribe from rate alerts and digests via the link in any email or from your Profile page (Article 21).
  • Data portability: your exported data is provided in machine-readable JSON format (Article 20).
  • Lodge a complaint: you have the right to complain to the Information Commissioner's Office (ICO).

7. Data processors & sub-processors

We use the following third-party services to operate the platform. Each acts as a data processor under UK GDPR:

ProcessorPurposeLocation
Vercel Inc.Application hosting & deploymentUSA / EU edge
Supabase Inc.PostgreSQL database storageEU (AWS eu-west-2)
Upstash Inc.Rate limiting (Redis, no personal data stored)EU (AWS eu-west-2)
Resend Inc.Transactional email deliveryUSA
Google LLCOAuth authentication (if used)USA

All international transfers are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards.

8. Data storage & security

Your data is stored in a PostgreSQL database hosted by Supabase Inc. on AWS infrastructure in the EU (eu-west-2). We use HTTPS for all data transmission, secure session tokens (rotated on each session), and access controls that restrict each user to their own data only.

9. Data retention

We retain your data for as long as your account is active. When you delete your account, all your personal data (including mortgage details, rate alerts, and email preferences) is permanently and immediately removed from our systems. Automated database backups may retain data for up to 7 days after deletion.

10. Contact & complaints

For questions about this policy or to exercise your rights, contact us at help@checkyourrate.co.uk. We will respond within 30 days. If you are unsatisfied, you may lodge a complaint with the ICO.