Legal
Privacy policy
Last updated: 8 June 2026
1. Introduction
This privacy policy explains how Referrio ("we", "us", "our") collects, uses, shares and protects personal data when you visit referrio.co.uk, sign up for an account, or use our referral and rewards platform. It also explains how we use cookies and similar technologies. We are the data controller for the personal data we process about our customers and website visitors.
2. Information we collect
We collect the following categories of personal data:
- Account data: name, email address, mobile number, business name, password (stored hashed), and authentication identifiers.
- Referral data: information you upload or send through our API about your own customers (referrers and referees), including names, email addresses, phone numbers and referral codes.
- Billing data: billing address and subscription details. Card details are handled directly by our payment processor and never stored on our servers.
- Usage data: IP address, device and browser information, pages visited, and actions taken in the app.
- Support data: messages you send via live chat, email or our contact form.
3. How we use your data
We use personal data to:
- Provide, operate and secure the Referrio platform.
- Process payments and manage your subscription.
- Send transactional messages (sign-in codes, low-balance alerts, fraud alerts, billing notices).
- Respond to your enquiries and provide support.
- Improve the product, measure performance and prevent abuse.
- Comply with our legal obligations.
4. Legal bases
Under UK GDPR we rely on the following legal bases: performance of a contract (to deliver the service you signed up for), legitimate interests (to keep the service secure, prevent fraud and improve our product), legal obligation (e.g. tax and accounting), and consent (for non-essential cookies and any optional marketing communications, which you can withdraw at any time).
5. Sharing your data
We do not sell your personal data. We share it only with trusted processors who help us run the service, including our cloud infrastructure, database and authentication provider, payment processor, email and SMS delivery providers, gift card and reward fulfilment partners, and address/phone validation services. Each processor is bound by a contract that requires appropriate security and confidentiality.
6. International transfers
Some of our processors are located outside the UK. When personal data is transferred internationally we rely on appropriate safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum.
7. Data retention
We keep personal data only for as long as needed to provide the service and to meet our legal, tax and accounting obligations. When you close your account we delete or anonymise your data within a reasonable period, except where we are required to retain it by law.
8. Your rights
You have the right to access, correct, delete, restrict or object to the processing of your personal data, and the right to data portability. You can exercise these rights from within your account or by contacting us. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
9. Security
We use industry-standard technical and organisational measures to protect your data, including encryption in transit, hashed passwords, row-level security in our database, optional multi-factor authentication, and strict access controls for our team.
10. Cookies and similar technologies
Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (such as local storage) to keep you signed in, remember your preferences, keep the site secure, and measure how the site is used so we can improve it. We do not use cookies to build advertising profiles about you, and we do not sell your data.
| Name | Purpose | Duration |
|---|---|---|
| sb-* | Keeps you signed in to your Referrio account. | Session / up to 30 days |
| referrio_cookie_consent | Remembers your choice on the cookie notice. | 12 months |
| referrio-theme | Remembers your light/dark theme preference. | 12 months |
| referrio_consumer_token | Keeps consumer sessions active for viewing rewards. | 30 days |
You can accept or deny non-essential cookies via the banner shown on your first visit. You can change your choice at any time by clearing your browser's site data for referrio.co.uk, or by adjusting your browser settings to block or delete cookies. Essential cookies needed to sign you in and keep the site secure cannot be turned off.
11. Changes to this policy
We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where appropriate, notify you in the app or by email.
12. Contact
Questions about this policy or your data? Get in touch via our contact page.