Legal information
Privacy Policy
The Privacy notice, along with the Terms and Conditions, explains how personal data is collected, processed, used, and disclosed when using the website When registering, logging in, making payments, contacting support, filling out forms, or submitting data, personal data will be collected, used, and stored in the same way as described in the Privacy notice.
Details of the Data Controller and Data Protection Officer
The Data Protection Officer can be reached by email at
What is Personal Data?
This Privacy Policy states that personal data is any information that can identify a natural person, directly or indirectly. It explains how this information is collected, processed, used, and shared when using the website The policy also provides details on the types of personal data collected and processed by the website. We obtain certain personal data from you.

When signing up for the website, you will need to provide your name, email, and a hashed password. This information is classified as personal data and will be collected, processed, used, and stored in accordance with the Privacy Policy.

When you verify your account, we collect your mobile phone number, along with photos or scans of your identity document. We also gather data such as document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (which may vary depending on the document), and security features. Additionally, we collect facial image data, including photos of the face, selfies, and scanned images of the face on the user's identification document, as well as videos and sound recordings. Facial feature biometric data is also collected during the account verification process, which includes photos and scans of the user's ID, as well as images and recordings of their face.

When initiating or receiving a bank transfer, the following types of documents and information may be required: a proof of address document, a document confirming citizenship or residence permit, documents required to prove the source of funds, details of the bank account, including the account number, sort code, IBAN, and payment-related details such as amount, currency, and time.

We may request information from you to prevent fraud and misuse of your account. This information may include bank statements, verbal explanations, screenshots, and a questionnaire to confirm that you are acting of your own free will and that you understand what you are doing.

When you communicate with us, we may collect your contact email, the content of your messages and any files you attach to your messages, a unique ticket system identifier, and technical data related to your messages, including date, time zone, and environment.

We collect information about payments performed within your account, including the date, time, amount, currencies, participating parties, messages sent and received with the payment, merchant information, payment methods used, technical usage data, and geolocation information. We also collect details of your wallets and unique identifier in the Mybrocard, as well as bank card details, such as cardholder name, expiry date, and the first 6 and last 4 digits of the card number.

We collect information from your device, including the name of your internet service provider (IP address), environment, log-in information, browser type and settings, time zone, the operating system, the type of device you use, a unique device identifier, screen size, mobile network information, mobile operating system, and type of mobile browser you are using, as well as the date, time, and length of your visit.

We may receive information from payment systems (Visa, Mastercard, UnionPay), payment service providers, card schemes, card program managers, public authorities and law enforcement agencies, and public sources, such as company registers and enhanced due diligence services.
Legal Basis and Use of Personal Data
At, we only process your personal data where a lawful basis exists. We may rely on the following:

A) Performance of a contract we enter with you
We process your personal data to provide you with our services based on the Terms and Conditions that you accept when you sign up in our system. We collect and process your data to set up and administer your account, to ensure secure access to your account, and to process transactions that you make with your account, such as transferring funds, making payments, adding money to a wallet, or withdrawing funds. We may also send you important information about the system, login confirmation, suspicious authorization attempts, and completed transactions notifications, as well as provide technical and customer support.

B) Our legal obligation
We process your personal data to comply with our legal obligations, particularly the requirements of anti-money laundering and terrorist financing legislation, to verify and confirm your identity as part of the KYC procedure. When you request an IBAN or initiate a bank transfer, we also send your data to the providers of these services to meet AML requirements and follow KYC rules. We may use your data to assist any law enforcement authority with their investigation or disclose data required by a court order as we may be obliged by law.

C) Our legitimate interests
We may use anonymized and aggregated data to analyze how customers use our services and evaluate the quality and convenience of our product, site operation, and functionality. Likewise, we may also use your data to notify you about changes to our policies or new features of our service. We take a risk-based approach to assess both the profile of users and the transactions they make, as well as detect and prevent fraudulent and other illegal activities. We collect, use, and store personal data for these purposes. When you contact our support service, we keep a record of the conversation. We do this to improve the quality of our services and products, protect our interests in case of disputes, evaluate the quality of the work of the support staff, and train them.

D) Your consent
You may opt-in to receive emails from us about our products and services, and allow us to measure the performance of marketing emails and analyze product use. You may withdraw your consent at any time. To verify your account, we ask you to go through a liveness test to make sure that you are a living person and the documents submitted really belong to you. Such analysis constitutes the processing of a special category of personal data and can only be carried out based on your consent. The term of the consent is limited to the achievement of the purpose of the liveness check, so the data processing is terminated immediately once it is completed. The data collection and processing is carried out by a third party, acting as a data processor on our behalf. You can read more about this in the "Disclosure of personal data to third parties" section.
Automated Decision-Making
We use an automated risk assessment system to analyze the risk profile of users and ongoing transactions to prevent illegal and fraudulent activities. However, any significant decisions that may impact you will be taken by our employees based on a manual review.
We use cookies on our website. You can read about it in our Cookies Policy.
Data Security
We are committed to ensuring that your personal data is protected. We take various security and organizational measures to ensure the safety of your data when you enter it on the site or otherwise provide it to us.

We use data encryption techniques and authentication procedures to prevent unauthorized access to our system and your data. Only authorized employees are granted physical access to the premises where data is processed and stored, which are under surveillance.

All sensitive information is transmitted via Secure Socket Layer (SSL) technology. Card payment information encryption is compliant with PCI DSS.

We authorize access to your personal data only for those employees who need it based on their job requirements (for example, customer support staff). All employees who access personal data are bound by a non-disclosure agreement. We provide ongoing training to our employees to ensure the security and confidentiality of personal data.

We continuously improve our security procedures to comply with the best industry standards and maintain a high level of personal data protection.

We recommend adhering to some simple rules that will help ensure your safety. Never use the same password for multiple accounts on different sites and always use a strong password with mixed-case letters, numbers, and symbols. Do not tell anyone your Mybrocard wallet password. Please remember that our employees never ask for user passwords. If someone pretending to be an Mybrocard employee asks you for your password or other login information, do not give it to them and notify us immediately by email to
Got questions?
Sign up now and have up to 50 free cards in your e-wallet