Reeclaim
Start 14-day free trial

Privacy Policy

Last updated: Version 3.0, 19 March 2026

1. Introduction

Reeclaim Limited (trading as “Reeclaim”), company number 10636342, registered at Churchill House, Brent Street, London, England, NW4 4DJ (“Company”, “we”, “us”, “our”) is dedicated to safeguarding the personal information of our users. We are registered with the UK Information Commissioner's Office under reference ZA238353.

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our website, platform, and services. It applies to all users of the Reeclaim platform.

Our platform and services are not designed for children under 18, and we do not intentionally collect information from minors.

Data Privacy Manager: info@reeclaim.co.uk

2. Information We Collect

We collect and process the following categories of personal data:

Identity Data

First name, last name, and date of birth as provided during account registration.

Contact Data

Email address, mobile phone number, and postal address.

TfL Account Data

Your TfL username (email) and session data. Your TfL password is encrypted on your device using AES-256 encryption and stored in your browser's local storage only - it is never stored on our servers in any form. TfL session cookies are stored in encrypted form in our database solely to maintain your session between visits.

Journey Data

Journey history retrieved from your TfL account, including dates, times, stations, fares, delays, incomplete journeys, and contactless card details (last 4 digits, card type, expiry date). We also store claim submission records and their outcomes.

Payment Data

Subscription payments are processed by Stripe, our third-party payment provider. We store only your card's last 4 digits and brand (e.g. Visa, Mastercard) for display purposes. We do not store full card numbers, CVV codes, or other sensitive payment details on our servers. Your Stripe customer ID is stored to manage your subscription.

Technical Data

IP address, browser type and version, operating system, device information, login timestamps, and pages visited.

Usage Data

Information about how you use our platform, including features accessed, journeys fetched, claims submitted, and interaction patterns.

We do not collect any special category data (also known as sensitive personal data) such as information about race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health data, or criminal records.

3. How We Collect Your Data

Direct Interactions

When you create an account, subscribe to a plan, connect your TfL account, fetch journeys, submit claims, update your profile, or contact us.

Automated Technologies

When you interact with our platform, we may automatically collect technical and usage data through cookies, server logs, and similar technologies.

Third-Party Sources

We may receive data from:

  • TfL - journey history, card details, and account information when you instruct us to access your TfL account
  • Stripe - payment confirmation, subscription status, and card details (last 4 digits and brand only)
  • Analytics providers - such as Google Analytics, for anonymised usage statistics
  • Advertising platforms - such as Google Ads, which may provide data about how you interacted with our advertisements

4. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To access your TfL account on your instruction, retrieve journey data, and submit approved refund claims
  • To process your subscription payments via Stripe
  • To send you service-related communications (magic link sign-in emails, welcome emails, account notifications)
  • To provide customer support and respond to your enquiries
  • To detect and notify you of claimable delays and incomplete journeys
  • To improve our platform, analyse usage patterns, and develop new features
  • To send you marketing communications about our services (with your consent)
  • To run advertising campaigns and measure their effectiveness via Google Ads
  • To produce anonymised and aggregated statistics, research, and insights about TfL journey patterns, delays, and refund trends. This data cannot identify you personally and may be shared publicly or with third parties
  • To protect our platform against fraud, abuse, and unauthorised access
  • To comply with legal obligations

5. Legal Bases for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

  • Contract performance - processing necessary to provide you with our services. This includes accessing your TfL account to retrieve journey history, card information, and other account data needed to identify eligible refund claims and submit them on your behalf, as well as managing your account and processing payments
  • Legitimate interests - processing necessary for our legitimate business interests. This includes accessing and analysing data from your TfL account (such as journey patterns, card usage, fare information, and claim history) to detect refund opportunities, improve our detection algorithms, prevent fraud, maintain platform security, and develop new features. These interests are balanced against your rights and do not override them
  • Consent - where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time by contacting us. Note that withdrawing consent does not affect our ability to process data under the other legal bases listed here
  • Legal obligation - processing required to comply with applicable laws and regulations

For the avoidance of doubt, accessing and processing data from your TfL account is primarily based on contract performance (you have instructed us to do so as part of the service) and legitimate interests (to identify all potential refund opportunities and improve our service), not solely on consent. This means we process your TfL account data as necessary to deliver the service you have subscribed to.

6. Marketing

We may send you promotional communications about our services by email. You will only receive marketing communications if you have consented to receive them or if you are an existing customer and the communications relate to similar services.

We use Google Ads to reach potential customers. Google Ads may use cookies and tracking technologies to measure advertising effectiveness and deliver targeted advertisements. If we add additional advertising platforms in future, this policy will be updated before those tools are enabled.

We will never sell your personal data to third parties for their marketing purposes.

You can opt out of marketing communications at any time by contacting us at info@reeclaim.co.uk or by using the unsubscribe link in any marketing email.

7. Cookies and Local Storage

We use cookies and browser local storage to maintain your signed-in session, remember your preferences, and provide a seamless experience. Some data is stored on your device in encrypted form for convenience.

You can configure your browser to refuse cookies or clear local storage at any time. Doing so may require you to sign in again and re-enter your TfL credentials.

8. Who We Share Your Data With

We may share your personal data with the following parties:

  • TfL - we access your TfL account on your instruction to retrieve journey data and submit refund claims. TfL processes refunds directly to your contactless card
  • Stripe - our payment processor, who handles subscription billing. Stripe processes your payment card data under their own privacy policy
  • Google - for analytics (Google Analytics) and advertising (Google Ads)
  • Email service providers - for sending transactional and marketing emails
  • Professional advisers - lawyers, accountants, and auditors where necessary
  • Regulatory authorities - where required by law
  • Business transfer parties - in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring party. You will be notified of any such transfer

All third parties are required to process your data securely and in accordance with applicable data protection laws.

9. International Transfers

Some of our third-party service providers (including Stripe and analytics/advertising platforms) may process your data outside the UK and European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office or equivalent protections.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Industry-standard encryption for sensitive data both at rest and in transit
  • Secure authentication mechanisms
  • Access controls limiting data access to authorised personnel and systems
  • Payment processing handled entirely by Stripe, a PCI DSS compliant payment provider

We have procedures in place to address suspected data breaches and will notify you and the Information Commissioner's Office where we are legally required to do so.

11. Data Retention

We retain your personal data for as long as your account is active and for a period of six years after your account is closed or your subscription ends, in accordance with legal and regulatory requirements.

After this period, your data will be securely deleted or anonymised. In some cases, we may retain anonymised data indefinitely for research or statistical purposes, where it can no longer identify you.

You may request deletion of your data at any time (see Section 12), subject to our legal retention obligations.

12. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access - request a copy of the personal data we hold about you
  • Right to rectification - request correction of inaccurate or incomplete data
  • Right to erasure - request deletion of your data where there is no valid reason for us to continue processing it
  • Right to restrict processing - request that we suspend processing of your data in certain circumstances
  • Right to data portability - request your data in a structured, machine-readable format
  • Right to object - object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@reeclaim.co.uk. We will respond within one month. We may request proof of identity before processing your request.

There is no fee for exercising your rights, though we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform. The “Last updated” date at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Reeclaim Limited
Churchill House, Brent Street
London, England, NW4 4DJ

Email: info@reeclaim.co.uk