Privacy Policy

1. Introduction and Who We Are

This privacy policy explains how we handle information about you and your household.

Lodo is a comparison and switching service. We help you find better deals on your household bills — and we can switch you over. We make money when you switch through us — some of the providers on our platform pay us a commission. That means we don't need to sell your data, show you adverts, or do anything else with your information that isn't directly related to helping you save money.

We believe the best way to earn your trust is to be straightforward about what we do with your data and why. If you have any questions at all, contact us at [email protected].

Who we are: LODO TECHNOLOGIES LTD, company number 17000602, registered in England and Wales. Registered address: Senna Building, Gorsuch Place, London, E2 8JF, England. Data Protection Officer: Luis Kalckstein, [email protected].

2. What This Policy Applies To

This privacy policy applies to your use of:

• The Lodo website at joinlodo.com (and all subdomains)
• The Lodo web chatbot
• The Lodo WhatsApp chatbot

Our services may link to other websites or rely on third-party services. These third parties have their own privacy policies, and we are not responsible for their practices.

3. What Information We Collect

The information we collect depends on how you use Lodo.

Information you give us directly

When you create an account, we collect your name, email address, and phone number. When you use the chatbot, we collect the messages you send and any details you share with us — such as your preferences, budget, and household details. When you use our switching service, this includes your address, payment details, and any other information needed to complete the switch (such as your current supplier, usage details, or information needed for a credit check).

Some important details about financial data:

• Full payment details (card numbers, security codes, bank details) are handled by our secure providers and are never stored by Lodo. Bank details are re-collected each time you switch.
• Credit check data is stored with your profile for the duration of your account so you don't need to re-enter it each time you switch.

Information from services you connect

If you choose to connect your Gmail account, we request read-only access to your Gmail inbox via the OAuth scope gmail.readonly. While this scope provides technical read access to your entire mailbox, we only retrieve emails that match specific filters — sender addresses and keywords associated with known service providers, including energy suppliers, mobile networks, and broadband providers — in order to detect your current household plans and tariff details.

Email content (including message bodies and any attachments) is processed in memory only and discarded immediately. We do not download, copy, index, cache, or store the content of your emails on our servers or in any database. The only information we retain is the structured plan data we extract (for example, your supplier or network name, tariff name, unit rate, standing charge, or monthly cost), which is saved to your Lodo profile so you do not need to repeat the process.

You can revoke Gmail access at any time via your Lodo account settings or by removing Lodo from your Google Account permissions. When you revoke access, we will never access your Gmail again unless you reconnect. Any plan data previously extracted from your emails remains in your profile as part of your switching history; you can delete your entire profile at any time.

Lodo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. See Section 11 below for the full disclosure.

Information collected automatically

When you use Lodo, we automatically collect analytics data (such as page views and feature interactions) via our EU-hosted analytics provider, session data, IP addresses, and cookies. We cover cookies in more detail below.

Feedback and support

If you contact us with feedback or a support request, we collect the content of your message and any contact details you provide.

WhatsApp notifications

If you opt in to WhatsApp deal notifications, we use your existing phone number and record your consent and notification preferences.

We do not knowingly collect sensitive personal data (such as data about racial or ethnic origin, political opinions, health, or sexual orientation). Please do not share this kind of information with us in chat.

Children's data

Lodo is not intended for use by anyone under the age of 18. We do not knowingly collect or process personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data as soon as reasonably practicable. If you believe a child has provided us with personal information, please contact us at [email protected].

4. How and Why We Use Your Information

We can only use your information if we have a proper legal reason to do so. Here is how we use it, and the legal basis we rely on in each case.

To deliver our service (contract performance)

We use your information to create and manage your account, provide our comparison and switching service, execute switches on your behalf, and provide continuity across future switches. Lodo is an ongoing service — we retain your conversation history and preferences so that when a better deal comes along, you can switch again without starting from scratch.

With your consent

If you connect your Gmail, we access your emails to detect your current household plans. If you opt in to WhatsApp notifications, we send you alerts about better deals. If you opt in to marketing, we send you updates about Lodo. You can withdraw any of these consents at any time via your account settings or by emailing [email protected].

For our legitimate interests

We use your information to improve and secure our service, investigate and fix issues, prevent fraud, respond to feedback and support requests, and understand how our service is used through analytics. In legal terms, we have a legitimate interest in maintaining and improving our service for all users. We carry out a balancing assessment whenever we rely on legitimate interest — contact us at [email protected] if you'd like details of any assessment.

5. Who We Share Your Data With

We share your information with service providers who help us run Lodo. We only do this where it's necessary, we're satisfied they take appropriate measures to protect your data, and we have binding data processing agreements in place with all of them.

• Authentication services (US) — to manage sign-in and account security
• AI processing services (EU / US) — to power chatbot responses and plan detection
• Service monitoring (US) — to monitor quality and investigate issues
• Secure payment and automation vault — to handle payment details and automate order placement. Full payment details are handled exclusively by this provider and never stored by Lodo
• Switching partners (UK) — to obtain quotes, perform credit checks, and execute switches
• Product analytics (EU) — to help us understand how people use Lodo
• Address validation (UK) — to look up and autocomplete your address
• Email access services (US, opt-in only) — to process your Gmail messages in transit for plan detection. Email content is not stored by any third-party provider; it is processed in memory and discarded immediately. No third party receives or retains the content of your emails
• Messaging platform (EU / US) — to deliver chatbot interactions and deal notifications
• Document extraction (US) — to extract usage data from uploaded bills
• Internal communication tools (US) — to manage and respond to support requests
• Infrastructure hosting (EU) — to host all Lodo services and databases

We will not share your data with any other third party.

6. International Data Transfers

Most of your data stays in the UK or the European Union. Our databases are hosted in the EU (Amsterdam), and several of our providers are UK-based or EU-hosted.

Some of our providers are based in the United States. When we transfer your data to the US, we rely on one or more of the following safeguards:

• UK Extension to the EU-US Data Privacy Framework: Where the US provider is certified under this framework, the UK government has recognised it as providing adequate protection.
• Standard Contractual Clauses: Standardised contract terms approved by the UK government that require the recipient to protect your data to UK standards.

Wherever your data goes, it is protected to at least the same standard as in the UK.

7. How Long We Keep Your Data

We keep your data only for as long as we need it.

While your account is active, we keep your information for the duration of your account. This is necessary to provide our ongoing comparison and switching service — so we remember your preferences, past decisions, and profile details for future switches. Full payment details (card numbers, bank details) are never stored by Lodo and are deleted immediately after each transaction.

After you close your account, we keep account and order records for up to 6 years to comply with legal obligations and in case of disputes. Conversation history is kept for up to 24 months. Other data is deleted within 6 months.

Technical data (such as IP addresses and debugging logs) is deleted or anonymised within 90 days. Analytics data is kept for up to 24 months.

Once the relevant retention period expires, we securely delete or anonymise your data.

8. Cookies and Tracking

We use a small number of cookies and similar technologies to deliver and improve our service. This section is also linked from our cookie banner.

Essential cookies (no consent required)

These cookies are strictly necessary for the Service to function. They do not require your consent under the Privacy and Electronic Communications Regulations (PECR).

• Authentication cookies: Our authentication provider sets cookies to keep you signed in and to protect your account.
• Session identifiers: We store a session identifier in your browser's localStorage to maintain your chat session.

Analytics cookies (consent required)

We use these cookies to understand how people use Lodo so we can improve the Service. They are only set after you give consent via our cookie banner.

• Product analytics: We use an EU-hosted product analytics platform to collect anonymised usage data such as page views, feature interactions, and session information. This provider may set cookies on your device to recognise your browser across sessions. The data collected is used solely to understand how the Service is used and to identify improvements. We do not use analytics data to identify you personally, to build advertising profiles, or to sell to third parties.

What we do not use

• We do not use advertising cookies or retargeting pixels
• We do not sell your data to advertisers
• We do not allow third parties to track you for advertising purposes on our site

How to control cookies

You can accept or reject non-essential cookies via the cookie banner displayed when you first visit our website. You can change your preference at any time by revisiting the cookie banner (accessible via the link in our website footer) or through your browser settings. Rejecting analytics cookies will not affect the core functionality of the Service. Disabling essential cookies (such as authentication and session cookies) may prevent parts of the Service from working correctly.

Our analytics provider may set its own cookies, governed by their own privacy policy. For more information about how our analytics provider handles data, please refer to their publicly available privacy documentation.

9. Your Rights

Under the UK General Data Protection Regulation, you have a number of important rights free of charge. In summary, these include rights to:

• Access your personal information and get a copy of it
• Correct any mistakes in your information
• Delete your personal information in certain situations
• Restrict how we use your information under certain conditions
• Receive the information you've provided to us in a portable, machine-readable format
• Object to our use of your information for direct marketing, or where we rely on legitimate interest
• Not be subject to decisions made solely by automated means that significantly affect you — we do not currently make such decisions

For further information on each of these rights, see the ICO's guidance on individual rights.

How to exercise your rights

• Via your account settings: You can update your personal details and delete your account directly from your account settings page.
• Via email: For all other requests (access, portability, restriction, objection), email us at [email protected].
• Withdrawing consent: You can withdraw consent for Gmail access, WhatsApp notifications, and marketing at any time via your account settings or by emailing [email protected].

We will respond within 30 days. We may ask you to verify your identity.

10. Marketing and Deal Notifications

We will only send you marketing messages if you have given explicit consent.

Deal notifications (via email, messaging apps, or other channels) require separate consent — they are not bundled with your agreement to our Terms and Conditions or with general marketing.

If you opt in, we may send you alerts about deals relevant to your profile. You can initiate a switch from a notification — we will use your stored profile data and ask you to re-enter your payment details to complete the switch. We will never switch you without your explicit confirmation.

How to unsubscribe

• Follow the opt-out instructions in any notification message
• Update your notification preferences in your account settings
• Email us at [email protected]

We will never sell your data to third parties for marketing. We will never share your data with advertisers.

11. Google API Services — Limited Use Disclosure

What we access and why

If you connect your Gmail account, Lodo requests read-only access to your Gmail inbox (via the restricted OAuth scope gmail.readonly) to detect your current household plans, including energy, mobile, and broadband. We search your inbox using filters specific to known service providers — including energy suppliers, mobile networks, and broadband providers (sender addresses and keywords) — and retrieve only the matching messages. We do not browse, index, or scan your full inbox.

How we handle your Gmail data

• Email content — including message bodies and attachments — is processed in memory only and discarded immediately. We never store, log, or persist the raw content of your emails.
• The only data we retain is the structured plan information we extract (for example, supplier or network name, tariff name, unit rates, standing charges, or monthly cost), which is saved to your Lodo profile.
• All data is encrypted in transit (TLS) and at rest (AES-256).

Compliance with Google's Limited Use requirements

Lodo's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

1. We only use Gmail data to provide or improve user-facing features. Gmail data is used solely to detect your current household plans (energy, mobile, and broadband) so that Lodo can recommend better deals. We do not use Gmail data for any other purpose.
2. We do not transfer Gmail data to third parties, except:
   • As necessary to provide or improve the plan-detection feature described above, and only with your consent;
   • To comply with applicable laws or regulations; or
   • For security purposes (for example, investigating abuse).

   We never sell, rent, or trade Gmail data. All other transfers of Gmail data are prohibited.

3. We do not use Gmail data for advertising. We never use Gmail data — or any data derived from it — to serve advertisements, including personalised, retargeted, or interest-based advertising.
4. Humans do not read your emails. Lodo employees, agents, and contractors do not read the content of your emails. Automated systems process your email data exclusively. Human access to any data derived from your Gmail would only occur:
   • With your explicit, affirmative consent (for example, if you contact support about a plan-detection issue and agree to share specific message details);
   • Where necessary for security purposes (for example, investigating a bug or suspected abuse); or
   • To comply with applicable law or regulation.

Revocation and deletion

You can disconnect your Gmail account at any time from your Lodo account settings or by removing Lodo from your Google Account permissions page. Once revoked:

• We will not access your Gmail again unless you explicitly reconnect.
• No email content is retained at any point — it was only ever processed in memory and discarded.
• Structured plan data previously extracted from your emails remains in your profile as part of your switching history. You can request deletion of this data, or delete your entire Lodo account, at any time by contacting [email protected] or through your account settings.

Security assessment

Lodo undergoes an annual security assessment in accordance with Google's Cloud Application Security Assessment (CASA) framework to maintain access to restricted Gmail scopes.

12. How We Keep Your Data Secure

We have appropriate security measures in place to prevent your information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. All data is encrypted at rest and in transit. Sensitive financial data (full card numbers, security codes, bank details) is never stored by Lodo — it is handled exclusively by our secure providers.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator where we are legally required to do so.

13. How to Complain

Please contact us first if you have any queries or concerns about our use of your information:

Email: [email protected]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: https://ico.org.uk/make-a-complaint
• Phone: 0303 123 1113

14. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will take steps to inform you — for example, by email or via a notice in the Lodo service.

The “Last updated” date at the top of this policy will always reflect the most recent version.

LODO TECHNOLOGIES LTD, company number 17000602. Senna Building, Gorsuch Place, London, E2 8JF, England.