To use our services you must be over 18 years of age and a UK resident
LAST UPDATED 20.03.2026
GAIN Credit LLC, trading as Afforda, is incorporated in Delaware, United States, and authorised and regulated by the Financial Conduct Authority (FCA), registration number 689378. We are also registered with the Information Commissioner's Office (ICO), registration number Z2752028.
Afforda is a credit broker, not a lender. We help match you with financial products from our panel of lenders and partners. We do not make lending decisions ourselves. In addition to credit referrals, we may also refer you to a range of financial support and wellbeing services, such as budgeting tools, benefits checking services, and other financial guidance tools, where we believe these may be relevant and beneficial to you.
As the entity operating under the Afforda trading name, GAIN Credit LLC is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy applies to your use of the Afforda website and services in the United Kingdom.
We have appointed a Data Protection Officer (DPO), who is responsible for overseeing how we handle personal data and ensuring compliance with data protection law. If you have any questions about this Privacy Policy, how we use your personal data, or if you would like to exercise your data protection rights, you can contact us as follows:
You may also write to us at: Afforda, PO Box 10756, Leicester, LE3 4GX.
We collect personal data when you use our website, submit an enquiry or application, contact us, and from third parties such as credit reference agencies and fraud prevention agencies.
You provide personal data directly when you use our website or submit an application. This may include your name, date of birth, contact details, personal circumstances, employment details, income and expenditure information, and banking information such as your sort code and account number. We use this information to assess which products you may be eligible for and to refer your application to appropriate lenders or partners.
When you use our website, or services, we automatically collect technical and usage information. This may include:
We use this information to operate our services, maintain security, prevent fraud, and improve our website.
We use analytics tools, such as Microsoft Clarity, to understand how our website is used and to improve our services. Where required by law, this information is collected only with your consent.
We may receive personal data from service providers who support our business, such as identity verification providers and technology providers. We may also obtain limited information from publicly available sources where permitted by law.
You must provide certain personal data for us to assess your eligibility and refer your application. If you do not provide this information, we may be unable to match you with a suitable product.
We use your personal data for the following purposes, in accordance with data protection law.
We use your personal data to assess which products on our panel you may be eligible for, verify your identity, and refer your application to appropriate lenders or partners. As a credit broker, we do not make lending decisions ourselves, these are made by the lender to whom your application is referred.
Where relevant and appropriate to your circumstances, we may use your personal data to assess your potential eligibility for financial support and wellbeing services, such as budgeting tools, benefits checking services, and other financial guidance tools. We do this in our legitimate interests in ensuring customers are directed to services that may genuinely help them, and in line with our commitment to supporting your financial wellbeing. We will only share the data necessary to make the referral.
We use your personal data to verify your identity, prevent fraud and financial crime, and protect our customers, services, and systems. This may include monitoring activity and analysing communications.
We use your personal data to communicate with you, respond to enquiries, investigate complaints, and provide customer support.
We process personal data to comply with applicable laws and regulations, including requirements imposed by the Financial Conduct Authority and other regulatory bodies.
We use personal data to monitor and improve our services, systems, and website. Where possible, we use aggregated or anonymised information for analysis and improvement.
We may send you information about products and services where you have given your consent. You can withdraw your consent at any time.
We rely on the following legal bases:
Special category data is sensitive personal information, such as information about your health. We do not request special category data when providing our services.
In limited circumstances, you may choose to provide health information when contacting us or using our service. We recognise that this information is particularly sensitive and we treat it with the utmost care. Where you share this type of information with us, we will only process it where permitted by data protection law, including where you have provided your explicit consent or where processing is necessary to protect your vital interests, establish, exercise or defend legal claims, or comply with legal obligations.
We do not use special category data to assess your eligibility, match you with products, or for marketing purposes. We apply additional safeguards to protect this information and retain it only for as long as necessary to fulfil the purpose for which it was provided and to comply with our legal and regulatory obligations. Where we rely on your consent, you have the right to withdraw that consent at any time by contacting us using the details in Section 2. Withdrawing consent will not affect anything we did before you withdrew it.
We operate globally and may transfer your personal data to, or allow access to your personal data from, our group companies, affiliates, and service providers located outside the United Kingdom where necessary to provide our services and operate our business. This may include transfers to countries such as the United States and India.
Where we transfer personal data to countries that have not been recognised by the UK as providing an adequate level of data protection, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (UK IDTA) or standard contractual clauses approved for use in the UK. Where your personal data is transferred to a country that has been recognised by the UK as providing an adequate level of data protection, we rely on that adequacy decision as the basis for the transfer. These safeguards are designed to ensure your personal data remains protected to UK data protection standards.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. This includes providing our services, complying with legal and regulatory obligations, preventing fraud, resolving disputes, and enforcing our legal rights.
The length of time we retain personal data depends on several factors, including the nature of your relationship with us, our legal and regulatory obligations including requirements imposed by the Financial Conduct Authority, applicable legal limitation periods, whether the information is needed to detect or prevent fraud, and whether it is relevant to a complaint, dispute, investigation, or legal proceedings.
When personal data is no longer required, it will be securely deleted in accordance with our data retention and security policies. Credit reference agencies and fraud prevention agencies may retain your personal data in accordance with their own retention policies.
You have certain rights in relation to your personal data under data protection law. These include the right to:
You can exercise your rights by contacting us using the details in Section 2. We will normally respond within one month and will never charge you for doing so. If you have concerns about how we use your personal data, you can contact our Data Protection Officer, and we will investigate and respond.
You also have the right to complain to the Information Commissioner's Office (ICO) at any time. More information is available at www.ico.org.uk.
We may send you information about our products and services by email, SMS, or other electronic means where you have given your consent, in accordance with the Privacy and Electronic Communications Regulations (PECR).
You can withdraw your consent and stop receiving marketing communications at any time by using the unsubscribe link in our communications or by contacting us. Once you withdraw your consent, we will stop sending you marketing. You have an absolute right to object to direct marketing at any time, and we will always honour this.
Where you have given separate consent, we may share your personal data with selected third-party partners so they can contact you about their products and services. You can withdraw your consent to this at any time, either by contacting us or the third party directly.
We do not sell your personal data to third parties.
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures include secure systems, encryption, access controls, and staff training. We also require third-party service providers who process personal data on our behalf to protect it in accordance with data protection law and appropriate security standards. We regularly review and update our security measures to help ensure your personal data remains protected.
Our website and app may contain links to third-party websites. If you follow a link to any of these websites, please note that they have their own privacy policies and we are not responsible for their practices.
Our services are only available to people aged 18 or over. We do not knowingly collect data from children.
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we use personal data. The latest version will always be available on our website and will include the date it was last updated.