2 min read
The outbound rule
Nothing the public ring returns identifies a specific customer. The loyalty endpoint returns the tier vocabulary, not any person’s tier. The billers endpoint returns public-safe fields with bank and settlement data structurally absent. CMS pages are published marketing copy. There is simply no per-customer data to leak.
The inbound rule
Two endpoints accept data: enquiries and consent. Both require explicit consent — an enquiry must carry fields.consent = "yes", and the consent endpoint exists precisely to record a PECR cookie-consent snapshot into an append-only audit trail. You control what you put in an enquiry’s fields; keep it to what the person knowingly provided.
What this means for GDPR
Because no PII flows out, your read integrations carry little privacy risk. Your write integrations do carry a duty: you are the controller for the data you collect on your form before you forward it, so gather consent, minimise fields, and be ready to honour access and erasure requests for it. The cookie-consent endpoint helps you evidence PECR compliance for the analytics/marketing choices you record.
Frequently asked questions
Can I read a specific customer’s loyalty tier from the public API?
No. The public endpoint returns the tier vocabulary and thresholds only — no PII. A customer’s own tier is served behind authentication on the internal ring, never on the public one.
Do I have GDPR duties when I submit an enquiry?
Yes, for the data you collect. You are the controller for what you gather on your form; collect consent, minimise fields to what is needed, and be ready to service access/erasure requests. The enquiry endpoint enforces a consent flag on every submission.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.
