Public API

Privacy and PII on the public ring

No per-customer personal data ever crosses the public ring. Every response is either public vocabulary or a public-safe projection with sensitive fields structurally removed. Submissions carry only what the sender provides, gated by mandatory consent. For a GDPR-conscious integration, the public ring is the low-risk surface — but you still own the data you send to it.

2 min read

no PII outResponses are public-safe
consent-gatedSubmissions require consent
append-onlyConsent audit trail

The outbound rule

Nothing the public ring returns identifies a specific customer. The loyalty endpoint returns the tier vocabulary, not any person’s tier. The billers endpoint returns public-safe fields with bank and settlement data structurally absent. CMS pages are published marketing copy. There is simply no per-customer data to leak.

The inbound rule

Two endpoints accept data: enquiries and consent. Both require explicit consent — an enquiry must carry fields.consent = "yes", and the consent endpoint exists precisely to record a PECR cookie-consent snapshot into an append-only audit trail. You control what you put in an enquiry’s fields; keep it to what the person knowingly provided.

What this means for GDPR

Because no PII flows out, your read integrations carry little privacy risk. Your write integrations do carry a duty: you are the controller for the data you collect on your form before you forward it, so gather consent, minimise fields, and be ready to honour access and erasure requests for it. The cookie-consent endpoint helps you evidence PECR compliance for the analytics/marketing choices you record.

Frequently asked questions

Can I read a specific customer’s loyalty tier from the public API?

No. The public endpoint returns the tier vocabulary and thresholds only — no PII. A customer’s own tier is served behind authentication on the internal ring, never on the public one.

Do I have GDPR duties when I submit an enquiry?

Yes, for the data you collect. You are the controller for what you gather on your form; collect consent, minimise fields to what is needed, and be ready to service access/erasure requests. The enquiry endpoint enforces a consent flag on every submission.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.