Sugar Cap Ltd Privacy & Cookies notice. Updated 3rd June 2021


We are Sugar Cap Ltd (also referred to as ‘Sugar’, ‘we’, ‘us’ or ‘our’). At Sugar we are committed to protecting and respecting your privacy. We are registered in England and Wales under company number 12144526, and have our registered office at 1 Woodland Gardens, London, England, N10 3UE. We are registered with the Information Commissioner’s Office under registration ZA547074.

We have set out in this policy how we use your personal information when you use our website, make a funding application, or access services for businesses that have received funding from us. 

If you would like to know more about how we handle personal information or would like to exercise your legal rights surrounding your personal information please contact our Data Protection Officer at

Our Website is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Website. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Website or on or through any of its features/register on the Website, submit any financing applications or materials through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a person under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a person under 18, please contact us at

How we collect personal data

The business and people authorised by the business are referred to as ‘you’ or ‘your’.

Where you share personal data with Sugar which is not about yourself, for example, about an employee, business partner, director, owner, you must have the permission of the other person and confirm that they understand how we will use their data. When personal data is shared with Sugar we will assume that this permission has been granted.

Sugar may collect personal information (including Personal Data) and other information about you, including but not limited to the following

  • Registration Information: When you register to use our platform, you will be asked for basic registration information, such as an email address, password and company details.
  • Identification and Banking Information: You may also be asked to provide identification information to confirm your identity, including your first and last name, post code, social security number, business name and phone number, as well as bank statements, credit card statements, banking history, payment and transaction history.
  • Business Information: You may also be asked to provide business information and documentation, including company size, financial statements, business type, organisational documents and business plans, as well as beneficial ownership information.
  • Third-Party Authorisation: You may also enter in certain account information for third-party sites and Internet services (“Third-Party Sites”).
  • Information from Third-Party Sites: In order to display information to you or to fulfil your requests for certain products and services through a Service, we may collect, on your behalf, your account and other personal information from Third Party Sites that you register under your account. We may also collect information about you from mailing list providers, publicly available sources, and other third parties, including to process and manage your application and transactions.
  • Information Collected by Cookies and Web Beacons: We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files that are stored on your hard drive or in device memory by a website. Among other things, cookies support the integrity of our registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We may also collect information using web beacons. Web beacons are electronic images that may be used in our Services or emails. We may use web beacons to deliver cookies, count visits, understand usage, and determine whether an email has been opened and acted upon. Our Cookie Policy is described in more detail below.
  • Navigational Information: We may collect your computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This information may be used, for example, to alert you to software compatibility issues, or it may be analysed to improve our web design and functionality.
  • We also use information from external sources when you apply for funding we use the following data providers to determine eligibility and monitor performance.
    • We will need to verify your identity and search your record with fraud prevention agencies, Anti Money Laundering (AML), and Know Your Customer (KYC) service providers via CreditSafe.
    • We also check details about the company via Companies House.
    • We utilise Codat to connect to your accounting software
    • We utilise Plaid to connect your bank account information
    • We integrate with your in game metric information and revenue generating platforms.

Why we collect information

European Data protection laws state that we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section, we explain which one we rely on to use your data in a certain way.

We need to use your data for a contract we have with you, or to enter into a contract with you for finance. We use details about you to:

  • Consider your finance application
  • Give you the services we agreed to in line with our terms and conditions
  • Send you messages about your account and other services you use if you get in touch, or we need to tell you about something
  • Exercise our rights under contracts we have entered into with you, like managing, collecting and recovering money you owe to us
  • Investigate and resolve complaints and any other potential issues

We need to use your data to comply with the AML / KYC legal requirements. We must:

  • Confirm your identity when you sign up or get in touch
  • Check your record at fraud prevention agencies
  • Prevent illegal activities like money laundering, tax evasion and fraud
  • Keep records of information we hold about you in line with legal requirements

We must adhere to all banking laws and regulations that we are subject to (these mean we sometimes need to share customer details with regulators, law enforcement or other third parties)

When it’s in our ‘legitimate interest’.

We may need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights. We may:

  • tell you about products and services through the website or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We do this so that we can make sure our marketing is useful.
  • track, analyse and improve the services we give you and other customers and how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can make our products better and understand how to market them.
  • protect the rights, property or safety of us, our customers or others
  • carry out security and maintenance checks to make sure our website and other services run smoothly for you
  • manage Sugar’s business and financial affairs and protect our customers and staff
  • share information with credit bureaus so we can benefit from up-to-date information when we make lending decisions, and other companies so they can help us provide our services


Sugar will ask for your consent to:

  • tell you about our products and services, and those of our partners if we think they’re of interest to you. You can unsubscribe from our emails by email.
  • share information about you with companies we work with when we need your permission (see ‘Who we share your data with’ below)
  • You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of our services.

Who Sugar share your data with

Companies that give services to us. Here we mean companies that help us provide services you use, and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name).

  • Know Your Customer (KYC) and Anti-Money Laundering (AML) service providers that help us with identity verification or fraud checks such as CreditSafe
  • cloud computing power and storage providers like Amazon Web Services (AWS) and Google Cloud
  • our business intelligence and analytics platform provider
  • companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt-out any time)
  • software companies that we use for emailing you

Where you have given us permission to do so:

  • Open banking providers to transmit information relating to payment accounts such as Plaid
  • your own banking, sales, advertising, accounting or other business platforms to determine eligibility and monitor performance such as AppsFlyer, Google, Codat or Xero
  • people you’ve asked to represent you, such as solicitors
  • Law enforcement and other external parties.

Sugar may share your details with:

  • authorities that spot and stop financial crime, money laundering, terrorism, and tax evasion if the law says we have to, or if it’s necessary for other reasons
  • the police, courts or dispute resolution bodies if we have to
  • other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment
  • any other third parties where necessary to meet our legal obligations

Automated finance decisions via the Sugar Platform

We sometimes use computers to make decisions. We do this for things like deciding if we can make you a funding offer based on information we hold about you. This includes details on whether you’ve kept up to date with payments on any credit accounts, and if you’ve been to court. If you would like Sugar to review a decision that has been made you can also email us at

How long we keep your information

We keep most of your data as long as you are using Sugar, and for 5 years after that to comply with the law and if we face a legal challenge. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to.

To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

Your rights

You have a right to:

  • access the personal data we hold about you, or to get a copy of it
  • ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else
  • make us correct inaccurate data
  • ask us to delete, ‘block’ or suppress your data, though for legal reasons we might not always be able to do it
  • say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances
  • companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt-out any time)
  • withdraw any consent you’ve given us
  • ask a member of staff to review a computer-made (automated) decision

To do any of these things, please contact us through the website or by emailing EU data protection laws, like the GDPR, give us one month to respond.

Where we store or send your data

We may transfer and store the data we collect from you to organisations outside the European Economic Area (‘EEA’). When we do this, we make sure that your data is protected and that:

  • the European Commission says the country or organisation has adequate data protection, or
  • We have agreed to standard data protection clauses approved by the European Commission with the organisation.

How to make a complaint

If you have a complaint about how we use your personal information, please send an email to

If you are not satisfied with the outcome of our review, you can refer your complaint to the UK’s supervisory authority: Information Commissioner’s Office (ICO). For more details, you can visit their website at

Cookies Policy:

We and our third-party service providers use cookies and similar technologies to collect information about, and relevant to, your usage of the Site. Cookies are small text files that are stored on your computer when you visit the Site. It is standard practice to use cookies to make your experience better when using a website.

We use the following categories of cookies and similar technologies on this Site:

  • Strictly necessary cookies: These cookies are essential to enable you to move around the Site and use its features. Without these cookies, services you have asked for (such as remembering your login details or the items you placed in your basket) cannot be provided.
  • Analytics cookies: These cookies collect information about how you use the Site, for instance which pages you go to most often, what searches you perform and if you get error messages from web pages. Information these cookies collect can be used to improve how the Site works.
  • Customization cookies: These cookies allow the Site to remember choices you make (such as your user name) and provide enhanced, more personal features. These cookies cannot track your browsing activity on other Sites.
  • Security cookies: These cookies form part of our security features, for example, by helping us detect malicious activity or violations of our terms of use.
  • Social media cookies: These cookies allow you to share your activity on the Site on social media such as Facebook and Twitter. These cookies are not within our control. Please refer to the privacy policies of the social networks in question for information regarding how their cookies work.
  • Targeting or advertising cookies: These cookies record your visit to the Site, the pages you have visited and the links you have followed. We use this information to make our Site and the advertising displayed on it more relevant to your interests. [We may also share this information with third parties for this purpose.

When you visit the Site for the first time (and periodically after that), we will request your consent to the setting of all cookies other than strictly necessary cookies.

  • You can delete existing cookies and disable some or all types of cookies in future if you wish. To disable some or all types of cookies, you will have to change the settings on your browser. If you change your mind, you can enable cookies again at any time. Disabling cookies on your browser may stop the Site from working properly.
  • To find out more about cookies please visit
Ready to accelerate growth?