Someone here posted a comment:
Whilst Starling has a lot going for it, they have, I fear, made one significant mistake. Unlike Revolut and Monzo, they use a questionable offshore company to process our card spending. This means Starling have to focus on front end gimmicks like orientation on the plastic instead of being able to guarantee that our personal data is not sitting resident in RAM in an offshore server waiting to be hacked. This is the achilles heel.
Is there official information where I can read more about this? The “questionable offshore company to process our card spending” sounds like a very big problem to me, personally.
What happens to my data? I assume Starling operates under GDPR, but how about that offshore processing company? How can you make sure they stick to EU data protection and privacy rules?
I’m sure Starling will reply to this with “Don’t worry, we all stick to the privacy rules and your personal data is very important to us blah blah”. But that’s not very reassuring to me.
And even if everyone in the “chain” is bound by GDPR, wouldn’t it be nice, since this is about banking and very personal data, to have even stricter rules? GDPR is far from sufficient in many respects.
This thread is slightly related to Starling's Ethics.