Cautionary Tale: Curve (Curve Pay) Data Retention for Rejected Applicants

I see Curve Pay mentioned here occasionally as an alternative to Google Pay for GrapheneOS users. I wanted to share my recent experience as a warning.

As a GrapheneOS user, I was looking for a non-Google mobile payment solution and tried to sign up for Curve. My application was rejected for unspecified reasons.

I then requested deletion of my personal data. Curve's response has been a massive red flag. They formally refused, citing anti-money laundering (AML) obligations to retain my data for 10 years from the end of "the applicant’s relationship with Curve", a "relationship" that consisted of a rejected application and no account ever being opened.

My internal complaint was denied, and they've escalated the issue to the Financial Ombudsman and the Bank of Lithuania.

For a community focused on privacy and data minimization, this is alarming. Even if you are accepted, it raises serious questions about what happens to your data if you ever close your account or have issues. The "privacy-friendly" alternative to Google Pay may be a company that holds onto your data for a decade without you being a customer.

If you're considering Curve as a privacy play, you might want to think again. I'm now taking this to the ICO and will be avoiding their service entirely.

reddit.com
u/freshpandasushi — 13 days ago
▲ 1 r/curve+1 crossposts

Warning: My GDPR data deletion request was denied by Curve (a fintech) because they consider a rejected applicant a "relationship" and kept my data for 10 years.

Just a heads-up for anyone considering signing up for Curve.

I recently applied for a Curve account. My application was rejected. I then submitted a Right to Erasure (Right to be Forgotten) request under the GDPR, asking them to delete my personal data.

Curve has now formally refused. Their final response claims they are required to retain my personal data (including application details) for a full 10 years under anti-money laundering (AML) regulations. Their justification? They consider the period from a rejected application as part of "the applicant’s relationship with Curve."

I am not and never was a customer. No account was opened, no services were used, and no transactions occurred. Yet they insist they have a legal obligation to keep my data for a decade. My complaint to their internal team was denied, and they've pointed me to the Financial Ombudsman Service (UK) and the Bank of Lithuania (EEA) for further escalation.

This seems like a grossly disproportionate interpretation of data retention laws and a misuse of the GDPR's exceptions for legal compliance. Be very careful before giving this company your personal data. A rejected application can apparently tie up your personal information for a decade, regardless of your consent.

I'm now proceeding with my complaint to the ICO (UK) and the relevant authorities.

reddit.com
u/freshpandasushi — 13 days ago

Can't take screenshots in Proton Mail app on GrapheneOS – "disabled by your admin"

Crossposting from r/GrapheneOS.

To be clear, I'm not asking Proton to remove the screenshot block for everyone. I'm asking if there's any official way for users to disable it on their own device, since we are our own admins.

On earlier versions of the Proton Mail app, there was a "Screen Security" toggle in settings that allowed screenshots. That setting no longer exists.

Is this a permanent change? Are there any plans to bring back a user-controllable option?

Has anyone on stock Android (non-GrapheneOS) also lost the ability to take screenshots in Proton Mail? Trying to determine if this is Proton's universal decision or something specific to custom OS detection.

I'm aware this is a FLAG_SECURE implementation. I'm just looking for any official workaround or setting I might have missed.

reddit.com
u/freshpandasushi — 21 days ago

Can't take screenshots in Proton Mail app on GrapheneOS – "disabled by your admin"

I'm running GrapheneOS on a Pixel device, and whenever I try to take a screenshot inside the Proton Mail app, I get a message saying "Screenshot disabled by your admin."

This is my own personal phone, I'm the only user and there's no work profile or MDM policy active.

I understand Proton Mail uses FLAG_SECURE to block screenshots for privacy reasons. I also know that in the past there was a "Screen Security" setting inside the Proton Mail app that could disable this block, but that setting no longer exists in the current version of the app.

I checked GrapheneOS system settings, but there's no native option to override FLAG_SECURE either. I've heard it's a planned feature for GrapheneOS but low priority and not implemented yet.

I don't want to root my phone or use Magisk modules if I can avoid it, since that defeats much of the security benefit of GrapheneOS.

Has anyone found a working solution for this on GrapheneOS?

A system workaround I'm missing?

A way to re-enable the old Proton Mail setting via ADB or something?

A third-party app or patch that doesn't require full root?

Or am I just out of luck unless Proton Mail brings back the toggle or GrapheneOS implements system-level override?

Thanks in advance.

UPDATE – SOLVED (for my setup):

Turns out the "Screenshot disabled by your admin" message only appears when using the recent apps / app switcher screenshot button.

Using the hardware keys (Power + Volume Down) works perfectly fine in Proton Mail on GrapheneOS. No root, no settings changes needed.

Thanks to u/nelizea for the tip. Hope this helps anyone else running into the same confusion.

reddit.com
u/freshpandasushi — 21 days ago