Privacy Policy

1. Who We Are

Buyer Collection Builder ("we", "us", "our") is a fashion buying and collection planning application. We act as a data controller for personal data processed through this service for account management, application security, and operational analytics.

2. Scope

This policy explains how we collect, use, store, and protect personal data when you use this website and related services. It is designed to align with UK GDPR and the Data Protection Act 2018.

3. Personal Data We Process

We may process the following categories of personal data:

• Account details such as name, email address, and encrypted password hash.
• Authentication/session data required to keep you signed in securely.
• Usage data such as actions performed in the app, timestamps, and error logs.
• Optional integration data (for example Pinterest board URLs and related metadata) that you provide.

4. How We Use Personal Data

• To provide and secure access to the platform.
• To operate core buyer workflow features (collections, rails, stories, exports).
• To maintain service reliability, prevent abuse, and investigate incidents.
• To support requested integrations and AI-assisted recommendations where enabled.

5. Lawful Bases (UK GDPR)

• Legitimate interests: running and securing a professional buying platform.
• Contract: delivering the service features you request.
• Consent: where required for optional integrations or processing activities.
• Legal obligation: where we must retain or disclose information under applicable law.

6. Sharing and Processors

We use trusted processors to host and operate the service (for example cloud hosting and database providers). We do not sell personal data. Data is shared only where needed to deliver the service or comply with legal obligations.

7. International Transfers

Where data is transferred outside the UK, we use appropriate safeguards such as UK adequacy regulations or contractual protections.

8. Retention

We retain personal data only as long as necessary for operational, contractual, and legal purposes. We regularly review data and delete or anonymise where no longer required.

9. Security

We apply technical and organisational measures including access controls, encrypted transport (HTTPS), password hashing, and audit logging. No system is fully risk-free, but we take reasonable steps to protect data.

10. Your Rights

Under UK GDPR, you may have rights to:

• Access your personal data.
• Request correction of inaccurate data.
• Request deletion in certain circumstances.
• Restrict or object to certain processing.
• Request data portability where applicable.
• Withdraw consent where processing relies on consent.

11. Contact and Complaints

For privacy requests, contact your platform administrator or privacy contact for this deployment. You may also raise concerns with the UK Information Commissioner's Office (ICO): ico.org.uk.

12. Updates to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.