Privacy Policy
How Closetary Ltd collects, uses, stores, and protects your personal information.
Last Updated: March 2026
1. Introduction
Closetary Ltd ("we", "us", "our") is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal information when you use the Closetary mobile application and related services.
We are the data controller for your personal data and are registered with the Information Commissioner's Office (ICO) as required under UK data protection law.
2. Data We Collect
2.1 Information You Provide
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name and email address | Account creation and communication | Contract performance |
| Password (hashed) | Account security | Contract performance |
| Body type and style preferences | Personalised outfit recommendations | Consent |
| Wardrobe item details (photos, descriptions, brands) | Core wardrobe management service | Contract performance |
| Purchase information | Value tracking, cost-per-wear analytics | Consent |
2.2 Information Collected Automatically
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Device information (OS, model) | App compatibility and debugging | Legitimate interest |
| Usage analytics (screens viewed, features used) | Service improvement | Legitimate interest |
| Location data (approximate, if permitted) | Weather-based outfit suggestions | Consent |
| Crash reports | Technical issue resolution | Legitimate interest |
2.3 Information from Third Parties
| Source | Data Type | Purpose |
|---|---|---|
| Google OAuth | Name, email, profile photo | Social login |
| Apple Sign In | Name, email | Social login |
| Barcode databases | Product information | Item auto-population |
3. How We Use Your Data
- Provide the core service — Manage your digital wardrobe, generate outfit suggestions, and track sustainability impact
- Personalise recommendations — Use your style preferences, body type, and feedback to improve outfit suggestions
- AI model improvement — Anonymised, aggregated usage data to improve our recommendation algorithms
- Communication — Send service-related notifications and, with your consent, promotional content
- Legal compliance — Meet our legal and regulatory obligations
4. Legal Basis for Processing
Under UK GDPR (UK General Data Protection Regulation), we process your data based on:
- Contract performance (Article 6(1)(b)) — Data necessary to provide our service
- Consent (Article 6(1)(a)) — Optional data you choose to provide (location, body type, marketing)
- Legitimate interests (Article 6(1)(f)) — Service improvement, fraud prevention, analytics
You can withdraw consent at any time through the app settings.
5. Data Storage and Security
5.1 Storage Location
All personal data is stored within the United Kingdom using AWS eu-west-2 (London) data centres, ensuring compliance with UK data residency requirements.
5.2 Security Measures
- Passwords are hashed using bcrypt (never stored in plain text)
- All API communication is encrypted via TLS 1.3
- Access tokens expire after 30 minutes; refresh tokens after 7 days
- Database encryption at rest (AES-256)
- Regular security audits and penetration testing
5.3 Retention Period
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Wardrobe items | Until item or account deletion |
| AI feedback data | Anonymised after 2 years |
| Usage analytics | 12 months (aggregated) |
| Financial records | 7 years (legal requirement) |
6. Data Sharing
We do not sell your personal data.
We share data only with:
| Third Party | Purpose | Safeguards |
|---|---|---|
| AWS (Amazon Web Services) | Cloud hosting | UK data centres, Data Processing Agreement |
| Google Cloud AI | AI outfit recommendations | Anonymised data only, DPA in place |
| Stripe | Payment processing (marketplace) | PCI DSS Level 1 certified |
| Charity partners | Donation logistics | Minimal data (item type, quantity) |
7. Your Rights (UK GDPR)
Under UK data protection law, you have the right to:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | In-app or email |
| Rectification | Correct inaccurate data | Edit in app or email |
| Erasure | Request deletion of your data | In-app "Delete Account" or email |
| Restriction | Limit how we process your data | Email request |
| Portability | Receive your data in a structured format | Email request (JSON export) |
| Objection | Object to processing based on legitimate interests | Email request |
| Withdraw consent | Remove consent for optional data processing | In-app settings |
Contact: privacy@closetary.co.uk
8. Children's Privacy
Closetary is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.
9. International Transfers
All data is processed within the UK. If we need to transfer data internationally in the future, we will ensure appropriate safeguards are in place, such as:
- UK Standard Contractual Clauses
- UK Adequacy Regulations
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via the app or email. The "Last Updated" date at the top reflects the latest revision.
11. Contact Us
Data Controller: Closetary Ltd
Email: privacy@closetary.co.uk
Address: Registered UK address
ICO Complaints: If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.