Privacy policy
Privacy Policy
Last updated: 1 May 2026 Effective from: 1 May 2026
1. Who we are
This Privacy Policy applies to Rewarded Wardrobe ("we", "us", "our"), a service operated by Benjamin Lado-Byrnes, sole trader, trading as Rewarded Wardrobe.
- Trading address: 13 Ridgemount, Weybridge, Surrey, KT13 9JD
- Contact: hello@rewardedwardrobe.co.uk
- ICO registration: pending — number will be added once registration is complete
We are the data controller for personal data collected through our website and service.
2. What data we collect
Identity & contact data
- Name, email address, phone number, postal address.
Financial data
- Bank account name, sort code, account number (only used to pay you for items we sell on your behalf).
Transaction data
- Clearout orders, items submitted, valuations, payouts, donations to charity.
Consent data
- Record of Terms & Conditions acceptance (version, date, IP, user agent).
- Qualification modal responses (which screens you acknowledged and when).
Technical data
- IP address, browser type, device information, cookies (see Cookie Policy).
Marketing preferences
- Whether you've opted in to marketing emails (separate from transactional).
We do not collect special-category data (health, ethnicity, etc.) or children's data (service is 18+).
3. How we collect it
- Directly from you, via forms on our website or Shopify checkout.
- From your stylist, if they registered you on your behalf.
- Automatically, via cookies and server logs when you use our website.
4. Why we collect it (legal bases)
| Purpose | Legal basis |
|---|---|
| Provide the clearout service you've asked for | Contract (Art. 6(1)(b) UK GDPR) |
| Pay you for sold items | Contract |
| Respond to enquiries | Legitimate interest |
| Prevent fraud and protect account security | Legitimate interest |
| Comply with accounting and tax obligations | Legal obligation |
| Send transactional emails (e.g. order received, payout sent) | Contract |
| Send marketing emails | Consent — only if you've opted in; withdraw anytime |
5. Who we share it with
We share the minimum necessary with the following processors:
| Processor | Purpose | Location |
|---|---|---|
| Shopify Inc. | Website hosting, checkout, order emails | Ireland / Canada |
| Supabase Inc. | Database of record | EU-West (Ireland) |
| Resend Inc. | Transactional emails (hello@rewardedwardrobe.co.uk) | EU-West (Ireland) |
| Parcel2Go (Smart Send) | Outbound bag shipping | UK |
| ZigZag Global | Return shipping labels and tracking | UK |
| Starling Bank / Modulr | Payout processing | UK |
| Xero | Accounting records | UK / Ireland |
| Telegram (LLC) | Internal operations alerts (no customer data sent except aggregate counts) | Global |
| n8n (self-hosted) | Workflow automation orchestrating the above | UK (our VPS) |
We do not sell your data. We share bank details only with Starling/Modulr to execute your payout, and only at the point of payment. Bank details are encrypted at rest in our database and are never exposed through our public API.
International transfers, where they happen, rely on UK-approved Standard Contractual Clauses or adequacy decisions.
6. How long we keep it
| Category | Retention |
|---|---|
| Order and payout records | 7 years (UK business record-keeping) |
| Bank details | Until you ask for deletion or 7 years after final payout, whichever is sooner |
| Transactional email logs | 12 months |
| Qualification and T&Cs acceptance records | 7 years (legal defence of the clearout contract) |
| Marketing opt-ins | Until you withdraw consent |
| Website analytics cookies | 24 months max (usually less) |
After the retention period, data is deleted or securely anonymised.
7. Where we store it
Primarily in the UK and EU-West (Ireland). Backups are encrypted. Access is limited to authorised personnel and to automated systems under our control.
8. Security
- Data encrypted in transit (TLS 1.2+).
- Bank details encrypted at rest using AES-256 with keys held in Supabase Vault.
- Access to production systems requires multi-factor authentication.
- Immutable audit log of significant state changes.
9. Your rights
Under UK GDPR you have the right to:
- Access — a copy of the personal data we hold about you.
- Rectification — correct data that's inaccurate.
- Erasure — ask us to delete your data ("right to be forgotten"), subject to retention obligations.
- Restriction — ask us to stop processing certain data.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interest.
- Withdraw consent — for anything processed on consent basis.
- Lodge a complaint with the ICO at ico.org.uk.
To exercise any right, email hello@rewardedwardrobe.co.uk.
10. Children
This service is for adults only (18+). We do not knowingly collect data from under-18s. If you believe a child's data has been submitted, contact us and we will delete it.
11. Changes to this policy
We will update this policy from time to time. The "Last updated" date at the top reflects the most recent version. For material changes, we will email active customers.
12. Contact
Rewarded Wardrobe — hello@rewardedwardrobe.co.uk
If you're not satisfied with our response, you can contact the Information Commissioner's Office at ico.org.uk or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.