Ayooba Logo
Legal

Data Protection & GDPR

Last updated: April 2026

1. Overview

Àyòọba Limited ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Àyòọba Limited is the data controller for personal data processed through this website and the Àyòọba mobile application. For data protection inquiries, contact us at privacy@theayooba.com.

3. Data We Collect

  • Account information: name, email, password (hashed with bcrypt)
  • Profile data: style preferences, cultural background, persona quiz results
  • Transaction data: purchase history, payment method (processed by Stripe)
  • Booking data: therapy and consultation appointments
  • Usage data: browsing behaviour, search queries, feature interactions
  • AI Try-On photos: processed and not stored beyond the session unless explicit consent is given

4. Your Rights

Under UK GDPR, you have the right to:

Access

Request a copy of your personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data ("right to be forgotten")

Portability

Receive your data in a machine-readable format

Restriction

Restrict how we process your data

Objection

Object to processing of your data

5. Mental Health Data Privacy

All data related to the Wellness & Therapist Hub — including booking details, session notes, and therapist communications — is treated as special category data under UK GDPR. This data is:

  • Stored in isolated, encrypted databases
  • Never shared with third parties
  • Accessible only to the user and their verified therapist
  • Deletable at user request

6. Security Measures

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • JWT-based authentication with secure token management
  • Bcrypt password hashing
  • Regular security audits and penetration testing

7. Cookies

We use essential cookies to operate the website and optional analytics cookies to improve the experience. Non-essential cookies are only activated after you provide explicit consent via our cookie banner.

8. Data Breach Notification

In the event of a data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected users without undue delay.

9. Contact

For any data protection queries or to exercise your rights, please contact our Data Protection Officer at privacy@theayooba.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).