Ayooba Logo
Legal

Privacy Policy

Last updated: 28 March 2026

This Privacy Policy describes how Ayooba Inc. ("Ayooba", "we", "our", or "us") collects, uses, discloses, and protects your personal information when you use our website (theayooba.com), mobile application, and related services (collectively, the "Platform"). We are committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

Ayooba Inc. is the data controller responsible for your personal data. For data protection enquiries, contact us at privacy@theayooba.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Identity data: Full name, display name, date of birth, profile photograph
  • Contact data: Email address, phone number (optional)
  • Account data: User type (Explorer, Wellness Expert, Brand), authentication provider (email, Google, Apple), email verification status
  • Profile data: Cultural background/roots, language preferences, fashion interests, bio, location

2.2 Transaction Data

When you make purchases or receive payouts, we collect:

  • Order history and transaction details
  • Delivery addresses
  • Payment method details (processed securely by Stripe; we do not store full card numbers)
  • Stripe Customer ID for subscription management

2.3 Marketplace Data

For Designers, Artisans, and Brands using the Fashion Market Hub:

  • Product listings (descriptions, images, pricing, categories)
  • Reviews and ratings received
  • Payout information and transaction history
  • Portfolio and storefront content

2.4 Wellness & Booking Data

For Wellness Expert services:

  • Appointment bookings (date, time, type of session)
  • Session notes (stored with encryption, accessible only to you and your Wellness Expert)
  • Wellness Expert qualifications and availability

2.5 Communication Data

  • In-platform chat messages (text, images, voice notes) between Users
  • Customer support correspondence
  • Newsletter subscription preferences

2.6 AI & Persona Data

  • Persona quiz responses and archetype results
  • AI try-on images (processed for virtual try-on rendering only)
  • Digital wardrobe preferences and saved items
  • Fabric bookmarks and style preferences

2.7 Technical & Usage Data

  • Device information (type, operating system, app version)
  • IP address and approximate geolocation
  • Firebase Cloud Messaging (FCM) tokens for push notifications
  • Usage analytics (pages visited, features used, session duration)

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Delivery

  • Creating and managing your account
  • Processing purchases, pre-orders, and subscription plans
  • Facilitating marketplace transactions and artisan payouts
  • Enabling chat communication between Users
  • Managing wellness appointment bookings
  • Providing AI-powered features (persona quiz, virtual try-on, outfit suggestions)

3.2 Personalisation

  • Tailoring product recommendations based on your interests and cultural preferences
  • Delivering content in your preferred language (English, French, Portuguese)
  • Customising your experience based on your user type and onboarding selections

3.3 Communications

  • Sending push notifications (which you can manage via notification preferences)
  • Delivering newsletter and marketing emails (with opt-out capability)
  • Notifying you of order updates, booking confirmations, and event reminders

3.4 Safety & Security

  • Processing user reports and safety complaints
  • Managing user blocking functionality
  • Preventing fraud, abuse, and unauthorised access
  • Enforcing our Terms of Service and community guidelines

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following lawful bases:

  • Contract: Processing necessary to perform our contract with you (account services, transactions, bookings)
  • Legitimate Interests: Improving and securing the Platform, personalisation, analytics, and fraud prevention
  • Consent: Marketing communications, AI feature usage, and cookie preferences (which you can withdraw at any time)
  • Legal Obligation: Tax reporting, regulatory compliance, and responding to lawful data access requests

5. Data Sharing

We share your data with the following categories of third parties:

  • Payment Processors: Stripe processes all payment transactions securely
  • Cloud Infrastructure: Data is stored securely on cloud servers
  • Authentication Providers: Google and Apple for social sign-in
  • Firebase: Push notification delivery and analytics
  • Marketplace Participants: Designers/Artisans receive necessary buyer information to fulfil orders
  • Wellness Experts: Receive booking information necessary to provide their services

We do not sell your personal data to third parties.

6. Data Retention

  • Account data: Retained for the duration of your account. Upon account deletion, personal data is permanently removed within 30 days, except where retention is required by law
  • Transaction records: Retained for 7 years for tax and regulatory compliance
  • Chat messages: Retained for the duration of the conversation. Deleted users' messages are anonymised
  • AI try-on images: Processed in real-time and not stored beyond the session unless explicitly saved to your digital wardrobe

7. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten"). You can delete your account directly through the app settings
  • Restriction: Request that we limit processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or for marketing purposes
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact privacy@theayooba.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with hashed passwords and JWT token-based sessions
  • Role-based access controls and tier-based feature gating
  • Regular security audits and vulnerability assessments
  • Firebase Cloud Messaging with secure token management

9. International Data Transfers

Your data may be processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO, to protect your data to UK GDPR standards.

10. Children's Privacy

The Platform is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

11. Cookies

Our website uses essential cookies for functionality and optional analytics cookies to understand usage patterns. You can manage your cookie preferences through your browser settings. Our mobile application does not use cookies but may use similar technologies for analytics and personalisation.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

13. Contact & Complaints

For privacy enquiries or to exercise your data rights:

Ayooba Inc.
Email: privacy@theayooba.com
Address: Salford, Greater Manchester, United Kingdom

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.