Privacy Policy

Last updated: 22 May 2026

Ricki Robin ("we", "us", "our") is a UK-based apparel brand. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our app and website at ricki-robin.com (the "App") and purchase products through our store at ricki-robin.store (the "Store").

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is:

Ricki Robin
United Kingdom
Email: hello@ricki-robin.com

2. What Data We Collect

Account Information

When you create an account or sign in, we may collect:

• Email address — provided directly or via Google sign-in
• Name — from your Google profile or manually entered
• Profile picture — from your Google profile or uploaded by you
• Display name and bio — if you choose to set them

Usage Data

We collect anonymised usage data to improve the App, including:

• Pages and screens viewed
• Products browsed, saved, and tapped
• Designers followed
• App version and platform (web, iOS, Android)
• General location (country level, derived from IP address for currency localisation)

Push Notification Tokens

If you opt in to push notifications, we store your device push token to send you notifications about new products, designers, and collections.

Profile Photos

If you upload a custom profile photo, it is stored securely in our cloud storage and associated with your account.

3. How We Use Your Data

We use your personal data for the following purposes:

Purpose	Legal Basis
Account creation and authentication	Contract / Consent
Displaying your profile information	Contract
Saving your product preferences	Contract
Sending push notifications (if opted in)	Consent
Sending magic link login emails	Contract
Improving the App experience	Legitimate Interest
Currency and locale detection	Legitimate Interest

4. Third-Party Services

We use trusted third-party services to operate the App. Your data may be processed by:

Service	Purpose	Data Shared
Supabase	Authentication, database, file storage	Email, name, profile data, saved products
Google OAuth	Sign-in with Google	Email, name, profile picture (from Google)
Shopify	Product catalogue and checkout	No personal data shared from the App; Shopify handles its own checkout data
Vercel	App hosting and deployment	IP address (server logs)
Expo / React Native	App framework and push notifications	Push notification tokens

Each of these services has its own privacy policy, and we encourage you to review them.

5. Cookies and Local Storage

The App uses localStorage (not traditional cookies) to:

• Persist your login session so you stay signed in between visits
• Cache app preferences for a faster experience

We do not use advertising or tracking cookies. We do not share data with advertisers.

6. Data Retention

• Account data is retained for as long as you have an active account. If you delete your account, your data will be permanently removed within 30 days.
• Usage analytics are retained in anonymised form and cannot be linked back to you.
• Push notification tokens are removed when you uninstall the App or revoke permission.

7. Your Rights

Under UK GDPR, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Ask us to correct inaccurate data
• Erasure — Ask us to delete your data ("right to be forgotten")
• Portability — Request your data in a machine-readable format
• Object — Object to processing based on legitimate interest
• Withdraw consent — Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at hello@ricki-robin.com.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) for all data
• Row Level Security (RLS) on our database to ensure users can only access their own data
• Secure token-based authentication
• Profile photos stored in access-controlled cloud storage

9. Children's Privacy

The App is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

10. International Transfers

Some of our third-party service providers (such as Supabase and Vercel) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: hello@ricki-robin.com
Website: ricki-robin.com