Privacy Policy
1. Who we are
deteqta is a service operated as a sole trader business based in England. We provide an AI-powered pricing and profit estimation tool for UK vintage clothing and footwear resellers.
You can contact us at: support@deteqta.com
deteqta is registered as a data controller with the Information Commissioner's Office (ICO) under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Registration details are available on request or via the ICO public register.
2. What data we collect
We collect the following personal data when you use deteqta:
Account data: Your email address and encrypted password (or, if you sign in with Google, your Google account email and profile name). We do not store your Google password.
Scan data: The descriptions, photos, condition, size, and location information you submit when performing a scan. This data is used to generate your Valuation and is stored in your scan history.
Inventory and sales data: Purchase prices, listed prices, sale prices, platforms, and dates you record in the inventory tracker.
Payment data: When you subscribe, payment is processed by Stripe. We store a Stripe customer reference ID linked to your account. We do not store your card number, expiry date, or CVV; these are held exclusively by Stripe.
Push notification tokens: If you opt in to push notifications, we store a device token to deliver notifications to you. You can withdraw this at any time in Account settings.
Technical data: Server logs may record your IP address and browser type for security and debugging purposes. These logs are retained for a maximum of 30 days.
3. How we use your data
We use your personal data for the following purposes:
Providing the service: To create and maintain your account, process your scans, store your scan history, and manage your subscription.
Sending notifications: If you opt in, to send you push notifications about your scans and items (e.g. reminders to track your sales).
Billing: To process subscription payments and manage billing via Stripe.
Improving deteqta: Aggregated, anonymised scan data may be used to improve our pricing models. We do not use individually identifiable scan data for this purpose without further notice to you.
Legal compliance: To comply with our obligations under UK law, including data protection, consumer protection, and tax legislation.
4. Legal basis for processing
Under UK GDPR, we rely on the following legal bases:
Contract performance (Art. 6(1)(b)): Processing your account data, scan data, and payment data is necessary to provide the deteqta service you have requested.
Legitimate interests (Art. 6(1)(f)): We have legitimate interests in maintaining service security, preventing fraud, and improving the quality of our AI pricing models. We have conducted Legitimate Interests Assessments for these processing activities, which are available on request.
Legal obligation (Art. 6(1)(c)): We retain certain records as required by UK tax and consumer protection law.
5. Data sharing and third parties
We share your data with the following third-party service providers, who act as data processors on our behalf:
Supabase (database and authentication): Stores your account data, scan history, and inventory records. Supabase operates servers in the US. Data transfers are covered by Supabase's Data Processing Agreement and the UK International Data Transfer Addendum (IDTA) to the EU Standard Contractual Clauses.
Stripe (payments): Processes subscription payments. Stripe is a PCI-DSS Level 1 certified payment processor. Data transfers to the US are covered by Stripe's Data Processing Agreement and standard contractual clauses.
Anthropic (AI analysis): Your scan descriptions and images are sent to Anthropic's Claude API to generate Valuations. Anthropic processes this data in the US under their API data processing terms. Scan data submitted to the API is not used by Anthropic to train their models under our API agreement.
We do not sell your personal data to any third party. We do not use advertising networks or data brokers.
6. Data retention
We retain your personal data for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, with the following exceptions:
Anonymised records of DSAR requests are retained indefinitely for ICO accountability purposes. Financial transaction records required by HMRC are retained for 6 years in accordance with UK tax law (stored in anonymised form linked to the Stripe transaction reference, not to your name or email).
7. Your rights
Under UK GDPR, you have the following rights:
Right of access: You can request a copy of all personal data we hold about you. We will respond within 30 days.
Right to erasure: You can delete your account and all associated personal data at any time. Use "Delete my account" in Account settings. Erasure is processed immediately.
Right to rectification: If any of your data is inaccurate, please contact us at support@deteqta.com and we will correct it promptly.
Right to data portability: You can request your data in a machine-readable format (JSON). Contact support@deteqta.com.
Right to object: You can object to processing based on legitimate interests at any time. Contact support@deteqta.com.
If you are unhappy with how we handle your data, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.
8. Security
We take reasonable technical and organisational measures to protect your personal data, including encrypted data transmission (HTTPS), encrypted database storage via Supabase, and access controls limiting who can view personal data.
No method of internet transmission is 100% secure. If you believe your account has been compromised, please contact us immediately at support@deteqta.com.
9. Children
deteqta is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or by email at least 14 days before the change takes effect. Continued use of deteqta after the notice period constitutes acceptance of the updated policy.