Privacy Policy for BeautyShelf Effective Date: 11th April 2025 1. INTRODUCTION BeautyShelf is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, store, and protect the information you share with us when you use our BeautyShelf mobile application ("App" or "Platform"). This policy applies exclusively to data collected via BeautyShelf's App and associated services. About Us: ___________________________________________________________________________ 2. SCOPE OF THE POLICY This Privacy Policy outlines how BeautyShelf collects, processes, and protects your personal information. It applies exclusively to personal data collected through the BeautyShelf mobile application and any related services provided by BeautyShelf, including associated dashboards, websites, and platforms operated by MYBEAUTYSHELF LTD. This Privacy Policy covers all categories of users who interact with our platform, including: • Shoppers: Users who access the App to browse, discover, and purchase beauty products via affiliate links provided on our platform. • Non-Creator Sharers: Users who actively contribute by sharing their own beauty routines, product reviews, experiences, and insights with the BeautyShelf community. Non-Creator Sharers do not participate in BeautyShelf’s monetisation programmes or brand partnerships but use the platform for informational, educational, and community-oriented purposes. • Creators: Users who are registered and approved by BeautyShelf to participate in monetisation opportunities and brand partnerships facilitated by the App. Creators can upload and share monetised beauty content, including routines, product demonstrations, reviews, and personal recommendations. Creators gain access to additional features via the Creator Dashboard, including detailed analytics such as conversion rates, profile views, commissions earned, and transaction data to optimise their content and collaborations with brands. By accessing or using BeautyShelf, regardless of your user category, you explicitly acknowledge and agree to the collection, processing, and disclosure of your personal information in accordance with the practices described in this Privacy Policy. If you do not agree to this privacy policy in its entirety, you must discontinue your use of BeautyShelf immediately. ___________________________________________________________________________ BeautyShelf is operated by MYBEAUTYSHELF LTD ("BeautyShelf", "We", "Our", or "Us"), a company incorporated in England and Wales (company number: 15425266) with our registered office at Office 10, 7 Throwley Way, Sutton SM1 4AF. 3. INFORMATION WE COLLECT We collect and process personal information to provide, improve, and personalise your experience on the BeautyShelf App. The types of personal information we collect depend on your interactions with us, and whether you engage as a Shopper, Creator, or Non-Creator Sharer. Specifically, we collect the following information: 3.1 Information Provided Directly by You When you register for an account, complete your profile, interact with our services, or share content, you voluntarily provide us with certain personal information, including but not limited to: • Identity and Contact Information: o Your full name o Email address o Mobile phone number o Username and associated account credentials o Date of birth (where provided, primarily for age verification) o Profile picture (where voluntarily uploaded to personalise your user profile • Social Login Information (Third-Party Authentication): If you choose to register or log in to your BeautyShelf account using a third-party service, such as Apple ID, we will collect authentication details provided by the third-party platform. This typically includes your name, email address, and a unique identifier provided by the platform. We do not collect your third-party passwords, and your authentication data is securely managed and protected by the third-party service provider. • Profile and User-Generated Content (UGC): o Information you voluntarily choose to upload or share, including your beauty routines, product reviews, personal recommendations, images (only for creators), and video content (only for creators) o Preferences, interests, and interactions explicitly indicated within your profile and content uploads o Communications with our support team or interactions with other users through our platform • Contact List Integration (Optional): With your explicit permission, BeautyShelf may access your mobile device’s phone contacts to enable social connectivity features, such as suggesting friends or connections already using our App. Your contact information will not be stored or processed beyond the purposes you consented to, and you may withdraw this permission at any time via your device settings. • Authentication Information: Your username and password are securely managed through Firebase Authentication. BeautyShelf does not directly access, store, or manage user passwords. Passwords are stored using Firebase’s encrypted, secure protocols. 3.2 Information Collected Automatically To enhance your experience and ensure optimal App performance, we automatically collect specific technical and usage data via Firebase Analytics. Such information includes: • Technical Information: o Device identifiers and operating system information (device type, model, browser type) o Internet Protocol (IP) address and approximate geographical location (derived from IP address) o Mobile network information, including network operator and connection type • App Usage Information (Non-Behavioural): o Session information, such as duration and frequency of app use o General interaction metrics (e.g., app launches, feature engagement, general activity patterns) o Aggregated statistical data used to monitor and maintain App functionality 3.3 Dashboard Metrics (Aggregated and Anonymised Data) We utilise aggregated and anonymised metrics to measure user engagement and overall App performance. Such aggregated data is not personally identifiable and is used primarily for internal analytics and reporting to creators and brand partners. This data includes: • Conversion rates per brand and creator • Most searched products, brands, and beauty routines • Rankings of users and creators based on followers and sales generated 3.4 Sensitive Data We do not intentionally collect or process any sensitive personal data (also known as "Special Categories of Personal Data" under UK GDPR), such as information regarding: • Racial or ethnic origin • Political opinions or affiliations • Religious or philosophical beliefs • Trade union membership • Genetic or biometric data • Health-related information • Sexual orientation or practices • Criminal convictions and offences Should you voluntarily provide sensitive personal data through user-generated content or interactions, it is at your sole discretion and risk. We strongly advise users against sharing such sensitive information publicly. 3.5 Verification Information BeautyShelf collects only basic information for account verification and does not request or process any official government-issued identification documents. Verification is limited strictly to: • Name • Email address • Mobile phone number This information is collected solely for the purposes of verifying account authenticity, preventing fraudulent activity, ensuring the security of the platform, and complying with applicable legal and regulatory requirements. 3.6 Children’s Data (Age Restrictions) The BeautyShelf App and services are not intended or directed towards children under the age of sixteen (16). We do not knowingly collect or process personal data from individuals under sixteen without explicit parental or guardian consent. • Minimum Age Requirement: Users must be at least sixteen (16) years old to create an account and use the platform. • Parental Consent for Minors (16-18 years): If you are aged sixteen (16) to eighteen (18), you must obtain explicit consent from your parent or legal guardian before registering and using the App. By creating an account and using the BeautyShelf platform, you confirm that you are at least 18 years old or you have obtained this required parental consent. • Actions on Non-Compliance: If we become aware that personal data from a user under sixteen (16) years old has been collected without the required parental consent, we will promptly delete such data and terminate the associated account. ___________________________________________________________________________ 4. HOW WE USE YOUR INFORMATION BeautyShelf collects and processes your personal information for specific, explicit, and legitimate purposes. We use your information strictly in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We have outlined the purposes clearly below: 4.1 Provision of Services We use your personal information to deliver and enhance your experience with the BeautyShelf platform and services, including: • Creating, administering, and maintaining your BeautyShelf user account. • Facilitating your ability to browse, discover, and shop beauty products via affiliate links. • Allowing you to upload, share, and manage user-generated beauty content such as product reviews, beauty routines, recommendations, and associated images or videos. • Providing creators access to analytics, commission tracking, and performance reporting via the Creator Dashboard. 4.2 Affiliate Commission Management We process transaction-related data to manage affiliate commissions through our third-party affiliate networks (such as AWIN). This includes: • Tracking user clicks on affiliate links and the resulting transactions. • Calculating commissions payable to BeautyShelf and individual creators based on purchases completed through affiliate links. • Reporting aggregated and anonymised sales performance data to our creators and brand partners. 4.3 Personalisation and User Experience We use general engagement data (such as app interaction metrics and content preferences) to: • Provide personalised content feeds, product recommendations, and user suggestions. • Enhance the overall relevance and quality of the beauty recommendations and content displayed to you. • Tailor your experience according to your stated preferences and past engagement. We do not use automated individual profiling or detailed behavioural tracking for personalised advertising or remarketing. 4.4 Communication and Support We use your contact details (name, email address, and/or phone number) to: • Respond to your customer service inquiries, technical support issues, or other direct requests. • Provide transactional or administrative communications essential for maintaining your account and service usage. 4.5 Internal Analysis and Improvement of Services We analyse anonymised and aggregated user data to: • Monitor platform usage, technical performance, and general user trends. • Improve the quality and effectiveness of our service delivery, features, and content offerings. • Conduct internal business planning, reporting, forecasting, and market research. We ensure that personal identifiers are removed before performing internal analytics, thereby safeguarding your privacy. 4.6 Security, Compliance, and Fraud Prevention We use personal information to maintain platform security and compliance, including: • Protecting the BeautyShelf platform, services, users, and affiliates against fraud, unauthorised access, misuse, or other malicious activities. • Complying with legal obligations and regulatory requirements, including responding to valid legal requests or authorities where required by law. • Investigating and resolving complaints, disputes, or technical incidents effectively. ___________________________________________________________________________ 5. DISCLOSURE OF YOUR PERSONAL INFORMATION BeautyShelf respects the confidentiality of your personal information and ensures that any disclosure of data occurs only under strictly controlled circumstances, clearly outlined below. Where data sharing is necessary, we adhere strictly to the requirements set forth by the UK GDPR, the Data Protection Act 2018, and all other applicable laws and regulations. Specifically, we may share your personal information in the following clearly defined scenarios: 5.1 Service Providers (Data Processors) We may share your personal information with carefully selected third-party service providers who process data on our behalf and only according to our instructions. Such providers are subject to contractual obligations that require stringent security measures to protect your data. These include but are not limited to: • Firebase Authentication (Google): Firebase securely manages user authentication credentials (username and password) using advanced encryption standards. BeautyShelf does not have direct access to user passwords at any time. Firebase’s use of your data is strictly limited to providing secure account authentication. • Stripe Payments (For Creators): If applicable (such as for brand partnerships or paid promotions), we share limited transaction-related information with Stripe to facilitate secure payment processing. Stripe processes data strictly in accordance with their own privacy policy, accessible at Stripe Privacy Policy. 5.2 Affiliate Partners (Aggregated and Anonymised Data) We collaborate with affiliate marketing networks (e.g., AWIN) to offer affiliate links within our platform. Please note: • We do not directly share identifiable personal user data with affiliate networks. • Affiliate links used on our platform track referrals externally in an anonymised and aggregated manner, without identifying individual users. • We may share aggregated analytics and anonymised metrics (e.g., total clicks, product searches, conversion rates, general engagement statistics) with our affiliate partners or brands. Such data does not personally identify any individual user. 5.3 Social Media Integrations and External Content Our App integrates user-generated content from external social media platforms, including Instagram and TikTok: • Integration of this content is for display and engagement purposes only. • We do not share your personal data or detailed analytics directly with Instagram, TikTok, or any other external social media platforms. • Such integration does not involve outward marketing, targeted advertising, or personalised tracking by BeautyShelf. 5.4 Legal and Regulatory Compliance We may disclose your personal information if we are legally required or permitted to do so. This includes sharing data to comply with applicable laws and regulations, legal obligations, or court orders. Circumstances may include but are not limited to: • Responding to valid legal requests from courts, law enforcement authorities, regulatory bodies, or government agencies. • Investigating, preventing, or taking action regarding suspected fraud, unlawful activities, violations of our terms and conditions, or other security incidents. • Exercising or defending our legal rights, protecting the safety, rights, or property of BeautyShelf, our users, affiliates, or the public. We always aim to notify affected users wherever legally permitted and practical, except where notification could prejudice or jeopardise a legal investigation or proceeding. 5.5 Corporate Transactions (Business Transfers) If BeautyShelf undergoes a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred as part of such a transaction. We will ensure that your personal data continues to be processed securely and responsibly, and any such transaction will be clearly communicated to you where appropriate and required by law. 5.6 Sharing Information Within BeautyShelf We may share your personal data within MYBEAUTYSHELF LTD and any of our affiliated entities or subsidiaries, strictly to provide, improve, manage, and secure our services. All intra-group data sharing adheres to strict internal confidentiality, security measures, and data protection standards. Your Privacy is Our Priority: We will never sell or lease your personal information to third parties for marketing purposes. All third-party recipients of your personal data are obligated to handle your information securely and in accordance with applicable data protection legislation. Please contact us directly if you have any concerns or require additional information regarding data sharing practices outlined above. ___________________________________________________________________________ 6. Cookies & Tracking Technologies BeautyShelf uses cookies and related tracking technologies to enhance your user experience, provide essential app functionality, and monitor app performance and usage. This section outlines clearly what cookies we use, how we use them, and your options regarding their management. 6.1 What Are Cookies? Cookies are small text files stored on your device (smartphone, tablet, or computer) when you use applications or visit websites. These files contain information that helps recognise your device and support various functionalities within an application, including session management and performance analysis. 6.2 Types of Cookies We Use We currently use cookies and similar technologies strictly for essential functions and basic analytics purposes. Specifically: • Essential Session Cookies: o These cookies are strictly necessary for operating our App and include managing logged-in sessions, remembering your authentication status, and ensuring secure access to your account and related services. o These cookies do not track your browsing activities across other websites or applications, and they do not store personally identifiable information beyond sessionspecific details. • Performance and Analytics Cookies (Firebase Analytics): o We use Firebase Analytics to collect basic information about how users interact with our App, such as session duration, number of app launches, general user flows, and technical performance metrics. o This information is collected in an anonymised and aggregated manner, meaning individual users cannot be personally identified from this data. Firebase Analytics enables us to maintain, optimise, and improve the stability, security, and general user experience of our platform. o Firebase Analytics cookies do not enable detailed tracking of your browsing history or individual behavioural profiling outside our App. 6.3 Consent & Cookie Management Currently, BeautyShelf uses cookies exclusively for essential functions and basic performance analytics. Under the UK Privacy and Electronic Communications Regulations 2003 (PECR), essential and strictly necessary cookies do not require explicit consent; however, you should still be informed about their use. At present, we do not offer a built-in cookie consent management tool within the App because our cookies are limited to essential and necessary analytics functions. However, we are actively reviewing our use of cookies and may introduce a consent management feature in future updates to our App. Should we expand our cookie usage beyond essential purposes or basic performance analytics, we will: • Clearly inform you of any new types of cookies, tracking technologies, or purposes for their use. • Obtain your explicit consent through a clear and accessible consent management tool within our App. 6.4 Managing Cookies Through Your Device Settings You can control, block, or delete cookies through your device’s settings or operating system preferences. However, please note: • Disabling essential cookies may adversely affect the functionality of our App and could prevent you from securely logging in or accessing your account. • Disabling analytics cookies may limit our ability to accurately analyse App usage and improve overall App performance and user experience. We recommend you consult your device or operating system guidelines to learn more about managing cookie settings: • Apple iOS Cookie Guidance • Android Cookie Guidance (Google) 6.5 Third-party Websites and External Links Our App contains affiliate links or embed content from third-party platforms. These thirdparty websites and services have their own separate cookie policies and privacy practices. We strongly recommend reviewing those third-party policies before interacting with such content or links. BeautyShelf is not responsible for the cookie or privacy practices of third-party platforms or services. 6.6 Updates to Cookie Practices If there are significant changes to our cookie practices or the introduction of new tracking technologies, we will notify you promptly through in-app notifications or by email (where applicable). This policy will always reflect our most current cookie and tracking practices. ___________________________________________________________________________ 7. DATA SECURITY BeautyShelf is strongly committed to protecting your personal information. We maintain robust technical, administrative, and organisational measures designed to safeguard your data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Our security measures include: • Secure Authentication: User authentication and password storage are securely managed using Firebase Authentication, which employs strong encryption and hashing algorithms. BeautyShelf does not directly store or access user passwords. • Data Encryption: Data transmitted between your device and our servers is protected using industry-standard encryption protocols (Transport Layer Security – TLS/HTTPS). • Access Control: Only authorised personnel with a genuine need-to-know are granted access to personal data. We regularly review our access controls to ensure strict compliance. • Data Minimisation: We collect and retain only the minimum personal data required to provide our services, thereby reducing the risk associated with unnecessary data storage. • Regular Security Reviews: We periodically review and update our security practices, measures, and technology infrastructure to protect against emerging security threats and vulnerabilities. Despite rigorous security measures, no method of data transmission or storage is entirely secure. While we make every reasonable effort to protect your personal data, we cannot guarantee absolute security. If you suspect a data breach or have security concerns, please contact us immediately at [support@beautyshelf.app]. ___________________________________________________________________________ 8. DATA TRANSFERS All personal data collected by BeautyShelf is currently stored and processed within the United Kingdom. We ensure that any processing of personal data complies fully with UK data protection law, including the UK GDPR and Data Protection Act 2018. Should it become necessary to transfer personal data outside the UK (for instance, if we use third-party providers or partners located outside the UK), we will notify you in and clearly detail the safeguards in place. ___________________________________________________________________________ 9. USER RIGHTS UNDER GDPR Under UK data protection law, you have several rights regarding your personal information. You can exercise these rights at any time by contacting our data privacy team: • Right of Access (Subject Access Request): You have the right to request a copy of your personal information held by BeautyShelf. • Right to Rectification: You have the right to request correction of any incorrect or incomplete personal information. • Right to Erasure (‘Right to be Forgotten’): You may request the deletion of your personal information if it's no longer necessary for the purpose we collected it, if you've withdrawn consent, or if you object to its processing. • Right to Restriction of Processing: You can ask us to temporarily restrict processing your personal data under certain circumstances (e.g., disputing accuracy, processing is unlawful, or data no longer needed). • Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another data controller. • Right to Object to Processing: You have the right to object to certain processing activities, including direct marketing or processing based on legitimate interests. • Right to Withdraw Consent: If you've previously consented to processing, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal. We will respond to your request within one calendar month (extendable by two further months for complex or numerous requests) and will inform you if additional time is required, clearly explaining the reasons for delay. ___________________________________________________________________________ 10. DATA BREACH NOTIFICATION In compliance with UK GDPR, BeautyShelf has established clear protocols for responding to any suspected or confirmed personal data breach: • If we detect a breach that is likely to result in a high risk to your rights and freedoms, we will promptly notify both you and the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of it. • Notifications will include clear and comprehensive information detailing the nature of the breach, categories of data affected, actions we have taken or are taking, and recommended measures to mitigate potential adverse effects. • We maintain internal procedures to ensure efficient and transparent handling of any data breach incidents. ___________________________________________________________________________ 11. RETENTION OF DATA We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy. Our retention practices are guided by: • The purposes for which the personal data was collected. • The necessity of retaining personal data to comply with applicable legal, regulatory, or accounting obligations. • The need to retain personal data to establish, exercise, or defend against legal claims. When your personal data is no longer required, we securely delete or anonymise it. ___________________________________________________________________________ 12. AMENDMENTS TO THIS PRIVACY POLICY BeautyShelf reserves the right to amend this Privacy Policy periodically to reflect changes in our data practices or applicable laws. When we make substantial changes: • We will inform you clearly via prominent in-app notifications or by email. • We will provide an appropriate period for you to review the changes before they become effective. • We encourage users to review this policy periodically to remain informed about how we handle and protect your personal information. Continued use of our App after notification of changes signifies your agreement to our updated privacy practices. ___________________________________________________________________________ 13. CONTACT US For any questions regarding this Privacy Policy, your personal data, or to exercise your rights, please contact us at: MYBEAUTYSHELF LTD Office 10, 7 Throwley Way, Sutton SM1 4AF Email: support@beautyshelf.app