Privacy Policy
1. Introduction
This Privacy Policy explains how Raffio ("we", "us", "our") collects, uses, and protects your personal information when you use raffio.co.uk and any related services (the "Service"). Raffio is operated from the United Kingdom, and we act as the data controller for personal data processed through the Service.
2. Information we collect
We collect the following categories of information:
- Account information. When you create an account, we collect your name, email address, and a profile image where you provide one. If you sign in with Google, we receive your name, email address, profile image, and Google account identifier from Google's OAuth service.
- Authentication data. We use Clerk (Clerk, Inc.) as our authentication provider. Clerk processes sign-in credentials, session tokens, and security signals on our behalf.
- Usage data. We collect basic information about how you interact with the Service, such as pages visited, device and browser information, and approximate location derived from your IP address.
- Communications. If you contact us, we keep a record of your message and our response.
3. How we use your information
We use the information we collect to:
- create and manage your account and authenticate you securely;
- provide, operate, and improve the Service;
- respond to your enquiries and provide customer support;
- send service-related communications, such as security notices and account updates;
- detect, prevent, and investigate fraud, abuse, and security incidents; and
- comply with our legal obligations.
4. Legal bases for processing
Under UK GDPR, we rely on the following legal bases: performance of a contract with you, our legitimate interests in operating and securing the Service, your consent (where required, for example for optional marketing), and compliance with legal obligations.
5. Sharing your information
We share personal information only with:
- Service providers who help us run the Service, including Clerk (authentication), Google (sign-in), Vercel (hosting), and similar infrastructure providers. These providers process data on our behalf under contractual safeguards.
- Authorities or other parties where we are required by law, regulation, or valid legal process.
We do not sell your personal information.
6. Google user data
If you sign in with Google, Raffio's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the basic profile information needed to create and identify your account, and we do not use Google user data for advertising or share it with third parties except as needed to provide the Service.
7. Data retention
We retain personal information for as long as your account is active and for a reasonable period afterwards to comply with our legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account at any time.
8. International transfers
Some of our service providers are based outside the United Kingdom. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or adequacy decisions.
9. Your rights
Under UK GDPR, you have the right to access, correct, delete, or restrict the processing of your personal data, to object to processing, and to data portability. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
10. Security
We take reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. No system is perfectly secure, so we cannot guarantee absolute security.
11. Children
The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date above. Material changes will be highlighted where appropriate.
13. Contact us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@raffio.co.uk.