Thrifter Club | Shop pre-loved in one place

Privacy Policy

Last Updated: October 29, 2025

1. Introduction

Thrifter Club Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide to Us

When you create an account or use certain features of our Service, we may collect:

  • Account Information: Email address and name (if you choose to provide it)
  • Payment Information: If you subscribe to paid features, payment details are processed by our payment processor. We do not store your full payment card details
  • Communications: If you contact us, we may keep a record of that correspondence

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Information about how you use our Service, including search queries, pages viewed, and features used
  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Location Information: Approximate geographic location derived from your IP address (we do not collect precise location)
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service. See Section 7 for more details

2.3 Information from Third-Party Sources

We may receive information from third-party analytics services (Google Analytics and Hotjar) as described in Section 5.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain our Service: Including account management and access to features
  • To process transactions: For paid features and subscriptions
  • To improve our Service: Analysing usage patterns to enhance functionality and user experience
  • To communicate with you: Sending service-related announcements, updates, and marketing communications (if you have opted in)
  • To provide customer support: Responding to your inquiries and requests
  • To detect and prevent fraud: Protecting the security and integrity of our Service
  • To comply with legal obligations: As required by applicable laws and regulations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it:

  • Contract: Processing is necessary to perform our contract with you (e.g., providing the Service)
  • Consent: You have given us explicit consent to process your information (e.g., for marketing communications or cookies)
  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our Service, fraud prevention) and does not override your rights
  • Legal Obligation: Processing is necessary to comply with legal obligations

5. Third-Party Services

We use the following third-party services that may collect information about you:

5.1 Google Analytics

We use Google Analytics to analyse how users interact with our Service. Google Analytics collects information such as how often users visit our Service, what pages they visit, and what other sites they used prior to coming to our Service. Google Analytics uses cookies to collect this information.

For more information on Google Analytics' privacy practices, visit: https://policies.google.com/privacy

You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout

5.2 Hotjar

We use Hotjar to better understand our users' needs and optimise the Service. Hotjar collects information about your device, browser, and how you interact with our Service through cookies and similar technologies.

For more information on Hotjar's privacy practices, visit: https://www.hotjar.com/legal/policies/privacy/

You can opt out of Hotjar tracking by visiting: https://www.hotjar.com/policies/do-not-track/

5.3 Firebase and Google Cloud Platform

We use Firebase for hosting and Firestore for database storage, both provided by Google. Your account information and usage data may be stored on Google's servers. Google's data processing practices are governed by their privacy policy.

5.4 Silktide Cookie Consent

We use Silktide to manage cookie consent preferences. Silktide may collect information about your consent choices.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., hosting, analytics, payment processing). These providers are contractually obligated to protect your information
  • Legal Requirements: If required by law or in response to valid legal processes (e.g., court orders, subpoenas)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
  • Protection of Rights: To protect our rights, property, or safety, or that of our users or others
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so

Important: We do not share your personal information with the third-party marketplaces (eBay, Vinted, etc.) featured in our search results. When you click through to these marketplaces, you will be subject to their own privacy policies.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data that are sent to your browser from a website and stored on your device.

7.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the Service to function properly
  • Analytics Cookies: Help us understand how visitors interact with our Service (Google Analytics, Hotjar)
  • Preference Cookies: Remember your settings and preferences

7.2 Managing Cookies

You can manage your cookie preferences through our cookie consent banner provided by Silktide. You can also set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some features of our Service.

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Secure hosting infrastructure (Google Cloud Platform and Firebase)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Information: Retained until you request deletion or your account is inactive for an extended period
  • Usage Data: Typically retained for up to 26 months in analytics systems
  • Transaction Records: Retained as required by law for tax and accounting purposes

When we no longer need your information, we will securely delete or anonymise it.

10. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

10.1 Rights Under GDPR (EEA and UK)

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information ("right to be forgotten")
  • Right to Restrict Processing: Request that we limit how we use your information
  • Right to Data Portability: Request a copy of your information in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

10.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@thrifter.club. We will respond to your request within one month, as required by law.

11. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside, including the United States where our cloud service providers (Google Cloud Platform, Firebase) maintain servers.

When we transfer personal data from the EEA or UK to other countries, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission or UK authorities
  • Certification schemes such as the EU-U.S. Data Privacy Framework (if applicable)

12. Children's Privacy

Our Service does not have an age restriction, and we do not knowingly collect personal information from children under 13 without parental consent. If you are under 18, you should have your parent or guardian's permission before providing any personal information to us.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.

Parents or guardians who believe we may have collected information from their child should contact us immediately at hello@thrifter.club.

13. Third-Party Links

Our Service contains links to third-party websites and marketplaces (such as eBay, Vinted, Thrift+, and Oxfam). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

This Privacy Policy applies only to information collected by our Service.

14. Marketing Communications

If you have opted in to receive marketing communications from us, we may send you emails about our Service, special offers, or other information we think may interest you.

You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at hello@thrifter.club

Please note that even if you opt out of marketing communications, we may still send you service-related messages (such as account notifications or updates to our Terms or Privacy Policy).

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and notify you of material changes by:

  • Posting a prominent notice on our Service
  • Sending you an email (if you have provided one)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

16. Data Controller and Contact Information

For the purposes of GDPR and UK data protection law, the data controller is:

Thrifter Club Ltd
124 City Road
London, UK
EC1V 2NX
Company Number: 16811436
Email: hello@thrifter.club

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us using the information above.

17. Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority: