Privacy Policy

• full name,
• email address,
• phone number,
• country,
• login credentials or authentication data,
• account identifiers,
• linked store or customer account identifiers,
• profile details you provide.

• authentication request details,
• item category, brand, model, source, seller, and related descriptions,
• sourcing request details,
• requested product specifications,
• budget range,
• timing preferences,
• status history,
• request notes,
• internal request references,
• support history,
• service selections,
• activation choices,
• certificate references,
• result status,
• store credit status.

• photographs of products,
• images of packaging,
• serial numbers,
• labels,
• tags,
• receipts,
• authenticity cards,
• certificates,
• uploaded screenshots,
• text notes,
• documents and materials you submit in connection with a request.

These materials may include personal data where, for example, names, addresses, receipt details, account identifiers, or other personal information appear in uploaded content.

• payment status,
• transaction references,
• billing details,
• currency,
• product or activation purchased,
• chargeback or refund status,
• payment processor metadata,
• invoice-related data.

We do not intentionally store full payment card numbers unless this is expressly handled by us through a compliant process. In most cases, payments are processed by a third party payment provider.

• email correspondence,
• support messages,
• account notifications,
• dashboard communications,
• request follow-up details,
• internal records of user support interactions.

• IP address,
• browser type,
• device type,
• operating system,
• time zone,
• referring URLs,
• log data,
• service interaction data,
• navigation patterns,
• authentication events,
• security and fraud signals,
• approximate location inferred from technical data.

Where relevant to store credit or account matching, we may process:

• Shopify or storefront customer identifiers,
• linked customer email,
• store credit amount,
• credit issuance status,
• redemption status,
• related service request identifiers,
• customer matching or verification records.

• records relevant to complaints,
• misuse flags,
• fraud review indicators,
• legal correspondence,
• audit records,
• enforcement-related metadata,
• records necessary to establish, exercise, or defend legal claims.

We process personal data to create accounts, authenticate users, manage dashboards, operate workflows, deliver results, issue certificates, handle sourcing requests, and provide the Services generally.

Legal basis: performance of a contract; pre-contractual steps at your request.

We process item details, uploaded images, submitted documents, and related data to evaluate authentication requests, request additional materials, generate outcomes, and issue certificates or reports where applicable.

Legal basis: performance of a contract; legitimate interests in operating, quality-controlling, and defending our independent assessment services.

We process request data, preferences, contact information, and supporting materials to assess sourcing eligibility, manage activations, conduct sourcing work, and communicate sourcing updates.

Legal basis: performance of a contract; pre-contractual steps at your request; legitimate interests in operating and improving our sourcing services.

We process transaction-related data to confirm payments, prevent fraud, manage disputes, administer payment-linked service activation, and maintain billing and accounting records.

Payments are processed through Stripe. Invoices and billing documentation are prepared through Billingo.

Legal basis: performance of a contract; compliance with legal obligations; legitimate interests in fraud prevention, accounting, invoicing, and business operations.

Where applicable, we process customer identity and account linkage data to connect the Services account with the relevant Adrian's Selection store customer record, issue or prepare store credit, maintain customer continuity across the services platform and the store, and manage redemption status or related technical support.

This may involve processing through Shopify or Shopify-related systems where certain Services, benefits, or account-linking functions depend on store integration.

Legal basis: performance of a contract; legitimate interests in administering service benefits, preventing duplicate or erroneous issuance, and maintaining accurate customer records.

We process your contact details and communication records to send confirmations, updates, support replies, activation notices, security alerts, and service-related messages.

Legal basis: performance of a contract; legitimate interests in customer support, service continuity, and account security.

We process personal data to detect suspicious activity, prevent abuse, manage chargebacks, investigate misuse, enforce our legal terms, and protect the Services, our users, and our business.

Legal basis: legitimate interests in security, fraud prevention, and legal risk management; compliance with legal obligations where applicable.

We process personal data where necessary to comply with legal obligations, maintain records, respond to lawful requests, or establish, exercise, or defend legal claims.

Legal basis: compliance with legal obligations; legitimate interests in legal defense and governance.

We may process usage and technical data to understand how users interact with the Services, improve reliability, optimize workflows, and maintain performance.

This may include the use of Google Analytics for traffic analysis and service performance insights.

Legal basis: legitimate interests in analytics, service optimization, and operational improvement; consent where required by law for non-essential tracking technologies.

We may use Meta Pixel for advertising measurement, campaign attribution, audience analytics, and remarketing, subject to applicable consent requirements.

Legal basis: consent where required by law; legitimate interests where permitted by applicable law.

If you subscribe to newsletters, launch notices, or optional marketing communications, we may process your contact details for those purposes.

Legal basis: consent where required by law; in limited cases, legitimate interests where permitted by applicable law.

For transparency purposes, the main service providers and related third parties used in connection with the Services may be identified as follows:

The providers, entities, roles, and contact details listed above may change from time to time. Where appropriate, we may update this Privacy Policy to reflect material changes.

We may share personal data with our named service providers and other providers acting on our behalf where reasonably necessary to operate, secure, measure, improve, and support the Services.

This includes, as applicable:

• Lovable.dev,
• Supabase,
• Stripe,
• Google Analytics,
• Meta Pixel,
• Shopify,
• Billingo,
• hosting and infrastructure providers,
• email and messaging providers,
• security and fraud prevention providers,
• storage providers,
• support and operational tooling.

We may share personal data with lawyers, accountants, auditors, consultants, insurers, or related professional advisors where reasonably necessary.

Where relevant to sourcing, we may share limited information with boutiques, sellers, logistics or procurement counterparties, or other third parties where necessary to evaluate a request or facilitate a potential transaction. We aim to limit data sharing to what is reasonably necessary.

We may disclose personal data if required to do so by law, regulation, court order, supervisory authority request, or other lawful process, or where disclosure is necessary to protect rights, prevent fraud, address misuse, or establish, exercise, or defend legal claims.

If all or part of our business is restructured, sold, merged, financed, or transferred, personal data may be disclosed to relevant parties subject to appropriate safeguards and confidentiality obligations.

Cookies are small text files placed on your device or browser when you visit a website or use a web-based service. Similar technologies may include pixels, tags, local storage objects, scripts, SDKs, and identifiers that perform comparable functions.

(a) Strictly Necessary Technologies

These technologies are necessary for the operation, security, and core functionality of the Services. They may be used to:

• enable login and account authentication,
• maintain session integrity,
• remember security or consent settings,
• support fraud prevention and abuse detection,
• route requests properly,
• preserve core platform functionality,
• support payment and account-related workflows where necessary.

Because these technologies are necessary for the provision of the Services, they may be used without consent where permitted by applicable law.

(b) Analytics and Performance Technologies

These technologies help us understand how users interact with the Services, measure traffic, identify technical issues, improve user experience, and optimize functionality.

For these purposes, we may use Google Analytics.

Analytics-related technologies may collect information such as:

• pages visited,
• navigation paths,
• session duration,
• approximate location inferred from IP,
• device and browser information,
• interaction events,
• referring sources,
• performance and usage signals.

Where consent is required by applicable law, analytics technologies will only be activated after the relevant consent has been given.

(c) Advertising, Measurement, and Remarketing Technologies

These technologies help us measure campaign performance, understand conversions, build audiences, and support remarketing or advertising analytics.

For these purposes, we may use Meta Pixel.

Advertising-related technologies may collect or infer information such as:

• page visits,
• conversion events,
• campaign attribution data,
• device or browser identifiers,
• interactions relevant to audience creation or remarketing,
• related event or traffic information.

Where consent is required by applicable law, advertising and remarketing technologies will only be activated after the relevant consent has been given.

At the time of this Privacy Policy, the Services may use or integrate with the following relevant third party tools or technologies:

• Google Analytics for traffic and usage analytics,
• Meta Pixel for advertising measurement and remarketing,
• Stripe where necessary for payment-related workflows,
• Shopify where relevant for storefront linkage, account continuity, or store credit related workflows,
• Supabase and related technical infrastructure for service functionality, authentication-related features, and backend operations.

Not every tool necessarily places browser-based cookies in every context, but each may be involved in technical processing connected to the Services.

Where required by applicable law, non-essential cookies or similar technologies, including analytics, advertising, or remarketing technologies, will be used only after you have given the relevant consent.

Where we provide a consent banner, cookie preferences tool, or similar mechanism, you may be able to:

• accept all,
• reject non-essential technologies,
• customize your preferences,
• change your preferences later.

Please note that disabling certain technologies may affect some non-essential functionality, personalization, measurement, or convenience features of the Services.

You may also manage cookies through your browser or device settings. Depending on your browser, you may be able to block, delete, or restrict certain cookies. However, doing so may affect the operation of some parts of the Services.

Strictly necessary technologies are processed on the basis of our legitimate interests in securely operating and delivering the Services, and where applicable because such processing is necessary to provide a service explicitly requested by the user.

Analytics, advertising, and remarketing technologies are processed on the basis of consent where consent is required by applicable law.

Cookie and similar technology data may be retained for different periods depending on whether the technology is session-based or persistent, the provider involved, the purpose of processing, and applicable legal or operational requirements.

We may update this Cookies and Similar Technologies section from time to time to reflect changes in the technologies we use, legal requirements, or operational practices.