Wear the outfit. Don't let it wear you.
BranSpot
womenmen
AllClothingShoesAccessoriesBagsJewelryBrands

Last updated: April 2026

Privacy Policy

This policy explains what data we collect, why we collect it, how we use and share it, and the rights you have over it.

1. Who we are

BranSpot (“we”, “us”, “our”) is a curated fashion discovery and affiliate platform operating at branspot.com. We connect you with premium retailers and designer brands through affiliate links. We do not sell products directly, hold inventory, or process payments.

Contact for privacy matters: [email protected]

2. Information we collect

2.1 Information you provide directly

  • Account registration: name, email address, and password (hashed with Argon2id)
  • Newsletter subscription email addresses
  • Contact form submissions and support requests
  • Preferences such as saved searches, favourites, and style preferences

2.2 Information collected automatically

  • Device and browser information
  • Usage data (pages visited, links clicked, search queries)
  • IP address (used for approximate geographic region only)
  • Referral source
  • Cookie data including session identifiers, preference settings, and analytics IDs

2.3 Information from third parties

  • Aggregated and anonymised data from analytics providers
  • Click and conversion data from affiliate networks (no PII is shared with us)

3. How we use your information

  • Operating and improving the BranSpot platform (legitimate interest)
  • Personalising browsing and recommendations (legitimate interest / consent)
  • Sending newsletters and updates (consent)
  • Responding to inquiries and support requests (legitimate interest / contract)
  • Analysing site performance and user behaviour (legitimate interest)
  • Complying with legal obligations (legal obligation)
  • Detecting and preventing fraud or abuse (legitimate interest)
  • Managing affiliate tracking and commissions (legitimate interest / contract)

We will never sell your personal data to third parties for their own marketing purposes.

4. Cookies and tracking technologies

For a detailed breakdown see our Cookie Policy.

  • Essential cookies — required for login, region, and core functionality. Cannot be disabled.
  • Analytics cookies — aggregated, anonymised usage data (e.g. PostHog, Google Analytics).
  • Preference cookies — remember language, currency, and country settings.
  • Affiliate & marketing cookies — track clicks for commission attribution without collecting PII (e.g. Awin, Rakuten, Impact, CJ).

5. How we share your information

  • Service providers — hosting (Railway), analytics, email (Resend), and error tracking process data solely on our behalf under strict confidentiality.
  • Affiliate and retail partners— anonymised click and conversion data for commission attribution. Each retailer’s own privacy policy applies once you click through.
  • Legal requirements — we may disclose data if required by law, court order, or to protect our rights and safety.
  • Business transfers — in a merger or acquisition, with advance notice.

6. Data retention

  • Account data: during account tenure and up to 2 years post-deletion
  • Analytics data: aggregated and anonymised, up to 26 months
  • Newsletter data: until you unsubscribe or request deletion
  • Contact and support data: up to 3 years
  • Legal and compliance records: as required by applicable law

7. International data transfers

BranSpot may transfer data to servers or providers outside your country of residence, including outside the EEA and UK. International transfers are protected by Standard Contractual Clauses (SCCs), data processing agreements, and transfers only to adequately protective jurisdictions.

8. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA, LGPD, and similar frameworks), you have the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete information (you can do most of this yourself from Account Settings)
  • Erasure (“right to be forgotten”) — request deletion of your account and associated personal data. You can trigger this yourself from Account Settings → Delete my account.
  • Restriction — limit how we process your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format (JSON). Available from Account Settings → Export my data.
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior processing
  • Lodge a complaint — with your local supervisory authority (e.g. the UK ICO or your EU national data protection authority)

For any request that cannot be completed from your account, email [email protected]. We respond within 30 days.

9. Children’s privacy

BranSpot is not intended for children under 16. We do not knowingly collect data from minors. If you believe a minor has provided data, contact [email protected] and we will delete it.

10. Third-party websites

BranSpot links to third-party retailer websites where this policy no longer applies. Review each retailer’s individual privacy policy before purchasing.

11. Security

  • HTTPS across the entire platform
  • Passwords hashed with Argon2id; we never store passwords in plaintext
  • Secure server infrastructure on Railway with access controls
  • Regular security reviews and dependency audits
  • Staff access to personal data is limited on a need-to-know basis

12. Changes to this policy

We update this policy periodically. Significant changes are communicated via the “Last updated” date above, email notifications to registered users, and on-site notices.

13. Contact

Email: [email protected]
Website: branspot.com/legal/privacy