Privacy Policy

Last updated: 18.09.2025

At faircado, your privacy matters. We want you to know what data we collect, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws. This policy applies to our website, our app, and all services we provide.

1. Who We Are

We are Faircado UG, based at Rudi-Dutschke Str. 26, 10969 Berlin, Germany. You can contact us at contact@faircado.com if you have any questions about this policy or your rights.

2. What Data We Collect

Depending on how you use our services, we process different categories of data. When you sign up or log in, we collect authentication data such as your email address, name, phone number, or Firebase ID. To personalise your experience, you may also provide profile information, including country and language preferences, brands, sizes, styles, gender, or quiz responses. Technical and device information such as your device ID, operating system, screen size, and Firebase Cloud Messaging (FCM) token is collected to ensure smooth functioning of the app. We use only country-level location detection, never precise GPS location.

When you interact with our platform, we analyse searches, clicks, page views, and session data to improve usability. If you use our shopping features, we process your cart contents, favourites, orders, and purchase history. We also collect technical data such as app version, build information, and crash logs. Finally, our servers automatically generate log files that include IP address, browser type and version, operating system, referrer URL, time of request, host name, and error messages. These logs are used for security and troubleshooting and are generally deleted after 30 days.

If you prefer a clear overview, here’s the data we collect to ensure you have the best experience with faircado possible.

• Server log files: IP address, browser type and version, operating system, referrer URL, host name, and time of request. Stored for security and troubleshooting.

• Registration data: email address, password, Firebase UID, name, and phone number (if provided).

• Social login data: information provided by Google or Apple such as email address, name, profile picture, or anonymised email (via Hide My Email).

• Profile data: country, language, saved brands, styles, sizes, gender preferences, quiz responses.

• Device information: device ID, operating system, screen resolution, Firebase Cloud Messaging token for push notifications.

• Usage data: search queries, clicks, navigation paths, time spent, in-app interactions.

• Shopping data: items added to favourites or cart, order history, and purchase information.

• Newsletter data: email address, subscription status, tracking of opens/clicks via Brevo.

• Crash and performance data: app version, error logs, and crash reports via Firebase Crashlytics.

• Marketing/advertising identifiers: cookies, advertising IDs, and pseudonymous IDs used by Facebook, Google, Hotjar, Mixpanel, and Braze for analytics and remarketing.

3. How We Use Your Data (Legal Basis)

We process your data based on several legal grounds. With your consent under Article 6(1)(a) GDPR, we use analytics cookies, send you newsletters or marketing messages, and display push notifications. Where necessary to perform our contract with you under Article 6(1)(b) GDPR, we process data to manage your account, process orders, and provide services. We also rely on our legitimate interests under Article 6(1)(f) GDPR to ensure security, prevent fraud, and improve user experience. Finally, we store certain records because of legal obligations under Article 6(1)(c) GDPR, for example invoices and tax documents.

4. Cookies & Consent Management

Our website and app use cookies and similar technologies. Some are necessary for core functions such as login or security. Others help us remember your preferences, measure statistics, or personalise offers. We use Cookiebot to manage cookie consent. When you first visit, you will see a banner where you can choose which categories to accept. You may withdraw or change your choice at any time. A full cookie declaration, listing each cookie, its provider, purpose, and duration, is always accessible through the Cookiebot banner. We collect Cookies in the following categories:

• Necessary cookies: ensure the website and app function properly (e.g. login sessions, language settings). Without them, core features wouldn’t work.

• Preference cookies: remember your settings such as language or region so you don’t have to set them every time.

• Statistics cookies: help us understand how users interact with our services (e.g. Google Analytics, Mixpanel, Hotjar). They tell us which pages are most popular and where users drop off.

• Marketing cookies: track browsing behaviour across websites so we can show you relevant ads (e.g. Facebook Pixel, Google Ads, Braze). They also prevent you from seeing the same ad too often.

5. International Data Transfers

Some of our service providers are located outside the European Economic Area, including in the United States. Where this is the case, we ensure that your data remains protected through Standard Contractual Clauses approved by the European Commission, adequacy decisions where available, and additional technical and organisational safeguards.

6. Your Rights

You have the right to access the data we hold about you, to correct inaccurate information, to request erasure (“the right to be forgotten”), to restrict certain processing, and to receive your data in a portable format. You may also object to processing based on legitimate interests and withdraw any consent you have previously given. To exercise these rights, contact us at contact@faircado.com. We will respond within one month in accordance with GDPR.

7. Data Retention

We keep your data only as long as necessary. Account data is deleted within 30 days after closure. If you make an erasure request, we process it within 30 days unless legal obligations require us to keep some records longer. Orders and purchase data are stored for 10 years in line with German tax and commercial law, which also covers our operations in other European countries. Analytics and crash logs are generally kept between six and 24 months, depending on the provider, while server log files are erased after 30 days unless needed for investigation.

8. Permissions in the App

Our mobile app may request access to your camera for product image search, to your photo library for uploading pictures, and to push notifications so we can keep you updated about offers and activity. On iOS, you may also be asked for tracking permission under Apple’s App Tracking Transparency framework, which allows us to show you more relevant offers. You can grant or revoke these permissions in your device settings at any time.

9. Security

We apply technical and organisational measures to protect your data, including secure Firebase authentication, encrypted communication via HTTPS, anonymisation and hashing of user IDs for analytics, and role-based access restrictions for our staff.

10. Newsletters

If you subscribe to our newsletter, we will send you updates about new features, offers, and news from faircado. We use Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany) to deliver newsletters. Your data is processed only with your consent, and we follow a double opt-in procedure, meaning you must confirm your subscription before we start sending messages. Brevo records whether newsletters are opened and which links are clicked to help us improve our communication. You may unsubscribe at any time via the link in each email. More information can be found in Brevo’s privacy policy at https://www.brevo.com/legal/privacypolicy/.

11. Third-Party Links

Our website and app may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.

12. Changes

We may update this Privacy Policy from time to time to reflect changes in our services or in legal requirements. The latest version will always be available on our website and in our app.

13. Tools & Services We Use

To provide our services, we work with carefully selected third-party providers. Each provider processes only the data necessary for its function.

Braze

We use Braze (Braze Inc., 330 West 34th Street, 18th Floor, New York, USA) for marketing automation and push notifications. Data is primarily processed on servers in Frankfurt, Germany, but may be transferred to the USA under SCCs.

Facebook (Social Media Link/Plugin)

When you use social features on our site (such as links or share buttons to Facebook/Instagram), your browser establishes a direct connection with Facebook’s servers. We do not control the data transmitted to Facebook. This may include your IP address, browser type, and interaction with content. The legal basis is consent. Facebook’s privacy policy applies: https://www.facebook.com/privacy/policy.

Facebook Pixel

Our website uses the Facebook Pixel (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland) to measure the effectiveness of advertising campaigns on Facebook and Instagram. When you visit our site, the pixel allows Facebook to track your behaviour (e.g. whether you registered or made a purchase) and assign it to your profile. This enables us to target ads more effectively and avoid showing irrelevant ads. Data may be transferred to the USA under SCCs. The legal basis is your consent. More information: https://www.facebook.com/privacy/policy.

Firebase

Our infrastructure is powered by Firebase, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase provides authentication, hosting, cloud databases (Firestore), analytics, and crash reporting. Google may transfer data to servers in the USA under Standard Contractual Clauses. You can learn more in Google’s privacy policy at https://policies.google.com/privacy. Firebase Analytics and Crashlytics (Google Ireland Limited) are also used to monitor app performance and detect crashes. Authentication is handled through Firebase Authentication, which enables secure login with email and password. In addition, you can sign in with third-party services such as Google or Apple.

Google & Apple Sign-In

If you use Google Sign-In, Google provides us with basic account information such as your name, email, and profile picture. If you use Apple Sign-In, Apple provides your Apple ID email and may use the “Hide My Email” feature to protect your identity.

Google Ads (AdWords Conversion Tracking)

We use Google Ads Conversion Tracking (Google Ireland Ltd.) to measure the success of our advertising campaigns. When you click on a Google ad and reach our site, a conversion cookie is stored on your device, which allows us to see if an action (e.g. registration or purchase) occurred. This helps us improve ad targeting and cost efficiency. Legal basis is consent. More info: https://policies.google.com/privacy.

Google Analytics

We use Google Analytics (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) to measure and analyse website usage. Google Analytics uses cookies to collect data such as IP address, device type, pages visited, and time spent on our site. We have enabled IP anonymisation so your IP address is shortened within the EU. Google may transfer data to the USA under SCCs. The legal basis is your consent. More info: https://policies.google.com/privacy.

Google Analytics Remarketing

We also use Google Analytics Remarketing to create target audiences for personalised ads. With this tool, users who have already visited our site can be shown ads across the Google Display Network or in Google Search. Google Analytics Remarketing uses cookies and advertising IDs to assign website usage behaviour to a pseudonymous ID. Legal basis is consent. More info: https://policies.google.com/privacy.

Hotjar

We use Hotjar (Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta) to analyse user behaviour on our website. Hotjar allows us to record anonymised heatmaps, scroll depth, and clicks to understand how users interact with our pages. This helps us optimise design and usability. Hotjar stores cookies on your device to collect anonymised information such as device type, browser, and usage behaviour. Legal basis is your consent (Art. 6(1)(a) GDPR). You can opt out at https://www.hotjar.com/legal/compliance/opt-out/.

Mixpanel

For analytics, we use several tools. Mixpanel (Mixpanel Inc., 405 Howard Street, San Francisco, CA 94105, USA) helps us understand how users interact with our app by recording events and usage patterns. We use EU-based servers where possible, and data may be transferred to the USA under SCCs. You can opt out at https://mixpanel.com/optout/.

Strapi

For managing and delivering content, we use Strapi CMS, which stores and serves texts and media in our app and website. To adapt our services to your region, we use IP-Info.io, which identifies your country based on your IP address. Their privacy policy is available at https://ipinfo.io/privacy.

Stripe

Payments are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe handles payment information and billing data on our behalf; we do not store payment card data ourselves. For more information, see Stripe’s privacy policy at https://stripe.com/privacy.

UXCam

UXCam (UXCam Inc., San Francisco, USA) records anonymised app sessions and interactions such as swipes or screen flows to improve usability; sensitive information such as passwords is never captured. Data may be transferred to the USA under SCCs.

Finally, when you interact with offers from partner marketplaces such as eBay, Vinted, or Sellpy, your data is shared with those platforms in order to complete the transaction. Each partner is responsible for its own privacy practices, and we recommend reviewing their privacy policies when using their services.

14. Contact

Faircado UG
Rudi-Dutschke Str. 26
10969 Berlin, Germany
Email: contact@faircado.com

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.