Privacy Policy
Last updated: 11 May 2026
1. Introduction
BorrowMe ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Our registered address is in England, United Kingdom. For data protection enquiries, contact us at privacy@borrowme.uk.
2. Data We Collect
2.1 Information You Provide
- Account information: Full name, email address, password (hashed), profile picture.
- Profile information: Location, bio, postcode.
- Item listings: Titles, descriptions, images, pricing, categories.
- Communications: Messages between users, support tickets, reviews.
- Payment information: Processed by Stripe — we do not store card details.
- Verification data: Identity documents are processed by Stripe Identity — we store only the verification status.
2.2 Information Collected Automatically
- Usage data: Pages visited, features used, search queries, timestamps.
- Device data: Browser type, operating system, screen resolution.
- Location data: Approximate location from your postcode or IP address. Precise location only if you grant permission.
- Cookies: See our Cookie section below.
3. How We Use Your Data
We use your personal data to:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Provide and maintain our services | Contract performance |
| Process payments and payouts | Contract performance |
| Send booking and message notifications | Contract performance |
| Verify user identity | Legitimate interest (platform safety) |
| Show items near your location | Consent / Legitimate interest |
| Improve our platform and user experience | Legitimate interest |
| Send marketing emails (if opted in) | Consent |
| Prevent fraud and enforce our Terms | Legitimate interest |
4. Data Sharing
We share your data only with:
- Other users: Your public profile, listing details, and reviews are visible to other users.
- Stripe: Payment processing and identity verification. See Stripe's Privacy Policy.
- Supabase: Database hosting and authentication. See Supabase's Privacy Policy.
- Vercel: Website hosting. See Vercel's Privacy Policy.
- Resend: Email delivery. See Resend's Privacy Policy.
- Google Analytics: Anonymous usage analytics. See Google's Privacy Policy.
- Law enforcement: When required by law or to protect our rights.
We do not sell your personal data to third parties.
5. Cookies
We use the following types of cookies:
| Type | Purpose | Required? |
|---|---|---|
| Essential | Authentication, security, session management | Yes |
| Functional | Remember preferences (e.g., cookie consent) | Yes |
| Analytics | Google Analytics — understand how users interact with the site | No (opt-in) |
You can manage your cookie preferences via the cookie banner shown on your first visit, or by adjusting your browser settings. Essential cookies cannot be disabled as they are necessary for the Platform to function.
6. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Transaction records: Retained for 7 years for tax and legal compliance.
- Messages: Retained while both users have active accounts.
- Usage/analytics data: Aggregated and anonymised after 26 months.
7. Your Rights (UK GDPR)
You have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Restriction: Request that we limit processing of your data.
- Portability: Request your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, you can withdraw at any time.
To exercise any of these rights, contact us at privacy@borrowme.uk. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS) and at rest.
- Row Level Security (RLS) policies on our database.
- Secure authentication via Supabase Auth.
- Regular security reviews.
- Payment data handled exclusively by PCI-DSS compliant Stripe.
9. International Transfers
Some of our service providers (Supabase, Vercel, Stripe) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
10. Children's Privacy
BorrowMe is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our Platform. The "last updated" date at the top indicates when the policy was last revised.
12. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
13. Contact Us
For any privacy-related questions, contact us at privacy@borrowme.uk or through our support page.