Privacy Policy

1. Scope

This Privacy Policy applies to all personal information we process about you in connection with the Services. It does not apply to third-party stores, retailers, or other websites you visit through the Services or links shared with you — those have their own privacy practices, and we encourage you to read them.

2. Personal Information We Collect

We collect personal information in three ways: information you give us directly, information we collect automatically as you use the Services, and information from other sources.

A. Information You Give Us Directly

Account information. When you sign up, we collect your email address and a password (stored as a salted hash, never in plain text). You may optionally add a display name.

Items and collections you save. Every time you save a product, we store the URL you provided and any notes you add. We also organise items into the collections you create.

Stores you bookmark. We record the stores you bookmark and any preferences you set about how stores are surfaced to you.

Communications. If you contact us by email or through a support form, we keep a record of your messages, your email address, and any other information you choose to share.

Currency and preferences. We store your currency preference and other in-app settings you configure.

B. Information We Collect Automatically

Metadata from saved URLs. When you save a product URL, our systems fetch metadata from that URL — typically the product title, brand, price, description, and image. Where the original page is unavailable or blocks scraping, we use third-party fetching services (currently Firecrawl) to retrieve the data. We store a copy of the product image on our own infrastructure (currently Supabase Storage) so saved items remain visible to you even if the source removes them.

AI-generated taste profile. As you save items, our systems analyse them to derive a taste profile — typically the categories, styles, brands, materials, colours, and price range you tend to save. This profile is used to power recommendations and is updated as your saves change. You can view and refine your taste profile within the App.

Usage and device information. When you use the Services, we collect technical information such as your IP address (which gives an approximate location), device type and operating system, app version, language and time zone, and the actions you take within the App (such as saves, taps, and screen views). This is used to operate, debug, and improve the Services.

Authentication tokens. When you sign in, we issue session tokens that are stored securely on your device using Expo SecureStore.

We do not currently use cookies, pixel tags, or web beacons to track you across the wider internet for advertising purposes. Where the website at peruze.co uses essential cookies for authentication or analytics, this is described in our cookie banner.

C. Information from Other Sources

App stores and authentication providers. If you sign in using Apple, Google, or another identity provider (where available), we receive the information you authorise that provider to share with us, typically your email address and a unique identifier.

Connected AI assistants. If you connect Peruze to an external AI assistant via our MCP server, we receive a record of the queries and actions that assistant performs against your account. We do not receive your conversations with that assistant beyond what is sent to our server.

3. How We Use Your Information

We use your personal information for the following purposes:

To provide the Services. This includes creating and managing your account, storing and displaying your saved items and collections, retrieving product metadata, classifying items, generating your taste profile, surfacing store recommendations, and handling your interactions with the App.

To make the Services work better. We use information about how the App is used to fix bugs, monitor performance, develop new features, and improve existing ones. Where we use information for analytics, we minimise the personal data involved and aggregate where possible.

To communicate with you. We may contact you about your account, important service updates, or changes to our terms or policies. Where you have opted in, we may also send you product updates or marketing messages — you can unsubscribe from these at any time.

To keep the Services secure. We process information to detect, investigate, and prevent fraud, abuse, security incidents, and breaches of our Terms.

To comply with legal obligations. This includes responding to lawful requests from authorities, complying with tax and accounting requirements, and handling rights requests under data protection law.

Legal bases (UK and EU users). Where UK GDPR or EU GDPR applies, we rely on the following legal bases:

• Contract — to provide the Services you have signed up for
• Legitimate interests — to operate, secure, and improve the Services, to communicate with you in a non-marketing capacity, and to protect our business and other users (we have considered the impact on you in each case)
• Consent — for any marketing communications and for any processing that requires it
• Legal obligation — where we are required to process information by law

You can withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

4. AI and Automated Processing

Peruze relies on automated processing in several important ways:

Item classification and enrichment. Each item you save is sent to a third-party AI provider (currently Google's Gemini models) along with minimal context (typically title, brand, store domain, and price) so that it can be classified into our taxonomy and have attributes extracted. The provider processes the request and returns a result; we do not allow our providers to retain or train on this data (subject to their applicable terms).

Taste profiling. We aggregate the outputs of classification across your saved items to produce a taste profile — a summary of the styles, categories, brands, and price ranges you tend to save. This profile is then used by our internal scoring system (not by an external AI) to rank store recommendations.

Store profiling. Independently, we use AI providers to build profiles of stores we add to the Services. These store profiles are not personal information about you.

Effects. Automated processing does not produce decisions with legal or similarly significant effects on you. It determines what items and stores are surfaced in your feed. You can always override recommendations, refine your taste profile manually, or ignore them altogether.

Your rights. Where applicable law gives you the right to object to automated processing, you can do so by contacting us at hey@peruze.co.

5. MCP Server and AI Assistant Access

If you choose to connect Peruze to an external AI assistant via our MCP server:

• The assistant accesses your account using credentials you authorise
• The assistant can read your saved items, collections, stores, and taste profile, and (depending on the tools we expose) write to your account
• Peruze logs requests made to the MCP server for security, debugging, and abuse prevention
• The external assistant is operated by a separate company, under its own privacy policy — please review it before connecting
• You can revoke access at any time from the App

We do not share your personal information with external assistants except in response to requests authorised by you.

6. Who We Share Your Information With

We don't sell your personal information. We share it only as described below.

Service providers. We use trusted third-party providers to run the Services. They process information only on our instructions and under written contracts that protect your data. Current providers include:

• Supabase — database, authentication, file storage, and edge function hosting
• Google (Gemini) — AI classification, enrichment, and store analysis
• Firecrawl — fallback web fetching for product metadata
• Uploadcare — historical image processing (now being phased out in favour of Supabase Storage)
• Vercel — web hosting for peruze.co
• Apple and Google — App Store distribution and platform services

A current list of subprocessors is available on request.

Legal and safety. We may disclose information if we believe in good faith that it is necessary to comply with a legal obligation, to enforce our Terms, to protect the rights, property, or safety of Peruze, our users, or others, or to respond to lawful requests from public authorities.

Business transfers. If Peruze is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We'll let you know if a transfer means your information becomes subject to a different privacy policy.

With your consent. We may share information for other purposes if you ask us to or give us permission.

7. International Transfers

Peruze is based in the United Kingdom, but several of our service providers are based in or operate from the United States and other countries outside the UK and EEA. Where we transfer your personal information outside the UK or EEA, we rely on appropriate safeguards as required by UK and EU data protection law — typically Standard Contractual Clauses (SCCs) combined with the UK International Data Transfer Addendum, or transfers to countries the UK or EU has determined offer an adequate level of protection.

You can request a copy of the safeguards we use by contacting us at hey@peruze.co.

8. How Long We Keep Your Information

We keep your personal information for as long as your account is active. If you delete your account, we delete your personal information from our active systems within 30 days, except where we are legally required to keep it for longer (for example, for tax, accounting, or dispute resolution purposes) or where we need to retain it to defend legal claims.

Anonymised and aggregated information that cannot be linked back to you may be retained for analytics and product improvement.

9. Your Rights

Depending on where you live, you may have the following rights in respect of your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — ask us to correct information that is inaccurate or incomplete
• Deletion — ask us to delete your personal information (subject to limited exceptions where we are required to keep it)
• Restriction — ask us to limit how we use your information
• Objection — object to processing we carry out on the basis of legitimate interests, or for direct marketing
• Portability — request a copy of the information you have provided to us in a structured, machine-readable format, or ask us to transfer it to another provider where technically feasible
• Withdraw consent — where we rely on your consent, withdraw it at any time
• Lodge a complaint — with a supervisory authority, in particular the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local data protection authority in the EU

To exercise any of these rights, please contact us at hey@peruze.co. We may need to verify your identity before responding. We aim to respond within one month, though complex requests may take longer (we'll let you know if so).

You can delete your account directly from within the App at any time, which will trigger deletion of your personal information in line with the retention period above.

10. Security

We take the security of your information seriously. We use technical and organisational measures including encryption in transit (TLS), encryption at rest where supported by our infrastructure, salted password hashing, secure token storage on devices, row-level security on our database, regular access reviews, and limited employee access on a need-to-know basis.

No system is entirely secure, and we cannot guarantee that unauthorised access will never occur. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

11. Children

The Services are not directed at children under 16 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, please contact us at hey@peruze.co and we will take steps to delete it.

12. Third-Party Websites

The Services contain links to third-party websites, including the stores whose products you save. We are not responsible for those sites' privacy practices. We encourage you to read the privacy policy of any site you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll let you know — typically through the App or by email — before the changes take effect. The "Last updated" date at the top of this policy tells you when it was most recently revised.

14. Contact Us

If you have any questions about this Privacy Policy, or want to exercise your rights, please contact us at:

peruze.co
Colour House, Bentley Road, N1 4FH, London
hey@peruze.co

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with your local supervisory authority in the EU.