CurlCompareBETA

Privacy Policy

Last updated: 26 September 2025

1. Who we are

CurlCompare ("we", "us", "our") provides a hair-care quiz and product recommendations at https://www.curlcompare.com ("Service"). We help people discover products that work for their unique curl type.

Contact: privacy@curlcompare.com
Data Controller: CurlCompare

2. What data we collect

  • Account data: Email address and encrypted password for user accounts
  • Quiz data: Hair type preferences, styling goals, and product preferences (non-medical information only)
  • Newsletter subscriptions: Email addresses for those who opt-in to our newsletter
  • Usage data: Page views, product link clicks, device information, and IP addresses (for security and analytics)
  • Communications: Messages you send us and marketing preferences

Important: We do not collect special category data (health, medical, or ethnicity information). Our quiz focuses on hair styling preferences only.

3. Why we use your data (legal bases)

  • Service delivery: To provide personalized product recommendations and maintain your account (Contract)
  • Improvements: To enhance our quiz algorithm and user experience (Legitimate interests)
  • Security: To protect our systems and prevent fraud (Legitimate interests)
  • Marketing: To send newsletter updates about new features and curl care tips (Consent - you can withdraw anytime)
  • Analytics: To understand how our service is used and improve performance (Legitimate interests/Consent for cookies)

4. How we share your data

We work with trusted service providers who help us operate CurlCompare:

  • Supabase: Database, authentication, and file storage (EU region)
  • Vercel: Website hosting and performance
  • Email service providers: For newsletter delivery (when you subscribe)

These providers act as "processors" and only handle your data according to our instructions. We have Data Processing Agreements in place with each provider.

5. International data transfers

We store data primarily in the EU region through Supabase. Where data is processed outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses. Contact us for more details.

6. How long we keep your data

  • Account data: While your account is active, plus 6 months after deletion for security purposes
  • Quiz responses: Until you delete your account or request removal
  • Newsletter subscriptions: Until you unsubscribe (we maintain a suppression list to honor opt-outs)
  • Usage analytics: 12 months for performance analysis
  • Security logs: 90 days

7. Your rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request removal of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Get your data in a portable format
  • Object: Opt-out of marketing or certain processing
  • Withdraw consent: Remove permission for newsletter or marketing

To exercise these rights, contact us at privacy@curlcompare.com. We'll respond within one month. You can also complain to the UK Information Commissioner's Office (ICO).

8. Cookies and tracking

We use essential cookies for the website to function properly. For analytics and performance monitoring, we'll ask for your consent through our cookie banner.

Cookie TypePurposeDuration
EssentialAuthentication, security, site functionalitySession/30 days
Analytics (with consent)Usage statistics, performance monitoring12 months

9. Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest through our cloud providers
  • Access controls and authentication
  • Regular security monitoring and updates
  • Incident response procedures

While we take security seriously, no system is 100% secure. We'll notify you and relevant authorities of any significant data breaches as required by law.

10. Children's privacy

Our service is not intended for individuals under 16 years old. We do not knowingly collect personal information from children. If we become aware of such data collection, we will delete it promptly.

11. Changes to this policy

We may update this privacy policy from time to time. We'll notify you of material changes by updating the "Last updated" date above and, for significant changes, by email if you're a registered user.

12. Contact us

For any privacy-related questions or requests, please contact us at:

Email: privacy@curlcompare.com
Response time: We aim to respond within one month