Privacy Policy

1. Who We Are

Nickit is a peer-to-peer fashion marketplace based in the United Kingdom. We operate the Platform at nickit.co.uk. Nickit is the data controller for personal data collected through this Platform.

We are committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about how we use your data, please contact us at dpo@nickit.co.uk.

2. What Data We Collect

We collect personal data in the following categories:

• Identity data: name, username, profile photo.
• Contact data: email address, and where provided, a contact phone number.
• Payment data: billing address and payment history. Card details are processed directly by Stripe and are never stored on Nickit servers (see Section 4).
• Transaction data: details of purchases and sales made through the Platform, including item descriptions, prices, and order history.
• Usage data: information about how you use our Platform, including pages visited, search queries, clicks, and browsing behaviour collected via cookies and analytics tools (see Section 6).
• Communications data: messages sent via the Nickit in-app messaging system, and any correspondence with our support team.
• Technical data: IP address, browser type, device identifiers, and operating system.
• Seller data: Stripe Connect account details, payout history, and seller verification information.

3. How We Use Your Data

We use your personal data for the following purposes, relying on the lawful bases indicated:

• To fulfil orders and facilitate transactions — processing payments, connecting buyers with sellers, and managing delivery tracking. (Lawful basis: contract performance.)
• To create and manage your account — account registration, authentication, and profile management. (Lawful basis: contract performance.)
• To communicate with you — transactional emails (order confirmations, dispatch notifications, payment receipts), support responses, and service updates. (Lawful basis: contract performance / legitimate interests.)
• To improve our service — analysing usage data and Platform performance to develop and improve features. (Lawful basis: legitimate interests.)
• To send marketing communications — only where you have opted in to receive marketing emails from us. You can unsubscribe at any time. (Lawful basis: consent.)
• To comply with legal obligations — fraud prevention, safety, regulatory reporting, and responding to lawful requests from authorities. (Lawful basis: legal obligation.)

4. Stripe as Payment Processor

All payment processing on Nickit is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. When you make or receive a payment, your card details and financial information are submitted directly to Stripe and are governed by Stripe’s Privacy Policy.

Nickit never sees or stores your full card number, CVV, or other sensitive payment credentials. We receive only limited payment metadata from Stripe (such as the last 4 digits of a card and payment status) necessary to display your payment history. Sellers must connect a Stripe Connect account to receive payouts; Stripe handles all KYC verification for sellers.

5. Cloudinary for Image Storage

Product images and profile photos uploaded to Nickit are stored and served via Cloudinary, a cloud-based image management service. When you upload an image, it is transmitted to and stored on Cloudinary’s servers. Cloudinary is our data processor for this purpose and processes image data only on our behalf. Images may be served via Cloudinary’s global CDN. For details, see Cloudinary’s Privacy Policy.

6. Cookies

We use cookies and similar tracking technologies on our Platform. For full details, please see our Cookie Policy.

In summary, we use essential cookies required for the Platform to function (such as authentication session cookies), analytics cookies to understand how users interact with the Platform, and preference cookies to remember your settings. We do not use third-party advertising cookies or sell your data to advertisers.

7. Your Rights Under UK GDPR

Under UK GDPR you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct any inaccurate or incomplete data we hold.
• Right to erasure (“right to be forgotten”): You may request deletion of your personal data where there is no compelling reason for us to continue processing it.
• Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated processing that significantly affect you.

To exercise any of these rights, please email dpo@nickit.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements. Account data is retained for the duration of your account and for up to 6 years after account closure to comply with financial record-keeping obligations. You may request earlier deletion of your data by contacting us, subject to any overriding legal retention requirements.

9. Third-Party Links

Our Platform may contain links to third-party websites. This Privacy Policy applies only to the Nickit Platform. We have no control over and accept no responsibility for the privacy practices of any third-party sites. We encourage you to read the privacy policy of every website you visit.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: