Privacy Policy

1. Introduction

This Privacy Policy explains how Metfolio Limited trading as Gemfolio ("Gemfolio", "we", "us", "our") collects, uses, shares, and protects your personal information when you use our website, mobile application, and services (collectively, the "Platform").

By using our Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use our Platform.

Data Controller Information:

• Company: Metfolio Limited trading as Gemfolio

• Registration Number: 14139437

• Address: 290-292 Green Street, London, England

• Contact: meeren@metfolio.com

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Full name

• Email address

• Date of birth

• Residential address

• Phone number

• Payment card details

• Bank account information

• Identity verification documents (passport, driving licence)

Transaction Information:

• Purchase history

• Jewellery gram balances

• Subscription details

• Delivery information

• Returns and refunds

Communications:

• Customer service inquiries

• Feedback and reviews

• Survey responses

• Marketing preferences

2.2 Information Collected Automatically

Device and Usage Information:

• IP address

• Device type and identifiers

• Operating system and version

• Browser type and version

• App version

• Screen resolution

• Time zone settings

• Language preferences

Behavioural Data:

• Pages/screens viewed

• Products browsed

• Search queries

• Click patterns

• Time spent on pages

• Navigation paths

• Purchase funnel behaviour

• App usage patterns

Location Data:

• Approximate location from IP address

• Postal code for delivery

Technical Data:

• Log files

• Error reports

• Performance data

• Crash analytics

2.3 Cookies and Tracking Technologies

We use various tracking technologies including:

Essential Cookies:

• Session management

• Security tokens

• User preferences

• Shopping basket functionality

Analytics Cookies:

• Google Analytics

• Mixpanel tracking

• PostHog analytics

• Performance monitoring

Marketing Cookies:

• Facebook Pixel

• TikTok Pixel

• Google Ads tracking

• Retargeting cookies

• Conversion tracking

Third-Party Cookies:

• Payment processor cookies

• Customer support tools

• Social media plugins

3. How We Use Your Information

3.1 Service Provision

• Process your purchases and subscriptions

• Manage your jewellery gram account

• Facilitate deliveries

• Process returns and refunds

• Provide customer support

• Send transactional communications

3.2 Platform Improvement

• Analyse user behaviour and preferences

• Improve user experience

• Develop new features

• Fix bugs and technical issues

• Conduct A/B testing

• Personalise your experience

3.3 Marketing and Communications

• Send promotional emails (with consent)

• Display personalised advertisements

• Retarget across platforms

• Send push notifications (with consent)

• Conduct market research

• Measure campaign effectiveness

3.4 Legal and Security

• Verify your identity

• Prevent fraud and financial crimes

• Comply with legal obligations

• Enforce our terms and conditions

• Protect our legal rights

• Maintain platform security

3.5 Analytics and Insights

• Track conversion rates

• Analyse user journeys

• Monitor platform performance

• Generate business intelligence

• Understand customer segments

• Measure feature adoption

4. Legal Basis for Processing

We process your personal data based on:

Contract Performance:

• Processing purchases

• Managing subscriptions

• Delivering products

• Customer service

Legitimate Interests:

• Fraud prevention

• Platform security

• Business analytics

• Direct marketing (existing customers)

• Platform improvements

Legal Obligations:

• Anti-money laundering checks

• Tax reporting

• Regulatory compliance

• Court orders

Consent:

• Marketing communications (new customers)

• Non-essential cookies

• Push notifications

• Location tracking

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with providers who assist us:

• Payment processors (Stripe, PayPal)

• Delivery partners (Royal Mail, DPD)

• Cloud hosting (AWS, Google Cloud)

• Customer support tools

• Email service providers

• SMS providers

5.2 Analytics and Advertising Partners

• Mixpanel: User behaviour analytics

• PostHog: Product analytics and feature tracking

• Google Analytics: Website and app analytics

• Facebook/Meta: Advertising and pixel tracking

• TikTok: Advertising and conversion tracking

• Google Ads: Search and display advertising

5.3 Other Disclosures

We may share information:

• With your consent

• To comply with legal obligations

• To protect our rights and safety

• In connection with business transfers

• With professional advisors

• To enforce our terms

5.4 International Transfers

Your data may be transferred outside the UK/EEA to:

• United States (analytics providers)

• Other countries where our service providers operate

We ensure appropriate safeguards through:

• Standard contractual clauses

• Adequacy decisions

• Privacy Shield compliance (where applicable)

6. Data Retention

We retain your data for:

• Account information: Duration of account plus 6 years

• Transaction records: 6 years (legal requirement)

• Marketing data: Until consent withdrawn or 3 years of inactivity

• Analytics data: 26 months

• Customer service: 3 years

• Cookies: See Cookie Policy for specific durations

7. Your Rights

Under UK GDPR, you have the right to:

7.1 Access

Request a copy of your personal data

7.2 Rectification

Correct inaccurate or incomplete data

7.3 Erasure

Request deletion of your data (subject to legal obligations)

7.4 Restriction

Limit how we process your data

7.5 Portability

Receive your data in a portable format

7.6 Objection

Object to certain processing activities

7.7 Automated Decisions

Not be subject to purely automated decision-making

7.8 Withdraw Consent

Withdraw consent where processing is based on consent

To exercise these rights, contact: meeren@metfolio.com

8. Cookie Management

8.1 Cookie Controls

You can manage cookies through:

• Browser settings

• Our cookie preference centre

• Device settings (mobile apps)

8.2 Opting Out of Tracking

• Google Analytics: Install Google Analytics Opt-out Browser Add-on

• Facebook: Visit Facebook Ad Preferences

• TikTok: Adjust TikTok Ad Preferences

• General: Visit www.youronlinechoices.com

8.3 Do Not Track

We do not currently respond to Do Not Track signals.

9. Children's Privacy

Our Platform is not intended for children under 18. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

10. Data Security

We implement appropriate measures including:

• Encryption in transit and at rest

• Access controls and authentication

• Regular security assessments

• Incident response procedures

• Employee training

• Secure development practices

• PCI DSS compliance for payments

However, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

11. Third-Party Links

Our Platform may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

12. Marketing Communications

12.1 Email Marketing

• Opt-in required for promotional emails

• Unsubscribe link in every email

• Preference centre for granular control

12.2 Push Notifications

• Explicit consent required

• Can be disabled in app settings

12.3 SMS Marketing

• Explicit opt-in required

• Text STOP to unsubscribe

13. California Privacy Rights

California residents have additional rights under CCPA:

• Right to know categories and specific pieces of personal information

• Right to delete personal information

• Right to opt-out of the sale of personal information

• Right to non-discrimination

We do not sell personal information.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Email notification

• Platform notification

• Prominent notice on our website

The "Last Updated" date will reflect the latest version.

15. Contact Information

For privacy inquiries or to exercise your rights:

Data Protection Officer:

• Email: meeren@metfolio.com

• Post: Data Protection Officer, Metfolio Limited trading as Gemfolio, 290-292 Green Street, London, England

Response Time: We aim to respond within 30 days

16. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

• Website: https://ico.org.uk

• Phone: 0303 123 1113

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

17. Specific Platform Disclosures

17.1 Mixpanel

We use Mixpanel to:

• Track user interactions

• Analyse feature usage

• Monitor conversion funnels

• Create user cohorts

• Measure retention

Data shared: User ID, events, properties, device info Privacy Policy: https://mixpanel.com/legal/privacy-policy/

17.2 PostHog

We use PostHog for:

• Session recording (anonymised)

• Feature flags

• A/B testing

• User analytics

• Heatmaps

Data shared: User actions, page views, feature interactions Privacy Policy: https://posthog.com/privacy

17.3 Facebook/Meta Pixel

We use Facebook Pixel for:

• Conversion tracking

• Retargeting campaigns

• Lookalike audiences

• Campaign optimisation

Data shared: Email (hashed), purchase events, page views Privacy Policy: https://www.facebook.com/privacy/policy

17.4 TikTok Pixel

We use TikTok Pixel for:

• Ad performance tracking

• Audience building

• Conversion optimisation

• Retargeting

Data shared: Email (hashed), events, purchase value Privacy Policy: https://www.tiktok.com/legal/privacy-policy

By using the Gemfolio Platform, you acknowledge that you have read and understood this Privacy Policy.