Yomo Shop

Privacy Policy

Last updated: 10 May 2026

This policy explains what personal data Yomo Shop collects, how we use it, and your rights under the UK GDPR and the Data Protection Act 2018. Yomo Shop is the data controller for the personal data described below.

1. Data we collect

  • Account data: name, handle, email, password (hashed), avatar.
  • Listing data: photos, titles, descriptions, prices, postcode area for shipping.
  • Order data: items purchased, shipping address, carrier and tracking info.
  • KYC data (sellers only): legal name, date of birth, address, ID document type and reference. Held securely and only used for identity verification and fraud prevention.
  • Payment data: processed directly by Stripe; we never see or store card numbers.
  • Messages: in-platform messages between buyers and sellers, retained for dispute resolution.
  • Technical data: IP address, device, browser, basic analytics.

2. Why we use your data (lawful basis)

  • Contract: to operate your account, process orders and pay sellers.
  • Legal obligation: KYC, anti-money-laundering and tax record-keeping.
  • Legitimate interests: fraud detection, platform safety, service improvement.
  • Consent: marketing emails — only sent if you opt in, and revocable anytime.

3. Sharing

We share data only with:

  • The other party to an order (shipping name and address to sellers, tracking info to buyers).
  • Stripe for payment and payout processing.
  • Cloud and infrastructure providers hosting our backend.
  • Law enforcement where legally required.

We never sell your personal data.

4. Retention

Order, KYC and tax records are retained for up to 7 years to meet UK tax and AML obligations. Account data is retained while your account is open and deleted within 90 days of closure, except where law requires longer retention.

5. Your rights

Under UK GDPR you have the right to: access your data, rectify it, erase it, restrict or object to processing, and data portability. To exercise any of these, email privacy@yomo.shop. You may also complain to the Information Commissioner's Office (ICO) at ico.org.uk.

6. Cookies

We use strictly necessary cookies to keep you signed in and to remember your cart. Optional analytics cookies are only set with your consent.

7. Security

We use TLS in transit, encryption at rest, row-level security on our database, and a least-privilege access model. No system is perfectly secure — please use a strong, unique password.

8. Contact

Data Protection contact: privacy@yomo.shop.