Scope
This policy explains the general approach to personal data processed through the retaillab.io website, the app.retaillab.io application and product discussions with Retail Lab.
Categories of data that may be processed
Account and contact information, company and membership context, security and session logs, support communications, product usage records and content users upload to the service may be processed to the extent required by the relevant function.
- Identity and contact data
- Account, role and company membership
- Security and device logs
- Usage, quota and billing records
- Content created or uploaded by the user
Purposes of processing
Data may be used to provide the service, manage accounts and access, maintain security, provide support, comply with legal obligations and send product communications where an explicit preference has been provided.
Website measurement and choices
Google Tag Manager loads on every retaillab.io page to apply preference signals; optional Google Analytics storage is denied by default. Analytics cookies containing identifiers are not written unless the user consents to the Analytics category. When Analytics consent is granted, measurement helps us understand in aggregate which parts of the site are used; email addresses and content entered in the contact form are not sent to Analytics. Google Signals, the collection of user-provided data and ad personalisation are disabled. The Marketing category is reserved for future Google Ads campaign measurement; conversion measurement and remarketing are not currently performed.
Sharing and service providers
Data is shared only with infrastructure, identity, payment, communications or AI providers required to deliver the service, under contractual controls, purpose limitation and security review. Customer content is not reused for model training by default.
Retention and deletion
Retention periods are determined according to the data type, processing purpose, contract and applicable legal obligations. When the period expires, data is deleted, destroyed, anonymised or made inaccessible; backup copies are removed through their own secure lifecycle.
Rights and contact
For information, correction, deletion or other applicable requests regarding your personal data, use the privacy channel on the /en/contact page. The requester's identity and authority may be verified to protect data security.