Policies
Privacy Policy

Privacy Policy

Last updated
September 19, 2025

Table of Contents

  1. Introduction
  2. What Personal Data We Collect
  3. How We Use Your Personal Data
  4. Your Privacy Rights
  5. Who We Share Data With
  6. How We Protect Your Data
  7. Additional Information
  8. Contact Us
  9. Glossary

1. Introduction

1.1 About This Privacy Policy

Welcome to Intent Technologies Ltd's Privacy Policy. At Intent Technologies Ltd (“we”, “us”, or “our”) we are committed to protecting your privacy and personal data in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Data (Use and Access) Act 2025 (DUAA) - Royal Assent: 19 June 2025, Privacy and Electronic Communications Regulations 2003 (PECR), and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, use, and protect your data when you use our website (www.trybasket.com or our "Site"), our mobile applications (iOS and Android), web applications, our browser extensions (Chrome, Firefox, Safari, Edge) and our platform services (collectively our "Service").

The Privacy Policy will tell you about your privacy rights with respect to our Site and Services, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.

The individuals from which we may gather and use data can include Customers, Employees/Staff Members, and any other people that we have a relationship with or may need to contact. This Privacy Policy applies to all our employees and staff members and all Personal Data processed at any time by us.

1.2 Data Controller Information

Intent Technologies Ltd is your Data Controller and responsible for your Personal Data.

Company Details:

  • Registered in England and Wales: 11670580
  • Registered Office: 20-22 Wenlock Road, London, N1 7GU
  • Data Protection Contact: privacy@trybasket.com

We have not appointed a Data Protection Officer as we are not legally required to do so. All data protection queries should be sent to privacy@trybasket.com.

1.3 Your Right to Complain

You have the right to complain to the Information Commissioner's Office (ICO), the UK data protection authority:

We would appreciate the opportunity to address your concerns directly first. Please contact us at privacy@trybasket.com.

1.4 Processor Responsibilities

When we use service providers to process personal data on our behalf, they are legally required to:

  • Process personal data only on our documented instructions
  • Ensure persons processing data are subject to confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Only engage sub-processors with our prior authorization
  • Assist us in responding to data subject rights requests
  • Delete or return all personal data at the end of services
  • Maintain records of processing activities
  • Cooperate with supervisory authorities
  • Notify us without undue delay of any personal data breach
  • Not transfer data internationally without appropriate safeguards

All our processors have signed data processing agreements incorporating these obligations.

2. What Personal Data We Collect

2.1 Categories of Personal Data

We collect different types of personal data depending on how you interact with our Service:

Account Information

  • Identity Data: First name, last name, username, date of birth
  • Contact Data: Email address, phone number, delivery addresses
  • Verification Data: Email and phone verification status
  • Profile Data: Profile image, display name, preferences
  • Parental Consent Data (for users under 18 with Full Service): Parent/guardian name, email address, consent confirmation

Financial Information

  • Transaction Data: Gift card purchases, points earned/redeemed, order history
  • Payment Data: Tokenized payment identifiers (we never see full card details)
  • Tax Information: For users meeting HMRC reporting thresholds:
    • National Insurance Number (NIN)
    • Unique Taxpayer Reference (UTR)
    • Registered address

Usage Information

  • Behavioural Data: How you use our Service, features accessed, interaction patterns
  • Technical Data: IP address, device type, operating system, browser type
  • Shopping Data: Products viewed, saved items, price alerts set
  • Location Data (when you use location features):
    • Precise GPS coordinates (latitude and longitude)
    • Location accuracy level (metres)
    • Location permission status
    • Time and date of location access
    • Important: Location is ONLY accessed when you actively use "find nearby retailers" or similar features
    • No background tracking: We never track your location when the app is closed or in background

Platform-Specific Data

Website (www.trybasket.com)

  • Cookie data (see our Cookie Policy)
  • Analytics data (page views, clicks, session duration)
  • Marketing preferences

Mobile App (iOS and Android)

  • Device identifiers
  • App version and crash data
  • Push notification tokens
  • In-app behaviour and interactions
  • Location data

Web App (app.trybasket.com)

  • Device identifiers
  • App version and crash data
  • Push notification tokens
  • In-app behaviour and interactions
  • Location data

Browser Extension

  • Device identifiers
  • App version and crash data
  • In-app behaviour and interactions

Privacy Notice:

Our browser extension collects detailed browsing data ONLY on our whitelist of retailer websites. View full retailer whitelist

What We Collect (on whitelisted sites):

  • URLs of specific retailer pages you visit
  • Product details (names, prices, images, availability, variants)
  • Shopping cart contents and modifications
  • Coupon codes tested and applied
  • Time spent on product pages
  • Click patterns and scroll depth
  • Local storage data (extension preferences, cached products)

What We Collect (on any web page): ONLY if product metadata based on schema.org/Product specification is detected

  • Product data such as title, images, availability, price, description, reviews, and ratings
  • Product page url
  • Time and date when viewed

How The Extension Works:

  • Automatically activates when you visit any of our whitelisted retailers
  • Extension icon (desktop only) shows active (coloured) or inactive (greyed) status
  • NO browsing data collection when the extension is paused or on non-whitelisted websites
  • ONLY product data collected for web pages outside of the whitelisted websites
  • NO access to your browsing on banking, email, social media, or other non-retail sites

Data Uses:

  • Automatic product saving to your baskets
  • Real-time price drop alerts
  • Coupon discovery and testing
  • Cashback activation tracking
  • Personalized shopping recommendations

Special Considerations

What We DON'T Collect:

  • Special category data (race, religion, health, sexual orientation, political opinions)
  • Criminal conviction data
  • Biometric data
  • Data from non-whitelisted websites (browser extension)

Aggregated Data: We create anonymised, aggregated data from your personal data for analytics and business insights. This cannot identify you and is not personal data.

2.2 How We Collect Your Data

Directly from you:

  • Account registration
  • Profile updates
  • Customer support interactions
  • Survey responses

Automatically:

  • Cookies and similar technologies
  • Basket app, website and extension usage
  • Browsing behaviour (on whitelisted retailer sites only)
  • Product impressions (on web pages with product schema metadata only)

From third parties:

  • Authentication providers (Google, Apple)
  • Payment processors (Stripe)
  • Analytics providers (PostHog, Adjust, Braze)
  • Customer service providers (Intercom)
  • Rewards and loyalty providers (TalonOne)

3. How We Use Your Personal Data

3.1 Legal Basis for Processing

There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:

  • Consent”: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
  • "Contractual Obligations”: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
  • Legal Compliance”: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
  • Legitimate Interest”: We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

We only use your personal data when we have a valid legal reason:

Processing Examples

Here are practical examples of how we apply these legal bases:

Example 1: Account Creation

  • What we collect: Name, email, phone number, date of birth
  • Legal basis: Contract (you need an account to use our service)
  • Can you refuse?: Yes, but you won't be able to use Basket

Example 2: Price Drop Alerts

  • What we collect: Products you save, price thresholds
  • Legal basis: Contract (core feature of our service)
  • Can you refuse?: You can disable alerts but it's a key service feature

Example 3: Marketing Emails

  • What we collect: Email address, engagement data
  • Legal basis: Consent (you opted in) or Legitimate Interest (existing customer)
  • Can you refuse?: Yes, unsubscribe anytime via email footer

Example 4: Session Recording

  • What we collect: Screen interactions, feature usage
  • Legal basis: Legitimate Interest (improving user experience)
  • Can you refuse?: Yes, email data@trybasket.com to opt out

3.2 Specific Processing Activities

Service Provision

We use your data to:

  • Create and manage your account
  • Process gift card purchases
  • Calculate and deliver cashback rewards
  • Enable price tracking
  • Send price alerts and notifications
  • Provide customer support
  • Track purchases you make via affiliate links

Platform Features

  • Creator Program: Track affiliate link performance (internally only - creators see only anonymised metrics)
  • Referral Program: Track referrals and calculate rewards
  • Collaborative Baskets: Enable sharing and collaboration features

Marketing and Communications

With your consent or based on legitimate interests:

  • Send promotional emails about new features
  • Provide personalized product recommendations
  • Show relevant offers based on your shopping patterns
  • Send push notifications (with your permission)

Opt-out anytime: Unsubscribe links in emails or adjust settings in your account

Analytics and Improvements

Session Recording Notice

We may use PostHog to record ALL interactions within our platform (website and mobile app) to improve user experience and fix bugs. This includes:

  • Screen interactions (taps, swipes, navigation)
  • Feature usage patterns
  • Error messages and crashes
  • Time spent on screens

Your data is protected: Sensitive information (passwords, payment details) is automatically masked

Opt-out: Email data@trybasket.com with subject "Opt out of session recording"

Recordings are retained for 90 days.

3.3 Automated Decision-Making and AI

We use automated systems and AI to enhance your experience:

Personalization Algorithms

  • Product recommendations based on your interests
  • Price drop predictions
  • Optimal deal timing notifications
  • Search result ranking

Fraud Prevention

  • Transaction monitoring
  • Account security checks
  • Unusual activity detection

Your Rights

  • Request human review of automated decisions
  • Understand the logic involved
  • Object to profiling for marketing

3.4 Tax Reporting Obligations

From January 2025, we must report to HMRC if you:

  • Earn more than £1,700 annually from points redemptions
  • Complete more than 30 redemption transactions annually
  • Participate in the Creator Program (regardless of earnings)

What we report: Name, address, tax ID, earnings, transaction count

Your responsibility: Declare all earnings on your tax return

3.5 Cookies and Similar Technologies

We use cookies to provide and improve our Service. For detailed information, see our Cookie Policy.

Key points:

  • Essential cookies: Required for service functionality
  • Analytics cookies: Help us improve (legitimate interest under DUAA 2025)
  • Marketing cookies: Only with your consent

4. Your Privacy Rights

4.1 Your Rights Under UK Data Protection Law

You have the following rights:

Response time: Within 30 days (may extend to 60 days for complex requests)

Cost: Free (first request per year). We may charge a reasonable fee or refuse clearly unfounded or excessive requests.

Note: We handle data requests manually. Please be patient with our small team.

4.2 How to Object to Processing

Easy controls in your account:

  • Marketing emails: Unsubscribe link in any email
  • Push notifications: Device settings
  • Marketing cookies: Cookie banner on website

Contact us for:

  • Objecting to legitimate interests processing
  • Session recording opt-out
  • Other processing objections

Important: Some objections may require account closure as we cannot provide our Service without certain data processing.

4.3 Account Deletion

In your account settings:

  1. Navigate to Settings in your Account page
  2. Select "Account and Security"
  3. Select "Close account"
  4. Confirm with password/authentication
  5. Account closed immediately

What happens:

  • Profile deleted immediately
  • Marketing data removed immediately
  • Shopping data removed within 7 days
  • Transactional records kept for 6 years (legal requirement)
  • Anonymised analytics may be retained

4.4 California Privacy Rights

California residents may request details of personal data shared with third parties for marketing. Email privacy@trybasket.com.

5. Who We Share Data With

5.1 Our Data Sharing Principles

  • We NEVER sell your personal data
  • We NEVER share emails/phone numbers with retailers
  • We only share data when necessary for our Service
  • All processors sign data protection agreements

5.2 Categories of Recipients

Service Providers (Data Processors)

We share data with trusted providers who help deliver our Service. All processors are bound by data protection agreements ensuring GDPR compliance.

Payment & Commerce
Communications & Support
Analytics & Attribution
Platform Infrastructure
Website Services

Other Recipients

  • Legal authorities: When required by law or court order
  • Business transfers: If we sell or merge (with equivalent data protection)
  • Professional advisors: Lawyers, accountants (under confidentiality)
  • Aggregated data partners: Anonymised insights only (cannot identify you)

5.3 International Data Transfers

Your data may be transferred outside the UK. We ensure appropriate protection through:

For US transfers:

  • UK-US Data Bridge Framework (established 12 October 2023)
  • All US processors are certified under the Data Privacy Framework
  • Standard Contractual Clauses as additional safeguard
  • Enhanced security measures including encryption in transit
  • Regular adequacy reviews

For EU/EEA transfers:

  • UK adequacy decision (valid until 27 December 2025)
  • EU processors covered by GDPR equivalence
  • Standard Contractual Clauses where required
  • No onward transfers without equivalent protection

Transfer safeguard hierarchy:

  1. Adequacy decisions (preferred)
  2. UK-US Data Bridge certification
  3. Standard Contractual Clauses with supplementary measures
  4. Your explicit consent (only where other safeguards unavailable)

Your rights regarding international transfers:

  • Request copy of transfer safeguards
  • Object to transfers based on legitimate interests
  • Withdraw consent for consent-based transfers
  • Receive notification of new transfer countries

Contact privacy@trybasket.com for transfer safeguard documentation.

6. How We Protect Your Data

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: SSL/TLS encryption on ALL data transfers without exception
  • Access controls:
    • Limited employee access on strict need-to-know basis
    • All employees bound by confidentiality obligations
    • Multi-factor authentication for system access
  • Subcontractor security:
    • We do not relinquish control of your personal data
    • All subcontractors subject to equivalent security standards
    • No exposure to security risks beyond those in our direct control
  • Regular testing:
    • Security assessments
    • Vulnerability scanning
    • Code security reviews
  • Employee measures:
    • Data protection training for all staff
    • Background checks where appropriate
    • Immediate access revocation on departure
  • Infrastructure security:
    • Secure data centres with physical access controls
    • Regular security patches and updates
    • Firewall and intrusion detection systems
  • Incident response:
    • 24/7 monitoring for security events
    • Documented breach response procedures
    • Forensic investigation capabilities

6.2 Data Breach Procedures

If a breach occurs:

  1. Internal response: Immediate investigation and containment
  2. ICO notification: Within 72 hours if required
  3. User notification: If high risk to your rights and freedoms
  4. Support: Assistance to minimize impact

6.3 Data Retention

We keep your data only as long as necessary:

6.4 Privacy by Design

We build privacy into everything we do:

  • Data minimization: Only collect what we need
  • Purpose limitation: Only use data for stated purposes
  • Privacy assessments: For new features and changes
  • Default settings: Privacy-friendly defaults
  • Transparency: Clear information about data use

7. Additional Information

7.1 Children's Privacy (Ages 13-17)

Our Approach to Teen Users:

We offer Basic Service to users aged 13-17 without parental consent, and Full Service with parental consent. While we collect similar data to adult users, we apply stricter legal safeguards:

Implementation Limitations:

  • New Users: Enhanced protections apply to users who declare they are under 18 during registration
  • Existing Users: We do not have date of birth data for many existing users, who are treated as adults until they voluntarily update their profiles
  • Self-Declaration: We rely on user-declared age and do not conduct independent age verification
  • Good Faith Compliance: Enhanced protections apply where we have actual knowledge of a user's minor status

Parental Consent Requirements:

  • Basic Service (13+): No parental consent required
  • Full Service (under 18): Parental consent required through our self-reporting system
  • Parents provide name, email, and consent confirmation
  • This is a self-reporting system - we do not independently verify parent identity
  • Parents/guardians may withdraw consent at any time by contacting support@trybasket.com
  • We will verify the parent's identity and relationship to the child account before processing the withdrawal
  • Verified parents can access, modify, or delete their child's account
  • Verified parents can receive copies of privacy notices and policy updates

Enhanced Data Protections (When Applied):

  • Retention: Data deleted within 12 months of account closure (vs. standard retention)
  • Marketing: No email marketing or promotional communications
  • Profiling: No automated decision-making for commercial purposes
  • Sharing: Teen user data never included in anonymised insights shared with retailers

Technical Data Collection: We collect the same technical data (usage analytics, crash reports, performance metrics) but use it solely for:

  • Service improvement and bug fixes
  • Security and fraud prevention
  • Essential functionality delivery

What We DON'T Do for Known Teen Users:

  • Build marketing profiles or personas
  • Target with personalised advertising
  • Include in commercial data insights
  • Share any data with affiliate partners

Discovery of Misrepresentation: If we discover a user has misrepresented their age:

  • Enhanced protections are applied retrospectively where possible
  • Account may be restricted to Basic Service features
  • Data processing is reviewed and limited going forward
  • Additional verification may be required to maintain account access

Your Rights (Enhanced for Minors):

  • Request immediate account deletion (no waiting period)
  • Object to any processing beyond essential service delivery
  • Receive all communications in plain, age-appropriate language
  • Have a parent/guardian exercise rights on your behalf until age 18

7.2 Creator Program Privacy

Participants in our Creator Program should know:

  • Enhanced tracking: We track affiliate link performance in detail
  • Creator visibility: Creators see ONLY anonymised aggregate metrics (age ranges, interests)
  • No personal data: Creators cannot see who clicks their links
  • Public information: Profile image, username, display name (same as all users)
  • Tax reporting: All Creator earnings reported to HMRC regardless of amount

7.3 Browser Extension Privacy

Our browser extension has specific privacy considerations:

  • Whitelist only: ONLY collects browsing data on supported retailer sites (View full list)
  • Product impressions: ONLY collects product data from any web page with product metadata based on schema.org/Product specification
  • Clear indicator: Icon shows when active
  • No third-party sharing: Currently no data shared with retailers
  • Future plans: May share anonymised aggregate insights with retailers

7.4 Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in law or regulations
  • New features or services
  • Improved privacy practices

Notification: Email and in-app notice for material changes

Review regularly: Check the version number and date

7.5 Links to Other Websites

Our Service contains links to third-party websites. We are not responsible for their privacy practices. Please review their policies before providing personal data.

8. Contact Us

8.1 How to Reach Us

For privacy questions or to exercise your rights:

Email: privacy@trybasket.com
Post: Privacy Team, Intent Technologies Ltd, 20-22 Wenlock Road, London, N1 7GU

For general inquiries:

8.2 Complaint Process

  1. Contact us first: privacy@trybasket.com with "Complaint" in subject
  2. We acknowledge: Within 48 hours
  3. Investigation: Full response within 30 days
  4. Not satisfied?: Escalate to the ICO

8.3 Data Protection Resources

8.4 Legal Interpretation

  • Email limitations: Email addresses in this policy may only be used for stated purposes
  • Response discretion: We reserve the right not to respond to unreasonable requests
  • Staff authority: Our staff cannot waive rights or make unauthorised representations
  • Policy precedence: This Privacy Policy takes precedence over informal communications
  • Legal correspondence: Only our legal department can make binding commitments

Glossary

Aggregated Data: Statistical data that cannot identify individuals

Data Controller: Organization that determines how personal data is processed (Intent Technologies Ltd)

Data Processor: Organization that processes data on our behalf

DUAA: Data (Use and Access) Act 2025 - UK legislation modernizing data protection

Legal Basis: Legal justification for processing personal data

Legitimate Interests: Processing necessary for our or others' interests, balanced against your rights

Personal Data: Any information that can identify you

Platform: Basket app and services across all devices

Special Category Data: Sensitive data requiring extra protection (we don't collect this)

UK GDPR: UK General Data Protection Regulation

Marketing Consent: See Section 8.3 of our Terms of Service for full details on marketing communications consent and your rights

Table of contents

Heading 3

Other policies

Basket × Fenty Beauty Competition Terms & Conditions

Terms and Conditions for your chance to win a Fenty Beauty gift set.

£1000 Safari Extension Competition Terms and Conditions

Win £1000 worth of gift cards! Open to UK and Ireland residents 18+, entries close 30/05/25, terms and English law apply.

£1000 Cashback Survey Competition Terms and Conditions

Win a £1000 in our cashback survey competition; open to UK and Ireland residents 18+, entries close 21/09/25, terms and conditions apply.

Grab Yourself £100 Competition Terms and Conditions

Win £100 when you buy a gift card. UK, 18+, entries close 01/07/24, terms and English law apply.

Win Back Wednesday Competition Terms & Conditions

Terms and Conditions for a chance to win the value of your gift card purchase back into your wallet.

Cookies

Basket's Cookie Policy is all about you – enhancing your browsing, tailoring your shopping experience, and keeping your data safe while you explore and shop with us.

Terms of Service

This policy ensures your experience with our app and browser extension is safe, fair, and enjoyable, focusing on responsible use, content management, and mutual respect.