Q
Quidio← Back to home

Privacy Policy

Last updated: 18 March 2026

Data controller: Quidio Ltd, a company registered in England and Wales (company number 17082575), whose registered office is at Venture House, 2 Arlington Square, Downshire Way, Bracknell, England, RG12 1WA (“we”, “us”, “our”).

Contact: contact@quidio.ai

This policy explains how we collect and use personal data when you use our websites (quidio.ai and quidio.shop), mobile application, and related services (together, the “Services”). We are registered with the Information Commissioner’s Office (registration number — pending application C1893240).

1. Data We Collect

We collect personal data that you provide to us and data generated through your use of the Services.

  • Account data: name, email address, phone number, postal address.
  • Identity verification data: where required for seller onboarding, identity documents and verification results processed by our payment provider Stripe.
  • Transaction data: purchase and sale records, payment method details (we do not store full card numbers), payout information.
  • Device and usage data: IP address, device identifiers, browser type, operating system, pages visited, actions taken within the Services.
  • Communications: messages between buyers and sellers, support correspondence.
  • Listing data: photographs, item descriptions, and AI-generated content associated with seller listings.

2. How We Use Your Data

We process personal data only where we have a lawful basis to do so.

  • Performance of contract: to provide the Services, process transactions, facilitate delivery, manage your account, and handle disputes and refunds.
  • Legal obligation: to comply with tax, accounting, and regulatory requirements, including anti-money laundering obligations.
  • Legitimate interests: to detect and prevent fraud, enforce our terms, improve the Services, and ensure platform security. We balance these interests against your rights and do not use this basis where the impact on you would be disproportionate.
  • Consent: where we send you marketing communications. You may withdraw consent at any time by using the unsubscribe link in any marketing email or by contacting us.

3. Data Sharing

We share personal data with the following categories of recipient. We do not sell personal data.

  • Stripe: our payment processor. Stripe processes payment and identity verification data under its own privacy policy.
  • Delivery partners: shipping and tracking providers receive recipient name, address, and order reference to facilitate delivery.
  • AI service providers: listing photographs and descriptions are processed by third-party AI services to generate listing content. These providers process data as our sub-processors under data processing agreements.
  • Professional advisers: solicitors, accountants, and auditors where necessary for legal, tax, or audit purposes.
  • Law enforcement and regulators: where we are required by law or where necessary to protect our rights, your safety, or the safety of others.
  • Buyers and sellers: transaction-related information is shared between the parties to a transaction to the extent necessary to complete the sale and delivery.

4. International Transfers

Some of our service providers (including Stripe and AI service providers) may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the ICO or transfers to countries with an adequacy decision.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. In general:

  • Account data: retained for the duration of your account and for 12 months after account closure, unless a longer period is required by law.
  • Transaction records: retained for 7 years from the date of the transaction to comply with tax and accounting obligations.
  • Dispute records: retained for 120 days after transaction completion, or until the dispute is fully resolved, whichever is later.
  • Device and usage data: retained for 12 months from collection.

6. Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate personal data.
  • Erase your personal data, subject to our legal retention obligations.
  • Restrict processing in certain circumstances.
  • Data portability: receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at contact@quidio.ai. We will respond within one month. If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ico.org.uk).

7. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. Payment processing is handled by Stripe, which is certified to PCI DSS Level 1. We do not store full card numbers on our systems.

8. Children

The Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it.

9. Changes to This Policy

We may update this policy from time to time. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.