Skip to content
    Official Media Partner: NRF 2026 APAC - Singapore, June 2-4
    Monday, April 6, 2026
    Retail News AI

    Privacy Policy

    Last updated: March 2026

    1. Data Controller

    Retailnews.ai ("we," "our," or "us") is the data controller responsible for your personal data. If you have questions about this Privacy Policy or wish to exercise your data rights, you can contact us at:

    2. Information We Collect

    Information You Provide

    We may collect information you voluntarily provide, including:

    • Name and email address when subscribing to our newsletter
    • Your preferred newsletter delivery frequency (daily or weekly)
    • Contact information when you reach out to us via our contact form
    • Account credentials if you create an account

    Automatically Collected Information

    When you visit our website, we may automatically collect:

    • Device information (browser type, operating system)
    • IP address and approximate location (country-level)
    • Pages viewed, time spent on our site, and referring website addresses
    • Traffic source and UTM campaign parameters
    • Anonymous session identifiers (not linked to your identity)

    3. Legal Basis for Processing (GDPR Art. 6)

    We process your personal data on the following legal bases:

    • Consent - When you subscribe to our newsletter, submit a contact form, or accept non-essential cookies (analytics, advertising). You may withdraw consent at any time.
    • Legitimate interest - For website analytics (understanding how visitors use our site to improve content and performance), security monitoring (detecting and preventing abuse), and operating our business.
    • Legal obligation - Where we are required to retain data to comply with applicable laws.

    4. How We Use Your Information

    We use the information we collect to:

    • Deliver our newsletter and content updates at your chosen frequency
    • Respond to your inquiries and requests
    • Improve our website, content, and services
    • Analyse usage patterns and trends (using anonymised data)
    • Display relevant advertising (with your consent)
    • Detect and prevent security threats, abuse, and fraudulent activity
    • Comply with legal obligations

    5. Cookies and Tracking Technologies

    We use cookies and similar tracking technologies to enhance your experience. When you first visit our site, a cookie consent banner allows you to accept or reject non-essential cookies. The categories are:

    • Necessary cookies - Required for the site to function (e.g. cookie consent preference, session identifiers). Always active.
    • Analytics cookies - Help us understand how visitors use the site, powered by Google Analytics (GA4). Only activated with your consent.
    • Advertising cookies - Enable personalised advertising. Only activated with your consent.

    For a full list of all cookies and tracking technologies we use, please see our Cookie Policy.

    You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, which will re-display the consent banner. You can also control cookies through your browser settings.

    6. Data Processors and Third-Party Services

    We share your data with the following third-party service providers (data processors) who process data on our behalf:

    • Google Analytics (Google LLC) - Website analytics. Data may be transferred to the US under Google's data processing terms. Google Privacy Policy
    • Resend - Email delivery service for newsletters and transactional emails. Resend Privacy Policy
    • ipapi.co - Country-level geolocation lookup based on IP address, used for anonymous analytics. No personal data is stored by this service on our behalf.
    • Supabase (via Lovable Cloud) - Database hosting, authentication, and backend infrastructure. Data is stored on servers within the AWS network. Supabase Privacy Policy
    • Prerender.io - Server-side rendering for search engine optimisation. Processes page URLs only, no personal data.

    7. International Data Transfers

    Some of our data processors are based outside the UK and European Economic Area (EEA), including in the United States. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Data processing agreements with all third-party processors
    • Reliance on adequacy decisions where applicable

    8. Data Retention

    We retain personal data for the following periods:

    • Newsletter subscribers - Retained for as long as your subscription is active. You can unsubscribe at any time, after which your data will be deleted within 30 days.
    • Contact form submissions - Retained for up to 12 months to handle your inquiry.
    • Analytics data (page views) - Retained indefinitely in anonymised/aggregated form. No personal identifiers are stored.
    • Security logs (failed login attempts) - Automatically deleted after 7 days.
    • Sensitive data access logs - Automatically deleted after 90 days.
    • Account data - Retained for the duration of your account. Upon deletion, data is removed within 30 days.

    9. Data Security

    We implement appropriate technical and organisational measures to protect your personal information, including:

    • Encryption in transit (TLS/HTTPS) for all data exchanges
    • Row-level security policies on our database to restrict data access
    • IP-based rate limiting to prevent abuse of forms and APIs
    • Admin re-authentication required for sensitive data exports
    • Audit logging of all access to personal data by administrators

    However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

    10. Your Rights

    Under the UK GDPR and EU GDPR, you have the following rights:

    • Right of access - Request a copy of the personal data we hold about you
    • Right to rectification - Request correction of inaccurate or incomplete data
    • Right to erasure - Request deletion of your personal data ("right to be forgotten")
    • Right to restrict processing - Request that we limit how we use your data
    • Right to data portability - Receive your data in a structured, commonly used format
    • Right to object - Object to processing based on legitimate interest
    • Right to withdraw consent - Withdraw consent at any time (e.g. unsubscribe from newsletter, reject cookies)

    To exercise any of these rights, please email privacy@retailnews.ai. We will respond within 30 days.

    11. Right to Complain

    If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is:

    • Information Commissioner's Office (ICO)
    • Website: ico.org.uk
    • Helpline: 0303 123 1113

    If you are in the EU, you may contact your local data protection authority. A list is available at edpb.europa.eu.

    12. Children's Privacy

    Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected data from a child, please contact us at privacy@retailnews.ai and we will delete it promptly.

    13. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify newsletter subscribers via email.

    14. Contact Us

    If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@retailnews.ai.