Privacy Policy

MUAIn.UK (“we”, “us”, “our”) is a platform operated in the United Kingdom. We are the data controller responsible for your personal data.

If you have any questions, contact us at privacy@muain.uk.

For Makeup Artists (Registered Users)

• Account information: name, email address, password (encrypted)
• Profile information: display name, bio, tagline, phone number, website, Instagram handle
• Location data: city, postcode (used for geolocation only — see Section 5)
• Portfolio: images you upload to showcase your work
• Services: descriptions, pricing, and duration of services you offer
• Payment information: processed securely by Stripe — we do not store card details
• Subscription data: plan tier, subscription status, billing dates

For Visitors and Clients

• Search queries: location and category searches (not linked to identity)
• Usage data: pages visited, referrer, browser type (collected anonymously)
• Cookies: essential cookies for site functionality (see Section 8)

• To create and maintain your artist profile on our directory
• To display your profile in search results so clients can find you
• To show your approximate location on our interactive map
• To process subscription payments via Stripe
• To send important service-related communications (account changes, billing)
• To provide analytics about your profile views
• To improve our platform and user experience

Under the UK General Data Protection Regulation (UK GDPR), we process your data on the following bases:

• Contract: processing necessary to provide our directory service and manage your subscription
• Legitimate interest: improving our service, security monitoring, and analytics
• Consent: for marketing communications (you can opt out at any time)
• Legal obligation: where required by law (e.g., tax records for payments)

We share your data only with the following third parties, and only as necessary:

• Supabase: our database and authentication provider (data stored in the EU)
• Stripe: payment processing (PCI DSS compliant)
• Mapbox: map display and geocoding (search coordinates only, no personal data)
• Vercel: our hosting provider

We do not sell your personal data to third parties. We do not share your data with advertisers.

• Active accounts: data is retained while your account is active
• Deleted accounts: personal data is deleted within 30 days of account deletion, except where we are legally required to retain it (e.g., payment records for up to 6 years)
• Analytics data: anonymised profile view data may be retained indefinitely

We use the following types of cookies:

• Essential cookies: required for authentication and site functionality (cannot be disabled)
• Analytics cookies: help us understand how visitors use our site (can be disabled)

We do not use advertising or tracking cookies.

Under UK GDPR, you have the following rights:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: correct inaccurate data (you can do this directly from your dashboard)
• Right to erasure: request deletion of your account and associated data
• Right to restriction: request that we limit how we use your data
• Right to data portability: receive your data in a machine-readable format
• Right to object: object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@muain.uk. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted password storage (bcrypt hashing)
• Row-level security policies on our database
• Regular security reviews and updates
• Access controls limiting who can access personal data

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in compliance with UK GDPR.

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this privacy policy from time to time. We will notify registered users of significant changes by email. The “last updated” date at the top of this page indicates when it was last revised.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113