We believe in radical transparency. Shopworth collects minimal data, never sees your supermarket login or payment details, never sells your information, and gives you full control over your account.
1. Who we are
Shopworth Ltd is a company registered in England and Wales. Our registered address is [Registered Address — to be updated]. You can contact us at hello@shopworth.co.uk.
For the purposes of UK GDPR and the Data Protection Act 2018, Shopworth Ltd is the data controller.
2. What data we collect
We collect only what's needed to provide the service:
Account information
- Email address (for login and communication)
- Name (optional, for personalisation)
- Postcode (for delivery availability — we never store your full address)
- Household size and shopping frequency (to personalise recommendations)
Shopping data
- Products you add to your list
- Which loyalty cards you hold (Clubcard, Nectar, etc. — we do NOT store card numbers)
- Shopping frequency and purchase history within Shopworth
- Store preferences
Technical data
- Device type and operating system
- IP address (anonymised for analytics)
- App usage patterns (which screens you visit, features you use)
We NEVER collect: supermarket login credentials, loyalty card numbers, bank details, payment card information, your full home address, or any data you enter on retailer websites during checkout.
3. How we use your data
We use your data to:
- Compare grocery prices across supermarkets for your basket
- Apply the correct loyalty pricing (Clubcard, Nectar, etc.) based on which cards you hold
- Learn your shopping patterns and pre-build your basket
- Provide AI-powered shopping assistance
- Generate savings reports showing how much you've saved
- Send you service emails (login links, optional launch updates)
- Improve the product through anonymised, aggregated analytics
4. Legal basis for processing
We process your data under the following legal bases (UK GDPR Article 6):
- Contract: Processing necessary to provide you with the Shopworth service
- Consent: Marketing emails and waitlist signup (you can withdraw at any time)
- Legitimate interest: Product improvement through anonymised analytics
5. How we store and protect your data
- All data is stored on servers located in the UK (AWS eu-west-2, London)
- Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Database access is restricted to authorised systems only
- We conduct regular security reviews
- Passwords are not stored — we use passwordless magic link authentication
6. Who we share your data with
We do NOT sell your data. Ever. We share data only with:
- Cloud hosting: Amazon Web Services (UK region) — to run the service
- Email delivery: To send login links and service notifications
- Analytics: Anonymised, aggregated usage data only — never individual data
7. In-app checkout (how it works)
When you tap "Buy from [Store]" in Shopworth, we open the retailer's grocery website inside the app using a secure browser window (called a "webview"). This is similar to opening a web page inside the app. Here is exactly what happens:
What YOU do
- You log into the retailer's website directly — just as you would in Chrome or Safari
- You review the basket on the retailer's website
- You complete payment on the retailer's website using your own payment method
What SHOPWORTH does
- Opens the retailer's real website inside the app
- Sets an affiliate tracking cookie so we earn a small commission (see Section 8)
- After you log in, runs a script that adds your Shopworth basket items to the retailer's basket automatically — saving you from adding them one by one
- Monitors the page URL to detect when you've logged in and when your order is complete
YOUR LOGIN GOES DIRECTLY TO THE RETAILER. Shopworth NEVER sees, intercepts, stores, logs, or transmits your supermarket username, password, payment card details, or bank information. This is technically impossible in our architecture — your credentials travel directly from the webview to the retailer's secure servers over HTTPS encryption.
What SHOPWORTH can see during checkout
- The URL of the page you are on (to detect login success and order confirmation)
- Messages from our basket-adding script (item names and whether they were added successfully)
- Cookies set in the browser session (for affiliate tracking only)
What SHOPWORTH CANNOT and DOES NOT see
- Your retailer username or email
- Your retailer password
- Your payment card number, expiry, or CVV
- Your bank account details
- Your delivery address stored at the retailer
- Your retailer order history
- Any data entered into login or payment forms
Our basket-adding script ONLY interacts with the retailer's "add to basket" functionality. It does not read, access, or interact with login forms, payment forms, account pages, or any personal data displayed on the retailer's website. You can review our code — we are committed to being open about what our technology does.
Your control
- You can close the checkout window at any time
- You are never auto-charged — you must complete payment yourself on the retailer's site
- You can choose to shop at the retailer's website directly instead of using in-app checkout
- The retailer's own privacy policy and terms apply once you are on their website
8. Affiliate links and how we earn money
Shopworth is free to use. We earn money through affiliate commissions:
- When you check out via Shopworth, an affiliate tracking cookie is set in the browser session
- This tells the retailer that Shopworth referred you
- If you complete a purchase, we earn a small commission (typically 5-8% of your basket value)
- This costs you nothing — you pay the same price as if you visited the retailer directly
- The retailer does not receive your Shopworth account data
- We do not receive your payment details or retailer account data
This affiliate model is how we keep Shopworth free. We will never charge you for price comparison.
9. Cookies and tracking
Our website (shopworth.co.uk) uses:
- Essential cookies: For form submission (Netlify)
- No advertising cookies
- No third-party tracking pixels
The Shopworth mobile app does not use cookies for tracking. The in-app checkout browser uses cookies only for retailer login sessions and affiliate tracking (see Section 7 and 8 above).
10. Your rights
Under UK GDPR, you have the right to:
- Access: Request a copy of all data we hold about you
- Rectification: Ask us to correct inaccurate data
- Erasure: Ask us to delete your account and all associated data ("right to be forgotten")
- Portability: Request your data in a machine-readable format
- Objection: Object to processing based on legitimate interest
- Withdraw consent: Unsubscribe from marketing at any time
To exercise any of these rights, email hello@shopworth.co.uk. We will respond within 30 days.
11. Data retention
- Active accounts: Data retained while your account is active
- Deleted accounts: All personal data deleted within 30 days of account deletion
- Waitlist emails: Retained until launch, then deleted unless you create an account
- Anonymised analytics: Retained indefinitely (cannot be linked back to you)
12. Children's data
Shopworth is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. The "last updated" date at the top will always reflect the latest version.
14. Contact us
If you have any questions about this privacy policy or how we handle your data:
- Email: hello@shopworth.co.uk
- Company: Shopworth Ltd, registered in England and Wales
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.