Daft Pulp

Privacy

Privacy Policy

Last updated: May 2026

Data controller

Daft Pulp is operated by Otto Gisow, based in Malmö, Sweden. For any privacy question or to exercise your rights under GDPR, contact hello@daftpulp.com.

What we collect

  • Account data. Email address and optional display name. Authentication is via Supabase Auth (magic link or Google OAuth).
  • Wardrobe data. Items you add manually — names, brands, sizes, colors, purchase prices, wear counts.
  • Style preferences. Quiz responses, saved products, and search queries you submit.
  • Price tracking data. URLs you ask us to monitor and the alert thresholds you set.
  • Usage data. Aggregate page views and feature interactions, kept in our internal `style_events` table for product analytics.
  • AI interaction data. Roast results, wardrobe builds, and stylist conversations you generate.

How we use it

We use your data to personalize recommendations, generate AI style advice, send price-drop alerts, and improve the product. We never sell your data and we don't share it with advertisers.

Third-party services

We rely on a small set of vetted processors. Each one only receives the minimum data needed to do its job.

  • Supabase — database and authentication, hosted in the EU (Ireland).
  • Vercel — site hosting via global edge network.
  • Anthropic — Claude API powers our AI features. Conversations are processed but not stored by Anthropic per their API terms.
  • OpenAI — used only for product-description embeddings. No personal data is sent.
  • Resend — transactional email (price-drop alerts only).
  • ShopMy — affiliate-link tracking for product recommendations.

Cookies

We use essential cookies only — the Supabase authentication session cookie. No analytics cookies, no advertising cookies, no third-party tracking.

Data retention

Account data is retained until you ask us to delete it. AI conversations are not persisted beyond the session. Roast and build results are stored against a UUID and contain no personal identifiers in the result body itself.

Your rights

Under GDPR you have the right to access, rectify, erase, and port your personal data, and to object to processing. To exercise any of these rights, email hello@daftpulp.com. We'll respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority. In Sweden that's the IMY (Integritetsskyddsmyndigheten).

International data transfers

Your data is primarily stored in the EU (Supabase, Ireland). Vercel's edge network may cache static content globally. Anthropic processes API calls in the US, but does not retain the content. All transfers outside the EU are protected by Standard Contractual Clauses.

Age

Daft Pulp is intended for users aged 16 and over. If we learn that we hold data on a user under 16 without a parent's consent, we'll delete it.

Changes to this policy

We'll update this page when our practices change and update the “last updated” date at the top. Material changes will also be communicated by email to affected users.

Built in Malmö, Sweden.