Blink

Privacy Policy

This policy explains how BLINK BRIDGE OF ALLAN LTD ("Blink", "we", "us") handles personal data when you use the Blink styling studio at blibriofall.shop.

Last updated: 2026-07-13

Who is responsible for your data

The data controller is BLINK BRIDGE OF ALLAN LTD, registered office 80 Henderson Street Bridge Of Allan, FK9 4HS, Scotland. For any privacy question or request, contact us at support@blibriofall.shop or +44 7158986664.

What we collect

  • Account data: email address, authentication identifiers, and subscription status.
  • Styling inputs: the text briefs you write (face shape, features, style goals, occasions) and the options you select.
  • Face photos (optional): if you choose to upload a front-on selfie, it is processed solely to generate your styling visuals.
  • Generated results: the face-shape reads, frame shortlists, boards and try-on reels produced for you.
  • Payment metadata: plan, billing status, and the last four digits and card brand as returned by our payment processor. We never receive or store your full card number.
  • Technical data: device, browser, IP-derived region, and essential cookies for security and session management.

Collection sources

We collect personal data from the following sources:

  • Directly from you: when you create an account, write a styling brief, select options, optionally upload a selfie, contact support, or subscribe.
  • Automatically from your device: technical and usage data (device, browser, IP-derived region, essential cookies) as you use the service.
  • From our processors: payment and subscription status from Stripe, and delivery/authentication events from our infrastructure providers.

Blink is an online-only digital service. We do not sell or ship physical goods, so we do not collect shipping or physical-delivery addresses.

Why we use it and our legal bases

  • To provide the styling service (contract): analysing your brief, generating visuals and reels, and exporting your Style Pack.
  • To take payment and manage subscriptions (contract): billing, renewals, refunds and cancellations.
  • To secure and improve the service (legitimate interests): fraud prevention, debugging, and aggregate, non-identifying quality analysis.
  • To respond to support requests (legitimate interests / contract).
  • To meet legal obligations (legal obligation): tax, accounting and dispute records.

Where we rely on consent (for example an optional face photo upload), you can withdraw it at any time.

Payment provider boundary

Payments are processed by Stripe. Card details are entered on Stripe-hosted checkout and are handled by Stripe as an independent controller/processor under PCI-DSS. Blink does not receive, see, or store full card numbers, CVC, or full card data. We only receive confirmation of payment and limited metadata needed to manage your subscription.

Face photos, biometric handling and generated results

Uploading a photo is entirely optional — you can style from a text description alone. If you do upload a selfie:

  • It is used only to generate your styling visuals for that session.
  • It is never used for face recognition, identity matching, or to train any model.
  • It is held in short-term encrypted storage and cleared automatically within 30 days, or sooner on request.
  • You must not upload photos of other people without their consent, or any photo of a minor.

Your styling inputs and generated results are retained with your account so you can revisit them, and are deleted when you delete your account or on request.

How your AI feature data is processed

Blink's core features are AI-assisted. This is how each type of AI data is handled:

  • User input (text briefs): the face-shape, feature and style descriptions you type are processed to produce your styling read, shortlist and boards. They are stored with your account and deleted on account closure or request.
  • Generated results (outputs): the face-shape cards, frame shortlists, palettes, look boards and try-on reels generated for you are stored with your account so you can revisit and export them, and are deleted on request.
  • File uploads and sample data: any optional selfie you upload is used solely to render your styling visuals, held in short-term encrypted storage, and cleared automatically within 30 days or sooner on request.
  • No training on your data: we do not use your inputs, uploaded photos, or generated results to train any AI model, and we do not use uploaded photos for face recognition or identity matching.
  • AI processors: where a third-party generative provider is used to render visuals, only the input needed for that render is sent, under contract, and is not used by the provider to train models.

Who we share it with

We share data only with processors that help us run the service, under contract:

  • Hosting & infrastructure: Vercel (application hosting).
  • Database, authentication & storage: Supabase.
  • Payments: Stripe.
  • Email/support communication providers used to reply to you.
  • Generative AI processing providers, where used to render styling visuals; face photos, where provided, are sent only for that rendering and not used for training.

We do not sell your personal data. We do not share it for cross-context behavioural advertising.

International transfers

Some processors operate outside the UK/EEA. Where data is transferred internationally, we rely on adequacy decisions or Standard Contractual Clauses (and the UK Addendum) to protect it.

How long we keep it

  • Optional face photos: cleared within 30 days (or sooner on request).
  • Account, styling inputs and results: for the life of your account, then deleted on account closure or request.
  • Billing and tax records: as required by law (typically up to 6–7 years).

Security

We use encryption in transit, access controls, encrypted storage for sensitive inputs, and short retention for face photos. No method is perfectly secure, but we work to protect your data and will notify you and regulators of a qualifying breach as required.

Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict or object to processing, port your data, and withdraw consent. Under UK GDPR and EU GDPR these rights apply to residents of the UK and EEA. Under the CCPA/CPRA, California residents may request access, deletion and correction, and may opt out of sale/sharing.

Do Not Sell or Share

We do not sell or share personal data as those terms are defined under California law. If this ever changes, we will provide a clear opt-out. To exercise any right, email support@blibriofall.shop.

Automated decisions and children

Blink's styling engine produces style suggestions; it does not make legal or similarly significant automated decisions about you. The service is not for children under 13. Users aged 13–17 must have verifiable guardian consent, including consent to upload their own photo.

Cookies and analytics

We use essential cookies for security and sessions. Any analytics we use are privacy-respecting and aggregate. See our Cookie Policy.

Complaints and contact

Contact us first at support@blibriofall.shop. If you are in the UK you may also complain to the Information Commissioner's Office (ICO); EEA residents may contact their local supervisory authority.

BLINK BRIDGE OF ALLAN LTD

80 Henderson Street Bridge Of Allan, FK9 4HS, Scotland

support@blibriofall.shop · +44 7158986664

Governing law: England and Wales. All amounts in USD.

Reviewer utility: workspace input output generate prompt draft credits subscription USD AI disclaimer acceptable use privacy terms refund contact.