Privacy Policy
How we handle your personal data under the GDPR.
Last updated: 2026-06-24
1. Data controller
XNails Club is the data controller for the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR).
2. What data we collect
When you become a member we collect: - Name, email address and phone number - Delivery address - Payment information (handled by Stripe — we do not store card details) - Order and delivery history - Your chat messages with the AI stylist - Likes, saves and items you have skipped - Points, streak and other activity data When you subscribe to the newsletter we collect your email address.
3. Why we process your data
We process your data in order to: - Perform our contract with you (deliver the subscription) - Send order confirmations, SMS about the month's box and delivery updates - Personalise the AI stylist's suggestions - Handle customer service and complaints - Run the points and rewards programme - Send newsletters (if you have given consent) - Comply with statutory bookkeeping requirements (7 years)
4. Legal basis
- Performance of contract: to deliver the subscription - Legitimate interest: for customer service, AI recommendations and improving the service - Consent: for newsletters and SMS marketing beyond purely transactional messages - Legal obligation: for bookkeeping
5. The AI stylist and automated decisions
The AI stylist offers suggestions based on your profile and your likes. You can always swap, approve or pause suggestions — no decisions are made without the option of human review. Chat history is used to improve your suggestions and may be used in anonymised form to develop the service.
6. Sharing your data
We share your data with: - Stripe (payment processing) - Carriers (delivery) - Email and SMS providers (Resend, Twilio or equivalent) - AI providers (Anthropic) for the chat feature, under a data processing agreement - Bookkeeping and VAT tools (legal requirement) We never sell your data to third parties.
7. Transfers outside the EU/EEA
Some of our providers may process data outside the EU/EEA. When that happens we ensure an adequate level of protection through the European Commission's standard contractual clauses or other approved mechanisms.
8. Storage
Your data is stored for as long as is necessary for the purpose. Order data is kept for 7 years to meet statutory bookkeeping requirements. Active subscription data is kept for as long as the membership is active and for 36 months afterwards for support and analytics. Chat history is deleted or anonymised within 24 months of the membership ending.
9. Your rights
Under the GDPR you have the right to: - Request access to your personal data - Request rectification of inaccurate data - Request erasure ("the right to be forgotten") - Request restriction of processing - Object to processing - Request data portability - Withdraw consent Get in touch at help@xnails.se to exercise your rights.
10. Cookies
We use necessary cookies for the website to work. No tracking cookies are used without your consent. Read more in our Cookie Policy.
11. Supervisory authority
If you believe we are processing your data unlawfully, you can lodge a complaint with the data protection authority in your country of residence within the EU/EEA.
12. Contact
XNails Club Email: help@xnails.se Web: https://club.xnails.co/en