Privacy Policy
Last updated: February 2026
Borrowed is a peer-to-peer marketplace connecting people who want to borrow everyday items with neighbours willing to lend them. This Privacy Policy explains what information we collect, how we use it, and your rights under UK GDPR.
Borrowed ("we", "us", "our") operates the Borrowed mobile application and the website at useborrowed.com. By using our service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
When you use Borrowed, we collect the following types of information:
- Account information: Your name, email address, phone number, and photo ID (used for identity verification).
- Payment information: Payment details are processed securely via Stripe. We do not store credit card numbers on our servers.
- Condition check photos: Four-angle photographs taken at item pickup and return. These images are GPS-tagged, timestamped, and stored securely for dispute resolution purposes.
- Loan and booking records: Details of items you list, lend, or borrow, including item descriptions, dates, durations, pricing, and transaction status.
- Trust scores: Your trust score is calculated from your transaction history, including punctuality, item condition upon return, communication responsiveness, and reviews from other users.
- Device information: Device type, operating system, unique device identifiers, and Expo push notification tokens.
- Location data: Approximate location used to show nearby listings and to GPS-tag condition check photos.
- Usage analytics: Anonymised usage data such as feature usage frequency and session duration to help us improve the app.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Borrowed marketplace, including matching borrowers with lenders and processing transactions.
- Verify user identities to maintain a trusted community.
- Process payments securely through Stripe.
- Calculate and display trust scores to other marketplace users.
- Store condition check photos for dispute resolution and item protection.
- Send push notification reminders about bookings, returns, and marketplace activity.
- Improve and develop new features based on anonymised usage analytics.
- Respond to your support requests and communicate service updates.
- Enforce our Terms of Service and Protection Programme.
3. Condition Check Photos
Four-angle photos are taken at both pickup and return. These images are GPS-tagged and timestamped to create a verifiable record of the item's condition. They are used exclusively for dispute resolution and are stored securely in our cloud infrastructure.
Condition check photos are accessible only to the parties involved in the transaction and to Borrowed staff when reviewing a dispute. Photos are retained for the duration of your account plus 30 days after any related transaction completes.
4. Payment Data
We do not store credit card numbers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We only store a Stripe customer identifier and the last four digits of your card for display purposes.
5. Trust Scores
Your trust score is calculated from transaction history including punctuality, item condition, communication, and reviews. It is visible to other marketplace users to help build confidence in the community.
Trust scores are updated automatically after each completed transaction. You cannot manually edit your trust score, but you can improve it through positive borrowing and lending behaviour.
6. Data Storage and Security
Your data is stored securely using Supabase, a cloud-hosted database platform. We use row-level security policies to ensure that your data is only accessible to authorised users. All data is transmitted over encrypted connections (HTTPS/TLS).
We implement industry-standard security measures including encryption at rest, regular security audits, and access controls to protect your personal information.
7. Third-Party Services
We do not sell, rent, or trade your personal data to third parties.
We share limited data with the following third-party services solely to operate the marketplace:
- Supabase — Authentication, database, and file storage (including condition check photos).
- Stripe — Payment processing, payouts, and identity verification.
- Expo — Push notification delivery.
These services process data on our behalf and are bound by their own privacy policies and data processing agreements.
8. Push Notifications
Borrowed uses Expo push tokens to send you notifications about booking confirmations, return reminders, payment updates, and marketplace activity. You can disable push notifications at any time through your device settings.
9. Cookies and Tracking
The Borrowed website may use essential cookies for basic functionality. We do not use third-party advertising cookies or cross-site tracking technologies.
10. Data Retention
We retain your data according to the following schedule:
- Active account: All personal data, transaction records, condition check photos, and trust scores are retained for the duration of your account.
- Deleted account: Upon account deletion, all personal data is purged within 30 days.
- Anonymised analytics: Aggregated and anonymised analytics data may be retained indefinitely as it cannot be used to identify you.
11. Your Rights (UK GDPR)
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of any inaccurate or incomplete data.
- Right to erasure: Request deletion of your account and all associated personal data.
- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to object: Object to processing of your personal data for certain purposes, including direct marketing.
- Right to withdraw consent: Withdraw your consent for data processing at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, contact us at hello@useborrowed.com. We will respond to your request within 30 days.
12. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
- Contractual necessity: Processing required to provide the Borrowed marketplace service (account data, transaction records, condition check photos).
- Legitimate interests: Processing for trust score calculation, fraud prevention, and service improvement.
- Consent: Processing for push notifications and optional marketing communications.
- Legal obligation: Processing required to comply with applicable laws and regulations.
13. Children's Privacy
Borrowed is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will delete it promptly.
14. International Data Transfers
Your data may be processed in countries outside the United Kingdom where our third-party service providers operate. Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of Borrowed after changes constitutes acceptance of the updated policy.
16. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:
Email: hello@useborrowed.com
Website: useborrowed.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.