Free shipping over 499 kr.30-day free returnsCurated, vetted brandsMobilePay · Klarna · CardModest fashion, made simple

Loading…

Free shipping over 499 kr.30-day free returnsCurated, vetted brandsMobilePay · Klarna · CardModest fashion, made simple

For brands

Legal

Privacy Policy

How we handle your personal data.

Last updated 2026-05-18

This policy explains how Modestly processes personal data when you use our platform. We are the data controller within the meaning of the General Data Protection Regulation (GDPR).

Controller: Modestly ApS, [TODO_LEGAL:registeredAddress.line1], [TODO_LEGAL:registeredAddress.postalCode] [TODO_LEGAL:registeredAddress.city], CVR-nr. [TODO_LEGAL:cvr]. Contact: hello@modestly.dk.

What we collect

Account data: name, email, password (hashed), optional phone.
Order data: shipping address, billing details, items purchased, order history.
Payment data: handled by Stripe; we never see or store your card number.
Usage data: IP address, device/browser info, basic analytics events (only with your consent — see Cookie Policy).
Communications: emails and support tickets you send us.

Legal bases (Art. 6 GDPR)

Contract: processing your account, orders, payments, shipments, returns.
Legal obligation: Danish accounting law (bookføringsloven, 5-year invoice retention), VAT records.
Legitimate interest: fraud prevention, platform security, anonymous analytics.
Consent: non-essential cookies, marketing emails. Withdrawn at any time.

Who we share data with (processors)

We use the following sub-processors:

Supabase (database, auth, file storage) — hosted in the EU.
Stripe Payments Europe Ltd. (Ireland) — payment processing.
Algolia — product search indexing (no PII beyond product/brand catalog data).
Resend — transactional email delivery.
Sentry — error monitoring. May incidentally capture user identifiers in error contexts.
Vercel — hosting and content delivery.
Partner brands — receive the items, shipping address, and contact email needed to fulfil your order. They are independent controllers for fulfilment.

We have signed Data Processing Agreements (DPAs) with each processor. For any transfer outside the EU/EEA we rely on the EU Commission Standard Contractual Clauses (SCCs).

Retention

Account data: until you delete your account, then 30 days for reversal.
Order & invoice records: 5 full financial years (bookføringsloven).
Analytics: 14 months max.
Marketing email consent: until you unsubscribe.

Your rights

Under GDPR you may:

Access your data and request a copy (data portability).
Correct inaccurate data.
Request deletion (subject to retention duties listed above).
Restrict or object to processing.
Withdraw consent at any time.
Lodge a complaint with Datatilsynet (datatilsynet.dk).

To exercise these rights, sign in to your account (Account > Data & privacy) or email hello@modestly.dk. We will respond within 30 days.

Security

We use industry-standard measures: encrypted transport (HTTPS), encrypted database, hashed passwords, role-based access controls. No system is 100% secure; please notify us immediately of any suspected breach affecting your account.

Changes to this policy

We will post any material changes on this page and notify registered users by email.