MyRoutine← Back

Legal

Privacy Policy

Last updated: June 2026

1. Who we are

MyRoutine is operated by Bye Bye Holdings Ltd, a company registered in England and Wales.

Bye Bye Holdings Ltd
2a Swordfish Business Park
Swordfish Close, Higgins Lane
Burscough, Lancashire
England, L40 8JW
hello@myroutine.health

2. What data we collect

We collect the following personal data when you use MyRoutine:

  • Account data: your email address and display name when you register.
  • Profile data: your username, bio, profile photo, and social media handles that you choose to add.
  • Content data: routines, products, affiliate links, discount codes and images you upload.
  • Usage data: clicks on product links, pages visited, and general interaction data used to produce analytics.
  • Technical data: IP address, browser type, device type, and approximate location derived from IP.
  • Waitlist data: your email address if you join our waitlist before registering.

3. How we use your data

We use your personal data to:

  • Provide, operate, and improve the MyRoutine platform.
  • Send you service-related emails (account confirmation, password resets, important updates).
  • Send you marketing and informational emails about new features, creator tips, and affiliate opportunities — where you have given consent or we have a legitimate interest in doing so.
  • Provide you with click analytics on your profile and product links.
  • Detect and prevent fraud, abuse, or violations of our Terms of Service.
  • Comply with legal obligations.

4. Legal basis for processing (UK GDPR)

We rely on the following legal bases to process your data:

  • Contract performance: to provide the service you have signed up for.
  • Consent: for marketing emails and non-essential cookies. You may withdraw consent at any time.
  • Legitimate interests: to improve our service, prevent fraud, and communicate relevant updates to existing users.
  • Legal obligation: where required by law.

5. Marketing emails

We send useful informational and marketing emails to registered users and waitlist subscribers. These may include platform updates, creator tips, affiliate programme recommendations, and product news. Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing hello@myroutine.health. Unsubscribing from marketing emails will not affect service-related communications.

6. Third-party processors

We do not sell your personal data. We share it only with the following trusted processors who act on our behalf. All are bound by data processing agreements and must protect your data in accordance with UK/EU GDPR.

Google Analytics 4

We use Google Analytics 4 to collect anonymised page-view and usage analytics. IP addresses are anonymised before processing and are not stored in identifiable form. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by managing cookies at /cookies.

Supabase

We use Supabase for database storage and authentication. Supabase is SOC 2 Type II certified and processes data in the EU and US under standard contractual clauses. See Supabase’s Privacy Policy.

Stripe

Payment processing is handled by Stripe. Stripe is PCI DSS Level 1 certified and does not store your full card details on our systems. See Stripe’s Privacy Policy.

Tolt

We use Tolt for referral tracking. Tolt records referral attribution when you arrive via a referral link, enabling us to credit referring users. See Tolt’s Privacy Policy.

Vercel

MyRoutine is hosted on Vercel, which serves requests via a UK/EU edge network. Vercel may process request metadata (including IP addresses) for performance and security purposes. See Vercel’s Privacy Policy.

7. Data retention

We retain your personal data for as long as your account is active. If you close your account and request deletion, we will delete or anonymise your personal data within 30 days of that request, except where we are required by law to retain it for longer (for example, financial records). Anonymised analytics data may be retained indefinitely as it cannot be linked back to you.

8. Your rights under GDPR / UK GDPR

You have the following rights in relation to your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Portability — receive your data in a structured, machine-readable format and transfer it to another controller.
  • Restriction — ask us to restrict processing of your data in certain circumstances.
  • Objection — object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent — at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at hello@myroutine.health. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Cookies

We use cookies and similar technologies to operate the platform, keep you signed in, and — where you consent — to analyse usage via Google Analytics 4. For a full breakdown of the specific cookies we set, who sets them, and how long they last, see our Cookie Policy.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the platform. Continued use of MyRoutine after changes take effect constitutes acceptance of the updated policy.