Sampliful
Get Started Request a Demo

Privacy Policy

PRIVACY POLICY

Sampliful  |  www.sampliful.com

Last Updated: February 25, 2026  |  Effective Date: February 25, 2026

Privacy at a Glance: We collect your information to send you product samples and gather feedback on behalf of our Brand Partners. We do not sell your personal data to third parties for independent marketing. You have the right to access, correct, and delete your data at any time by contacting us at privacy@sampliful.com.

 

1. About This Privacy Policy

Sampliful (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit our website at www.sampliful.com, use our mobile applications, request product samples, participate in sampling campaigns, or otherwise interact with our services (collectively, the “Services”).

This policy applies to all users of our Services, including consumers who request product samples, Brand Partners who engage our services, and visitors who browse our website without registering. Please read this policy carefully before using our Services.

This Privacy Policy should be read together with our Terms and Conditions, available at www.sampliful.com/terms-and-conditions, which govern your use of our Services.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated effective date and, where appropriate, by sending you an email notification. Your continued use of the Services following any changes constitutes your acceptance of the revised policy.

 

2. Who We Are and How to Contact Us

Sampliful is the data controller responsible for the personal information collected through our Services. We are the party that determines the purposes and means of processing your personal data.

 

Data Controller:

Sampliful

Website: www.sampliful.com

Privacy Enquiries: privacy@sampliful.com

General Support: support@sampliful.com

 

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our Privacy Team at privacy@sampliful.com. We aim to respond to all privacy enquiries within ten (10) business days.

 

3. What Personal Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you register for an account, request a sample, complete a survey, or otherwise interact with our Services. This includes:

  • Identity Information: Full name, date of birth, and gender (where required for specific campaigns).
  • Contact Information: Email address, postal address (including street address, city, state/county, postcode, and country), and telephone or mobile number.
  • Account Credentials: Username and encrypted password.
  • Demographic Information: Age range, household composition, income bracket, and lifestyle preferences, collected for campaign targeting purposes.
  • Feedback and Reviews: Product ratings, written reviews, photographs, and other User Content you submit following receipt of a sample.
  • Correspondence: Records of communications you send to us, including support enquiries, complaints, and feedback.
  • Survey Responses: Answers to questions about your product preferences, purchasing habits, brand awareness, and lifestyle.

3.2 Information We Collect Automatically

When you visit our website or use our applications, we automatically collect certain technical and usage information through cookies and similar tracking technologies:

  • Device Information: IP address, device type, operating system, browser type and version, device identifiers, and screen resolution.
  • Usage Data: Pages viewed, features used, links clicked, time spent on pages, referral URLs, and navigation paths through our Services.
  • Location Data: General geographic location derived from your IP address. We do not collect precise GPS location data unless you explicitly grant permission.
  • Cookie Data: Information stored by cookies and similar technologies on your device. For full details, please refer to our Cookie Policy in Section 10 below.
  • Log Data: Server logs that record access times, error reports, and performance metrics.

3.3 Information We Receive from Third Parties

We may also receive information about you from third-party sources, which we combine with information we hold about you:

  • Social Media Platforms: If you connect your account to a social media profile or use social login features, we may receive your public profile information and email address from that platform.
  • Brand Partners: Our Brand Partners may share basic eligibility or purchase data to verify campaign participation or enrich campaign insights.
  • Data Enrichment Providers: We may use third-party data providers to verify addresses, validate contact details, or supplement demographic information to improve campaign targeting.
  • Analytics Providers: We receive aggregated usage and performance data from analytics services we use to improve our platform.

3.4 Special Categories of Personal Data

We do not intentionally collect or process special categories of sensitive personal data (such as health information, racial or ethnic origin, religious beliefs, or biometric data) as part of our standard Services. If any specific campaign requires collection of health-related preferences (for example, dietary requirements or allergy information), we will seek your explicit consent at the point of collection and explain how that information will be used.

 

4. How and Why We Use Your Personal Information

We process your personal information only where we have a valid legal basis to do so. The table below sets out the main ways we use your data, the purpose for doing so, and the legal basis we rely on under applicable data protection law.

 

Category of Data Purpose / Why We Collect It Legal Basis
Account Registration & Management To create and manage your account, verify your identity, and maintain your profile preferences. Performance of a contract / Legitimate interests
Sample Request Processing To assess your eligibility for campaigns, approve your request, arrange dispatch, and track delivery of samples to your address. Performance of a contract
Delivery Logistics To share your postal address with our logistics partners and Brand Partners for the sole purpose of delivering your sample. Performance of a contract
Post-Trial Feedback & Reviews To invite you to complete surveys and reviews following receipt of a sample and to collect, process, and share your feedback with the relevant Brand Partner. Performance of a contract / Legitimate interests
Campaign Targeting & Eligibility To match your demographic profile with appropriate campaigns so you receive samples most relevant to your household. Legitimate interests / Consent
Marketing Communications To send you emails, SMS, or push notifications about new sampling campaigns, product launches, and platform updates. Consent
Platform Improvement & Analytics To understand how users interact with our platform, identify technical issues, and improve the performance and design of our Services. Legitimate interests
Fraud Prevention & Security To detect, investigate, and prevent fraudulent sample requests, multiple account creation, and other misuse of the platform. Legitimate interests / Legal obligation
Legal & Regulatory Compliance To comply with applicable laws, respond to lawful requests from public authorities, and enforce our Terms and Conditions. Legal obligation
Customer Support To respond to your enquiries, process complaints, and resolve disputes relating to your account or sample deliveries. Performance of a contract / Legitimate interests

 

Where we rely on “Legitimate Interests” as our legal basis, we have carried out a balancing test to ensure that our interests are not overridden by your rights and interests. You may request a copy of that assessment by contacting privacy@sampliful.com.

Where we rely on “Consent” as our legal basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

 

5. How We Share Your Personal Information

We do not sell, rent, or trade your personal information to unaffiliated third parties for their own independent marketing purposes. We may share your information in the following specific and limited circumstances:

5.1 Brand Partners

We share relevant personal information with Brand Partners in connection with the campaigns you participate in. Specifically, we may share:

  • Your first name and postal address with the Brand Partner or their appointed fulfillment house, solely for the purpose of dispatching your sample.
  • Your feedback, reviews, and survey responses with the Brand Partner so they can analyse consumer opinions of their products.
  • Aggregated and anonymised demographic data with Brand Partners for campaign reporting purposes (this data does not identify you individually).

Brand Partners are contractually required to handle your personal information in compliance with applicable data protection laws and to use it only for the purposes specified. They may not use your data for independent direct marketing without your separate consent.

5.2 Service Providers and Data Processors

We engage trusted third-party service providers to perform functions on our behalf. These providers only process your data under our written instructions and may not use it for their own purposes. Our service providers include:

  • Cloud Hosting & Infrastructure: Providers of servers, databases, and cloud storage services that host our platform and data.
  • Email & SMS Communications: Platforms used to send transactional and marketing communications on our behalf.
  • Logistics & Fulfilment Partners: Courier and postal services that handle the physical dispatch and tracking of sample parcels.
  • Analytics & Reporting Tools: Services that help us understand platform usage, measure campaign performance, and improve user experience.
  • Customer Support Software: Helpdesk platforms used to manage and respond to your support enquiries.
  • Fraud Detection & Verification: Services used to validate addresses, detect duplicate accounts, and prevent misuse of the platform.
  • Payment Processors: If applicable, PCI-DSS compliant services that process any financial transactions associated with Brand Partner accounts.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or other lawful governmental or regulatory request.
  • Protect and defend the rights, property, or safety of Sampliful, our users, or the public.
  • Prevent or investigate possible wrongdoing in connection with our Services.
  • Enforce our Terms and Conditions or other agreements.

5.4 Business Transfers

If Sampliful undergoes a merger, acquisition, corporate restructuring, or sale of all or a material portion of its assets, your personal information may be transferred to the acquiring entity as part of that transaction. We will provide notice of any such transfer on our website and, where required by law, obtain your consent.

5.5 With Your Consent

We may share your personal information with third parties in ways not described above where we have obtained your explicit prior consent to do so. You may withdraw any such consent at any time by contacting privacy@sampliful.com.

 

6. International Data Transfers

Sampliful operates globally, and your personal information may be transferred to, stored, and processed in countries outside of your country of residence, including countries that may not offer the same level of data protection as your home country.

Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or other regions with data transfer restrictions to countries not deemed to provide an adequate level of data protection, we put in place appropriate safeguards to ensure your data remains protected, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent regulatory authority.
  • Adequacy decisions issued by the relevant supervisory authority recognising the destination country as providing adequate protection.
  • Binding Corporate Rules where applicable within our corporate group.

You may request details of the specific safeguards we have in place for any international transfer by contacting privacy@sampliful.com.

 

7. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, to provide the Services, to comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention principles are as follows:

  • Account Information: Retained for the duration of your account and for up to three (3) years following account closure, to handle any residual queries or disputes.
  • Sample Request Records: Retained for five (5) years to maintain an auditable record of campaign participation and delivery.
  • Feedback and Reviews: Retained for the duration of our relationship with the relevant Brand Partner plus one (1) year.
  • Survey Responses: Retained for three (3) years in anonymised or pseudonymised form for research and analysis purposes.
  • Financial and Transaction Records: Retained for seven (7) years in accordance with applicable tax and accounting regulations.
  • Communication Records: Support correspondence retained for two (2) years; legal correspondence retained for seven (7) years.
  • Technical Logs and Analytics: Typically retained for thirteen (13) months in identifiable form, after which they are aggregated and anonymised.

Upon expiry of the applicable retention period, we will securely delete or anonymise your personal information. If you request deletion of your data before the expiry of the relevant retention period, we will honour that request except where we are required to retain the data by law or for the legitimate purposes described above.

 

8. Your Privacy Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information. We are committed to respecting and facilitating the exercise of these rights.

8.1 Right of Access

You have the right to request a copy of the personal information we hold about you, together with information about how we use it. We will provide this information in a clear and intelligible format, free of charge, within thirty (30) days of receiving your verified request.

8.2 Right to Rectification

You have the right to request that we correct any personal information we hold about you that is inaccurate, incomplete, or out of date. You can update most of your information directly through your account settings, or by contacting us at privacy@sampliful.com.

8.3 Right to Erasure (Right to Be Forgotten)

You have the right to request that we delete your personal information where:

  • The data is no longer necessary for the purposes for which it was collected.
  • You withdraw your consent and there is no other legal basis for processing.
  • You object to the processing and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.
  • The data must be erased to comply with a legal obligation.

Please note that we may be unable to fulfil erasure requests where we are required to retain data by law or for legitimate business purposes such as resolving disputes or enforcing agreements.

8.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, for example while we investigate an accuracy dispute or consider an objection you have raised.

8.5 Right to Data Portability

Where our processing is based on your consent or the performance of a contract, and processing is carried out by automated means, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to our processing of your personal information where we rely on legitimate interests as our legal basis. You also have an unconditional right to object to the processing of your data for direct marketing purposes at any time.

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions made solely by automated processing, including profiling, that produce legal or similarly significant effects on you. Where we use automated systems to assess campaign eligibility, you may request human review of any such decision by contacting us.

8.8 Right to Withdraw Consent

Where we process your personal information on the basis of your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal. You can withdraw consent for marketing communications by using the unsubscribe link in any email we send or by contacting support@sampliful.com.

8.9 Right to Lodge a Complaint

If you believe we have handled your personal information in a way that does not comply with applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence. In the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk. In the EU, you may contact the data protection authority in your member state.

We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us first at privacy@sampliful.com.

8.10 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to privacy@sampliful.com with the subject line: ‘Privacy Rights Request’. Include your full name, email address registered with your account, and a description of the right you wish to exercise. We may need to verify your identity before processing your request. We will respond within thirty (30) days of receiving a verified request, and within one (1) month for complex requests, with the possibility of a two-month extension where permitted by law.

We will not charge a fee for handling your request unless it is manifestly unfounded or excessive. In such cases, we may charge a reasonable administrative fee or refuse to act on the request, and we will notify you accordingly.

 

9. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section supplements the information in the rest of this Privacy Policy.

9.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, postal address, IP address, and account credentials.
  • Personal Records: Telephone number, postal address, and age.
  • Characteristics of Protected Classifications: Age range and gender (where provided).
  • Commercial Information: Records of samples requested and received.
  • Internet or Other Electronic Network Activity: Browsing history on our website and interactions with our platform.
  • Geolocation Data: General geographic location derived from IP address.
  • Inferences Drawn from Personal Information: Consumer preference profiles used for campaign targeting.

9.2 Your California Rights

As a California resident, you have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
  • Delete: Request deletion of personal information we have collected about you, subject to certain exceptions.
  • Correct: Request correction of inaccurate personal information we maintain about you.
  • Opt Out of Sale or Sharing: We do not sell your personal information. However, certain sharing of data for cross-context behavioural advertising may constitute ‘sharing’ under the CPRA. You may opt out of such sharing by contacting us.
  • Limit Use of Sensitive Personal Information: Where applicable, request that we limit the use and disclosure of sensitive personal information to uses reasonably necessary and proportionate to providing the Services.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a California privacy rights request, please email privacy@sampliful.com with the subject ‘California Privacy Rights Request’ or submit a request through our website. We will verify your identity before processing your request and respond within forty-five (45) days, extendable by a further forty-five (45) days with notice.

 

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function efficiently, improve the user experience, and provide information to website owners. Similar technologies include web beacons, pixel tags, local storage objects, and software development kit (SDK) identifiers used in our mobile apps.

10.2 Types of Cookies We Use

We use the following categories of cookies on our platform:

  • Strictly Necessary Cookies: Essential for the operation of our Services, including session management, authentication, and security. These cannot be disabled as the platform would not function without them.
  • Performance and Analytics Cookies: Help us understand how visitors use our website by collecting anonymous usage statistics, such as pages visited and time spent on site. We use tools such as Google Analytics for this purpose.
  • Functional Cookies: Enable enhanced features and personalisation, such as remembering your preferences, language settings, and previously viewed campaigns.
  • Targeting and Advertising Cookies: Used to build a profile of your interests and show you relevant content and campaigns. These may be set by us or by third-party advertising partners.
  • Social Media Cookies: Set by social media platforms when you use their sharing or login features on our website. Their use is governed by the respective platform’s own privacy policies.

10.3 Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept, reject, or manage your cookie preferences by category. You can update your preferences at any time by clicking the ‘Cookie Settings’ link in the footer of our website.

You may also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please be aware that disabling certain cookies may affect the functionality and performance of our Services. Guidance on managing cookies in popular browsers can be found at www.aboutcookies.org.

To opt out of Google Analytics across all websites, you may install the Google Analytics Opt-Out Browser Add-On, available at tools.google.com/dlpage/gaoptout.

 

11. Data Security

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: Personal data in transit is protected using Transport Layer Security (TLS) encryption. Data at rest is encrypted using industry-standard encryption protocols.
  • Access Controls: Access to personal data is restricted to authorised personnel on a strict need-to-know basis. All staff with access to personal data undergo regular data protection training.
  • Password Security: User passwords are stored in hashed form using strong one-way cryptographic algorithms. We never store plaintext passwords.
  • Infrastructure Security: Our hosting infrastructure is protected by firewalls, intrusion detection systems, and regular security patch management.
  • Vendor Security: We conduct due diligence assessments of all third-party service providers who process personal data on our behalf, requiring them to demonstrate appropriate security standards.
  • Incident Response: We maintain a documented data breach response procedure. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.

While we take all reasonable steps to protect your information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, and you use our Services at your own risk in this respect. We encourage you to use a strong, unique password for your account and to log out after each session.

If you believe your account has been compromised, or if you become aware of any unauthorised use of your credentials, please notify us immediately at security@sampliful.com.

 

12. Children’s Privacy

Our Services are not directed at or intended for use by children under the age of 16 (or such other minimum age as required by applicable law in your jurisdiction, which may be up to 18 in some regions). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at privacy@sampliful.com. We will take prompt steps to delete such information from our records upon verification.

Where required by applicable law, we will implement additional verification measures for users in regions where a higher minimum age for data processing applies.

 

13. Third-Party Websites and Services

Our Services may contain links to third-party websites, applications, and services that operate independently of Sampliful. This Privacy Policy does not apply to those third-party sites or services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party sites or services you visit. This includes social media platforms, Brand Partner websites, and any other external sites accessible through links on our platform. We have no control over, and assume no responsibility for, the content or privacy practices of third parties.

 

14. Marketing Communications

14.1 Types of Marketing We Send

With your consent, we may send you the following types of marketing communications:

  • Campaign Notifications: Information about new sampling campaigns that match your profile and preferences.
  • Product Announcements: Information about new products from Brand Partners you have previously sampled.
  • Platform Updates: News about new features, improvements, or changes to the Sampliful platform.
  • Surveys and Research Invitations: Invitations to participate in consumer research panels or extended surveys.

14.2 How to Opt Out

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the ‘Unsubscribe’ link at the bottom of any marketing email we send.
  • Replying ‘STOP’ to any marketing SMS message.
  • Updating your communication preferences in your account settings.
  • Contacting us at support@sampliful.com with the subject ‘Unsubscribe’.

Please note that even if you opt out of marketing communications, we may continue to send you transactional and service-related messages (such as order confirmations, delivery notifications, and account security alerts) that are necessary for the performance of our Services. These cannot be unsubscribed from while your account remains active.

 

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services we offer, legal requirements, or for other operational, legal, or regulatory reasons.

When we make material changes to this policy, we will:

  • Post the updated policy on this page with a new ‘Last Updated’ date.
  • Where required by law or where we consider it appropriate, notify you by email to the address associated with your account.
  • Where required, obtain fresh consent from you before processing your data under the revised terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. If you disagree with any changes to this Privacy Policy, you should stop using our Services and may request deletion of your account by contacting privacy@sampliful.com.

 

16. Contact Us and Complaints

We welcome any questions, comments, or requests you may have regarding this Privacy Policy or our data practices. Please contact us in any of the following ways:

 

Privacy Team — Sampliful

Email: privacy@sampliful.com

Website: www.sampliful.com/privacy

General Support: support@sampliful.com

 

If you are not satisfied with our response to your privacy concern, you have the right to complain to the relevant data protection supervisory authority in your country. In the United Kingdom, this is the Information Commissioner’s Office (ICO), which can be reached at www.ico.org.uk or by calling 0303 123 1113. In the European Union, please contact the data protection authority in your country of residence.

 

Your privacy matters to us. By using the Sampliful platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein.