Privacy Policy

1. Information We Collect

Account Information: When you register, we collect your email address, display name, and optional profile photo. If you sign in with Apple or Google, we receive your name and email from those providers.

Collection Data: Items you add to your collection, wishlist, storage bins, and showcase content you create.

Photos: Images you upload for identification, collection photos, and community contributions. Photos are stored on Cloudflare Images. EXIF metadata (including GPS location) is stripped on delivery.

Usage Data: We collect basic analytics such as pages viewed, features used, and device type to improve the service.

Payment Information: Subscription payments are processed by Stripe. We do not store your full credit card number. Stripe's privacy policy applies to payment data.

2. How We Use Your Information

• Provide and maintain the VillageDex service
• Process your subscription and transactions
• Send service-related notifications (account, billing, security)
• Moderate user-generated content for safety
• Improve the platform based on usage patterns
• Respond to support requests

We do not sell your personal data to third parties.

3. Data Sharing

We share data only with service providers necessary to operate VillageDex:

• Cloudflare: Image hosting and delivery, CDN, security
• Stripe: Payment processing
• Google Cloud Vision: Image moderation (SafeSearch) and identification
• Supabase: Database hosting
• Resend: Transactional email

We may disclose information if required by law or to protect the safety of our users.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records).

Anonymized, aggregated data (such as total item counts) may be retained indefinitely.

5. Your Rights

You have the right to:

• Access: Request a copy of all data we hold about you
• Correction: Update inaccurate information via your profile settings
• Deletion: Request permanent deletion of your account and associated data
• Export: Download your collection data in a portable format
• Objection: Opt out of non-essential data processing

To exercise these rights, visit your Profile Settings or contact us at privacy@villagedex.com.

6. Cookies & Analytics

We use essential cookies for authentication and session management. We use Google Analytics (GA4) to understand how users interact with the platform. GA4 may set cookies to distinguish unique users and sessions. We do not use advertising pixels or sell analytics data.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7. Children's Privacy

VillageDex is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Security

We implement industry-standard security measures including encrypted connections (TLS), secure authentication tokens, and access controls. However, no method of transmission over the Internet is 100% secure.

9. Legal Basis for Processing (EU Users)

We process your personal data under the following legal bases:

• Contractual necessity (Article 6(1)(b)): Processing required to provide the VillageDex service, including account management, collection storage, and subscription billing.
• Legitimate interests (Article 6(1)(f)): Analytics to improve platform performance, fraud detection and security monitoring, and aggregated/anonymized pricing research.
• Consent (Article 6(1)(a)): Marketing emails and push notifications, which you may withdraw at any time in your account settings.
• Legal obligation (Article 6(1)(c)): Retaining transaction records as required by applicable tax and financial regulations.

10. Photo Metadata (EXIF)

All photos uploaded to VillageDex are automatically processed to remove embedded metadata before storage. This includes GPS location coordinates, camera serial numbers, and timestamps. We never store or transmit the GPS location data from your photos.

11. Affiliate Disclosure

VillageDex participates in affiliate programs including the eBay Partner Network and Amazon Associates. When you click certain links to retailers, we may earn a commission at no additional cost to you. Affiliate relationships do not affect our valuations or recommendations.

12. Video Uploads

When you upload videos, they are stored via Cloudflare Stream and screened automatically for inappropriate content using Google Cloud Vision before becoming publicly visible. You retain ownership of your videos and may delete them at any time.

13. Community Pricing

When you add items to your collection and provide a purchase price, that price may be used to improve our market valuation data. While your user ID is stored alongside community sale reports for moderation and account management purposes, it is never publicly displayed. Only the price, condition, source, and approximate date are shown to other users. If you delete your account, all community sale reports you submitted are permanently removed.

14. Communications

By creating an account you agree to receive transactional emails (receipts, security alerts, account confirmations). With your opt-in consent, we may send marketing emails and push notifications. If you provide a phone number and consent, we may send SMS alerts. You can manage all communication preferences in your account settings.

15. Limit Use of My Sensitive Personal Information (CPRA)

Under the California Privacy Rights Act (CPRA), you have the right to limit the use and disclosure of your sensitive personal information. VillageDex does not collect sensitive personal information as defined by the CPRA beyond what is necessary to provide our services. To exercise your rights under the CPRA, contact us at privacy@villagedex.com.

16. International Data Transfers

VillageDex is based in the United States. Your data may be transferred to and processed in the United States and other countries where our service providers (Cloudflare, Stripe, Supabase, Google) operate. These transfers are necessary to provide our services and are governed by Standard Contractual Clauses or equivalent safeguards where required by law.

17. Do Not Track Signals

Some browsers send a "Do Not Track" (DNT) signal. There is no industry consensus on how to respond to DNT signals. VillageDex does not currently respond to DNT signals. We do not engage in cross-site behavioral advertising, and our analytics (Google Analytics GA4) can be opted out of as described in Section 6.

18. Third-Party Links

VillageDex may contain links to third-party websites including eBay, Amazon, Mercari, and manufacturer sites (Lemax, Department 56). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information. Affiliate links (eBay Partner Network, Amazon Associates) may use cookies to track referrals but do not transmit your VillageDex account data.

19. Push Notifications

With your consent, we may send push notifications to your device via Firebase Cloud Messaging (web) or Apple/Google push services (mobile). Push tokens are stored securely and associated with your account. You can disable push notifications at any time in your device settings or within the VillageDex app preferences.

20. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of VillageDex after changes constitutes acceptance of the updated policy.

21. Contact

For privacy-related inquiries, contact us at privacy@villagedex.com.