1. Introduction
Godzilla Collector ("we," "us," or "our") respects your privacy. This Privacy Policy describes what data we collect, how we use it, and your rights regarding your information.
2. Data We Collect
Account data: Email address, name, nickname, password (stored in hashed form), avatar image, and optionally your registration IP address and browser user agent.
Collection and usage data: Collectibles (names, descriptions, purchase dates, prices, conditions, images), wishlist items, purchase history, tags, preferences, and settings you configure.
Usage and analytics data: Session tokens, recommendation interactions, deal views, and similar usage data we use to improve the Service. We may log IP addresses and request metadata for security and debugging.
3. How We Use Your Data
We use your data to: (a) provide and operate the Service; (b) authenticate you and manage your account; (c) perform market valuations, deal scanning, and recommendations; (d) send transactional emails (verification, password reset, account deletion, upgrade notifications); (e) improve the Service and fix issues; (f) comply with legal obligations.
4. Third-Party Services
We share data only as necessary to operate the Service:
- eBay: We use the eBay API to fetch listing and sold-item data for valuations and deal scanning. We do not share your personal data with eBay beyond what is required for API authentication.
- Market data providers: Financial Modeling Prep, Yahoo Finance, or similar providers supply market indicators. We do not share your personal data with them.
- OpenAI: We may send item descriptions and market context to OpenAI for deal analysis and the Kai chat assistant. Data is processed according to OpenAI's data usage policies.
- AWS: Our infrastructure runs on Amazon Web Services (Amplify, RDS, S3, CloudFront, Lambda). Your data is stored and processed on AWS servers.
- Email: We use Resend to send verification, password reset, and account-related emails.
5. Data Storage and Security
Your data is stored in a PostgreSQL database (AWS RDS) and, for images, in Amazon S3 delivered via CloudFront. We use industry-standard security measures including encryption in transit and at rest. Session tokens are stored in your browser's local storage and are transmitted over HTTPS.
6. Data Retention
We retain your data while your account is active. Upon account deletion, we delete your data in accordance with our deletion process (including a grace period during which you may cancel). Some anonymized or aggregated data may be retained for analytics or legal compliance.
7. Your Rights
You may: (a) access and export your data (collectibles, wishlist, price data) via the Data Management page; (b) correct or update your profile information in Settings; (c) request account deletion (with a grace period) from your profile; (d) opt out of non-essential emails. If you are in the EU or UK, you may have additional rights under GDPR (access, rectification, erasure, portability, objection, restriction). Contact us to exercise these rights.
8. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect data from children under 13.
9. International Transfers
Our servers are located in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to such transfer.
10. Changes
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice in the Service.
11. Contact
For privacy questions or to exercise your rights, contact us at support@godzilla-collector.com.