Collectopedia

Privacy Policy for Collectopedia

Last Updated: April 2025

Introduction

Welcome to Collectopedia ("we,", "us,", "our"). We provide a platform designed to help collectors manage their collections of items such as action figures, vintage items, and more, offering a financial overview and price estimations (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your personal data and respecting your privacy rights. By using Collectopedia, you agree to the collection and use of information in accordance with this policy. Please read this Privacy Policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

We collect information that you provide directly to us, information collected automatically through your use of the Service, and information from third-party sources. This information is essential for providing and improving the Service, ensuring security, and fulfilling our legal obligations.

Information You Provide Directly:

  • Account Information: When you register for an account using our authentication provider, Clerk, we collect information necessary to create and manage your account, which may include your name, email address, and password (which is managed and stored securely by Clerk).
  • Collection Data: You provide details about the items in your collection, such as item names, descriptions, purchase dates, purchase prices, conditions, quantities, and images you choose to upload. This data is central to the functionality of the Service, allowing you to track and manage your collection.
  • Payment Information: If you subscribe to premium features or make purchases through the Service, our payment processor, Stripe, will collect payment information necessary to process the transaction, such as your credit card details and billing address. We do not directly store your full payment card information on our servers; this is handled securely by Stripe.
  • Communications: If you contact us directly (e.g., for customer support), we may collect information such as your name, email address, and the contents of your message.

Information Collected Automatically:

  • Usage Data: We may collect information about how you access and use the Service, such as your IP address, browser type, operating system, device information, pages viewed, features used, and the dates and times of your visits. This helps us understand how users interact with Collectopedia and improve the platform.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies (like web beacons and pixels) to track activity on our Service and hold certain information. Cookies are small data files stored on your device. We use them to enhance your user experience, remember your preferences, secure your account, and potentially gather analytics data. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent, though some parts of our Service may not function properly without them.

Information from Third Parties:

  • Authentication Services: As mentioned, we use Clerk for user authentication. When you sign up or log in via Clerk, they provide us with the necessary information (like your user ID and email) to authenticate you and manage your session.
  • Pricing Data: To provide price estimations for items in your collection, we may interact with third-party APIs, such as the eBay API. This typically involves sending anonymized or aggregated data about the item (e.g., name, category, condition) to retrieve market price information. We strive to minimize any personal data shared in this process.

How We Use Your Information

We use the information we collect for various purposes aimed at providing, maintaining, and improving the Collectopedia service, ensuring a secure environment, and complying with legal obligations.

  • To Provide and Maintain the Service: We use your account and collection data to operate the core features of Collectopedia, allowing you to log in, add, view, edit, and manage your collection details, and access features like financial dashboards and price estimations.
  • To Process Transactions: Payment information collected via Stripe is used solely for processing payments for subscriptions or other services you purchase.
  • To Personalize Your Experience: We may use your information to personalize aspects of the Service, such as remembering your preferences or tailoring content.
  • To Communicate With You: We use your contact information (primarily email) to communicate with you about your account, service updates, security alerts, support requests, and promotional information (where permitted and with your consent, if required).
  • For Security and Fraud Prevention: We use collected data, including usage data and IP addresses, to monitor for suspicious activity, prevent fraud, enforce our terms of service, and protect the security and integrity of Collectopedia and our users.
  • For Analytics and Improvement: We analyze usage data to understand how our Service is used, identify trends, diagnose technical issues, and make improvements to functionality and user experience.
  • To Comply with Legal Obligations: We may need to use and retain certain information to comply with applicable laws, regulations, legal processes, or governmental requests.

Data Sharing and Disclosure

We value your privacy and limit the sharing of your personal data. We do not sell your personal information. However, we may share your information in the following circumstances:

  • With Service Providers: We share information with third-party vendors and service providers who perform services on our behalf. These include:
    • Clerk: For handling user authentication and account management.
    • Supabase: For hosting our application backend, database, and potentially storing user-uploaded files like images.
    • Stripe: For securely processing payments.
    • eBay API (or similar): For retrieving price estimation data. As noted, we aim to minimize personal data shared for this purpose.
    • Other providers for services like analytics, email delivery, or customer support.
    These providers are contractually obligated to protect your data and use it only for the purposes for which we disclose it to them.
  • For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). This includes meeting national security or law enforcement requirements, enforcing our terms and policies, protecting our rights, privacy, safety, or property, and responding to legal processes.
  • Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.
  • With Your Consent: We may share your information for other purposes if we have obtained your explicit consent to do so.

Data Security

We implement robust technical and organizational measures designed to protect the security of your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption: We use encryption (such as TLS/SSL) to protect data transmitted to and from our Service. Data stored in our database (managed by Supabase) is also subject to encryption at rest.
  • Access Controls: Access to personal data is restricted to authorized personnel who need access to perform their job functions.
  • Secure Third Parties: We rely on reputable third-party providers like Clerk, Supabase, and Stripe, who maintain high standards of security for authentication, data storage, and payment processing.
  • Regular Reviews: We regularly review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.

Despite these measures, please be aware that no security system is impenetrable. We cannot guarantee the absolute security of your information, especially information transmitted over the internet. We encourage you to use strong passwords, enable multi-factor authentication where available (via Clerk), and take precautions to protect your personal information.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, primarily for as long as your account is active. This includes providing you with the Service, complying with our legal obligations, resolving disputes, and enforcing our agreements. When your account is deleted, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required for legal or regulatory purposes (e.g., financial records related to payments processed by Stripe, audit logs for security). Anonymized data, which cannot identify you, may be retained indefinitely for analytics and service improvement.

Your Data Protection Rights (GDPR, CCPA, etc.)

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws like the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA), Canadas Personal Information Protection and Electronic Documents Act (PIPEDA), and others. These rights may include:

  • Right to Access: You have the right to request copies of the personal information we hold about you.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete. Much of your account and collection data can be updated directly through your account settings.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal information, under certain conditions. This can often be initiated by deleting your account.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal information, under certain conditions, particularly for direct marketing purposes.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Withdraw Consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

Exercising Your Rights:

You can exercise many of these rights directly through your account settings within the Collectopedia Service. For requests that cannot be fulfilled through your account settings, or if you have questions about your rights, please contact us using the contact details provided below. We will respond to your request in accordance with applicable laws and within the required timeframe (e.g., within one month under GDPR). We may need to verify your identity before processing your request. Please note that exercising certain rights, such as the right to erasure, may result in the inability to continue using the Collectopedia Service.

California Residents (CCPA):

California residents have specific rights under the CCPA, including the right to know about personal information collected, disclosed, or sold (though we reiterate, we do not sell personal information), the right to request deletion, and the right not to be discriminated against for exercising these rights.

International Data Transfers

Collectopedia operates globally, and your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers or the servers of our third-party service providers (like Supabase, Clerk, Stripe) may be located. These countries may have data protection laws that are different from those in your country.

We take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it. When we transfer personal information across borders, we rely on appropriate transfer mechanisms as required by applicable law, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions, or we ensure the transfer is to a provider certified under relevant frameworks (where applicable). By using our Service, you consent to the transfer of your information to countries outside your country of residence, understanding the potential risks involved.

Childrens Privacy

Collectopedia is not intended for use by individuals under the age of 16 (or the relevant age of majority for data processing consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If we become aware that we have inadvertently collected personal information from a child under the relevant age without verification of parental consent, we will take steps to delete that information as soon as possible. If you believe that we might have any information from or about a child under the relevant age, please contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by means of a prominent notice on our Service prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. The "Last Updated" date at the top of this policy indicates when it was last revised.

Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us at:

Collectopedia

hello@collectopedia.fun