Privacy Policy

Effective Date: March 1st, 2025

1. Introduction

Welcome to DiscTrade ("we," "our," "us," the "Platform"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and associated services, including the marketplace for buying and selling vinyl records and features like ReleaseFinder.

By downloading, accessing, or using the App, you agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not access or use the App.

2. Information We Collect

We collect information that you provide directly to us, information collected automatically when you use the App, and information from third parties. This includes:

• Account Information: When you register, we collect information such as your email address and password (hashed). You may optionally provide a username or profile name.
• Profile Information: Information you add to your profile, such as profile pictures (optional), seller/buyer ratings you receive or give, and, if you are a Seller, your "Ships From" address, Shipping Policies, and Seller Terms. If you are a Buyer, you provide your primary shipping address.
• Listing Information (Sellers): Details about items you list for sale, including descriptions, photos, condition, price, format (LP/Single), and any information generated via AI assistance features (like PhotoGrade).
• Transaction Information: Details related to purchases and sales made through the Platform, including items purchased/sold, prices, shipping costs, tax information (if applicable), order status, buyer and seller identifiers, and communications within the Order Chat feature related to specific orders.
• Shipping Information: Shipping addresses provided by Buyers for order fulfillment, and tracking information provided by Sellers.
• Payment Information: We use Stripe, a third-party payment processor, to handle marketplace payments and payouts. We do not directly collect or store your full credit card numbers or bank account details. When you make a purchase, payment information is provided directly to Stripe. For Sellers, Stripe Connect onboarding requires you to provide information directly to Stripe to verify your identity and link your bank account for payouts. We may receive transaction confirmations, partial payment method details (like the last four digits of a card), and information necessary to facilitate payouts and manage transactions from Stripe.
• ReleaseFinder & AI Feature Data: If you use features like ReleaseFinder or PhotoGrade AI, we collect the images you upload. We require camera permission to capture these images directly within the App. We also collect data related to your usage of these features, such as scan counts associated with your account/device for managing "Pro Member" subscription limits.
• Subscription Information: If you purchase a "Pro Member" subscription via Apple In-App Purchase, Apple manages the transaction. We receive confirmation of your subscription status from Apple to unlock premium features but do not receive your Apple account payment details.
• Communications: Messages exchanged between Buyers and Sellers via the Order Chat feature, and communications you send directly to DiscTrade Support (e.g., emails).
• Device and Usage Information: Information about your mobile device (e.g., device model, OS version), IP address, general location data (derived from IP address), App usage patterns (features accessed, time spent), crash reports, and performance data. We use services like Firebase Analytics for this. We also collect Firebase Cloud Messaging (FCM) tokens to send you push notifications if you opt-in.
• App Check Data: To protect our backend resources, we may use Firebase App Check, which verifies that requests are coming from legitimate instances of your app on genuine devices. This involves collecting attestation data from your device.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• To Provide and Operate the Platform: Create and manage your account, facilitate the listing and discovery of items, process transactions (via Stripe), enable communication between Buyers and Sellers, display profiles and ratings.
• To Facilitate Transactions: Share necessary information between Buyers and Sellers to complete a sale (e.g., shipping address, order details).
• For Payment Processing: Integrate with Stripe to process payments from Buyers and payouts to Sellers.
• To Provide AI Features: Process images you upload for ReleaseFinder identification or PhotoGrade AI analysis using integrated third-party AI services (like Google Vision, OpenAI).
• To Manage Subscriptions: Verify and manage "Pro Member" status based on information from Apple's In-App Purchase system.
• To Communicate with You: Send order confirmations, shipping updates, chat notifications, responses to support inquiries, service announcements, and promotional messages (if you opt-in).
• To Improve and Personalize the App: Analyze usage trends, monitor performance, diagnose technical issues, develop new features, and personalize your experience (e.g., showing relevant listings).
• For Security and Fraud Prevention: Monitor for suspicious activity, verify identities (primarily via Stripe Connect for Sellers), enforce our Terms of Service, protect our platform using tools like App Check.
• For Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

We may share your information in the following circumstances:

• Between Users: Information necessary to facilitate a transaction is shared between the Buyer and Seller involved. This includes usernames, order details, ratings/feedback, messages exchanged in Order Chat, and the Buyer's shipping address (shared with the Seller upon purchase for fulfillment). Seller Policies and "Ships From" location are visible to potential Buyers.
• With Service Providers: We share information with third-party vendors and service providers who perform services on our behalf. These include:
  • Firebase (Google Cloud): For backend hosting, database (Firestore), authentication (Firebase Auth), cloud functions, push notifications (FCM), analytics, crash reporting, and cloud storage.
  • Stripe: For processing payments for purchases and handling payouts to Sellers via Stripe Connect.
  • AI Service Providers (e.g., Google Vision, OpenAI): For processing images submitted through features like ReleaseFinder and PhotoGrade AI.
  These providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Their use of data is governed by their respective privacy policies.
• For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred.
• With Your Consent: We may share your information for other purposes with your explicit consent.

5. Data Storage and Security

We use Firebase (Firestore, Cloud Storage) to store your data, hosted within Google Cloud's infrastructure. We implement reasonable security measures designed to protect your information from unauthorized access, use, or disclosure. These include data encryption (in transit and at rest where feasible), access controls, use of Firebase Security Rules, and password hashing. We utilize Firebase App Check to help ensure requests to our backend are legitimate. However, no electronic transmission or storage method is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. This includes retaining information while your account is active, to provide you with services, to comply with our legal obligations (e.g., transaction records for tax or dispute purposes), resolve disputes, and enforce our agreements. You can request deletion of your account and associated data as described in Section 7.

7. Your Choices and Rights

You have certain choices and rights regarding your information:

• Account Information: You can review and update your account and profile information through the App settings (e.g., EditProfileView, SellerSettingsView, BuyerSettingsView).
• Push Notifications: You can opt-out of receiving push notifications by changing the settings on your mobile device or within the App (if applicable).
• Camera Access: You can disable camera access for the App via your device settings, but this will prevent you from using features like ReleaseFinder or adding new listing photos.
• Data Access, Correction, and Deletion: You may have the right to request access to, correction of, or deletion of your personal information we hold. Please contact us using the details below to make such requests. We will respond within a reasonable timeframe. Please note that we may need to retain certain information for record-keeping purposes, to complete transactions, or as required by law. For example, transaction history may be retained for dispute resolution or financial auditing.

8. Third-Party Services

Our App integrates with third-party services like Firebase, Stripe, Google Vision, and OpenAI. Your use of these services through our App may be subject to their respective privacy policies. We encourage you to review the privacy policies of these third parties:

• Stripe: https://stripe.com/privacy
• Google (Firebase, Google Vision): https://policies.google.com/privacy
• OpenAI: https://openai.com/policies/privacy-policy

9. Children's Privacy

Our App and services are not directed to individuals under the age of 13 (or a higher age threshold depending on jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers and third-party service providers (like Firebase, Stripe, OpenAI) may be located. Data protection laws in these countries may differ from those in your jurisdiction. We rely on mechanisms like Standard Contractual Clauses or the providers' certifications under frameworks like the EU-U.S. Data Privacy Framework (where applicable) to ensure adequate protection for transferred data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy within the App, updating the "Effective Date" at the top, and/or through other communication channels (like an in-app notification). Your continued use of the App after such modifications constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

DiscTrade Support
Email: disctradeteam@gmail.com

13. Legal Disclaimer

This Privacy Policy is intended to provide transparency regarding our data practices. It is not intended as legal advice. We recommend consulting with a qualified legal professional for advice specific to your situation and jurisdiction, particularly regarding compliance requirements like GDPR or CCPA if applicable.