GadgetSwap
Back to Home

Privacy Policy

Last updated: January 11, 2025

1. Introduction

GadgetSwap ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketplace platform.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Username and profile information (bio, location)
  • Profile photo (optional)
  • Authentication data from Google Sign-In or Apple Sign-In (if used)
  • Notification preferences
  • Anonymous device tokens for push notifications (iOS app)

Listing Information

When you create a listing, we collect:

  • Device details (model, storage, condition, iOS/macOS version)
  • IMEI number (hashed for security, last 4 digits stored for display)
  • Photos of your device (stored on Cloudinary)
  • Verification photo with handwritten code
  • Pricing and return policy preferences

Transaction & Payment Information

For purchases and sales, we collect:

  • Shipping addresses and phone numbers
  • Payment information (processed securely by Stripe - we never store card details)
  • Stripe Connect account information for sellers receiving payouts
  • Purchase and sale history
  • Shipping tracking numbers

Communication & Activity

We also collect:

  • Messages between buyers and sellers
  • Reviews and ratings
  • Device alerts and watchlist items
  • Listing view counts

Security & Fraud Prevention Data

To protect our users and prevent fraud, we collect:

  • IP address hashes (cryptographically hashed for privacy - we do not store raw IP addresses)
  • Login timestamps and activity logs
  • Device/browser information for session management

IP addresses are immediately converted to irreversible SHA-256 hashes before storage. This allows us to detect and prevent abuse while protecting your privacy - we cannot recover the original IP address from the stored hash.

3. How We Use Your Information

We use your information to:

  • Provide and maintain our marketplace services
  • Process transactions and send related notifications
  • Verify your identity and prevent fraud
  • Send service updates and marketing communications (with your consent)
  • Improve our platform and develop new features
  • Respond to your inquiries and provide customer support
  • Enforce our Terms of Service and protect users

4. Information Sharing

We may share your information with:

Other Users

When you buy or sell, relevant information is shared with the other party (e.g., shipping address with sellers, seller profile info with buyers).

Service Providers

We use the following third-party services:

  • Stripe - Payment processing and seller payouts (PCI-DSS compliant)
  • Cloudinary - Image hosting and storage for listing photos
  • Google OAuth - Optional sign-in with Google
  • Apple Sign-In - Optional sign-in with Apple
  • Apple Push Notification service (APNs) - Push notifications for the iOS app
  • Shipping carriers (UPS, FedEx, USPS) - Package tracking via their APIs
  • Vercel - Website hosting and analytics
  • PostgreSQL database - Data storage (hosted securely)

IMEI Verification

For iPhone and iPad listings, we verify IMEI numbers using third-party services to confirm device legitimacy. We store only a hash of the full IMEI and the last 4 digits for display.

Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

5. Data Security

We implement industry-standard security measures to protect your data:

  • SSL/TLS encryption for all data transmission
  • Secure payment processing through Stripe (PCI-DSS compliant)
  • Cryptographic hashing for sensitive identifiers (IP addresses, IMEI numbers)
  • Regular security audits and monitoring
  • Access controls and authentication requirements
  • Activity logging for abuse detection (retained for 90 days)

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

You have the right to:

  • Access and download your personal data
  • Update or correct your information
  • Delete your account and associated data
  • Opt out of marketing communications
  • Disable cookies through your browser settings

To exercise these rights, visit your Account Settings or contact us at privacy@gadgetswap.com

7. Mobile App

When you use our iOS app, we collect additional information:

  • Device tokens - Anonymous identifiers assigned by Apple for sending push notifications (these do not personally identify you)
  • App usage data - Listing views, app interactions, and feature usage
  • In-App Purchase data - Subscription status and transaction IDs (processed by Apple)

Push notification tokens are stored on our servers and used solely for delivering notifications you have opted into. You can disable push notifications in your device settings at any time.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you signed in (session cookies via NextAuth)
  • Remember your preferences (theme, dismissed banners)
  • Track listing view counts

We use Vercel Analytics to understand how visitors use our site. This collects anonymous, aggregated data about page views and does not track individual users or use cookies. You can control cookies through your browser settings, though signing in requires session cookies.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account deletion, we may retain certain information as required by law or for legitimate business purposes (e.g., transaction records for tax purposes).

Specific retention periods:

  • Activity logs (login history, actions): 90 days
  • Transaction records: 7 years (tax/legal requirements)
  • Messages between users: Duration of account plus 30 days
  • IP address hashes: Duration of account (used for abuse prevention)

10. Children's Privacy

GadgetSwap is not intended for users under 18 years of age. We do not knowingly collect information from children under 18. If you believe a child has provided us with personal information, please contact us immediately.

11. International Users

GadgetSwap is based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the US, where data protection laws may differ from your country.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use after changes indicates acceptance of the updated policy.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

View Terms of Service