📋 Introduction
CollectInn ("we," "us," or "our") operates collectinn.com.au and provides a trading card game marketplace, gamification platform, and member community services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.
By using our services, you agree to the collection and use of information in accordance with this policy.
📊 Information We Collect
Personal Information
- Account Information: Email address, username, full name (optional), password (encrypted)
- Profile Data: Display name, avatar, membership tier, TOKINN balance
- Payment Information: Processed securely through Stripe (we do not store credit card details)
- Seller Verification: Identity documents, business information, bank account details (via Stripe Connect)
Marketplace Data
- Product listings (titles, descriptions, photos, pricing)
- Transaction history (purchases, sales, shipping details)
- Seller ratings and buyer reviews
- Shipping addresses and tracking information
Behavioral Data
- Page views and navigation patterns
- Quest completion and gamification activity
- Email engagement (opens, clicks)
- Device information (browser type, OS, IP address)
- Cookies and local storage data
Third-Party Integrations
- Google OAuth: Email, name, profile picture
- Discord OAuth: Discord username, user ID, server membership
🎯 How We Use Your Information
Service Delivery
- Create and manage your account
- Process marketplace transactions and payments
- Facilitate peer-to-peer trading between buyers and sellers
- Deliver weekly giveaways and prize distributions
- Track quest completion and award TOKINN rewards
Communication
- Send transactional emails (order confirmations, shipping notifications)
- Deliver marketing campaigns (early-bird offers, product launches)
- Send automated email sequences (welcome series, onboarding flows)
- Provide customer support and respond to inquiries
Platform Improvement
- Analyze user behavior to improve features and user experience
- Conduct A/B testing for email campaigns and interface optimization
- Generate performance analytics and business intelligence
- Detect and prevent fraud, spam, and abuse
Legal Compliance
- Comply with Australian Spam Act 2003 requirements
- Maintain transaction records for tax and accounting purposes
- Respond to legal requests and enforce our Terms of Service
🔐 Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption: All data transmitted via HTTPS/TLS encryption
- Password Security: Passwords hashed using bcrypt with salt
- Database Security: Row-level security (RLS) policies via Supabase
- Payment Security: PCI DSS compliant processing via Stripe
- Access Controls: Role-based permissions and service role keys
- Regular Audits: Security reviews and vulnerability assessments
🤝 Third-Party Services
We use the following trusted third-party services to operate our platform:
Payment Processing
- Stripe: Payment processing, subscription management, seller payouts
- View Stripe's Privacy Policy: stripe.com/privacy
Infrastructure Providers
- Supabase: Database hosting and authentication services
- Railway: Backend API hosting and deployment
- Netlify: Frontend hosting and content delivery
Communication Services
- Google Workspace SMTP: Transactional and marketing emails
- Discord: Community features and OAuth authentication
Analytics & Tracking
- Behavioral Tracking SDK: User interaction analytics (first-party only)
- Email Analytics: Open rates, click tracking, engagement scoring
🍪 Cookies and Tracking
We use cookies and local storage to enhance your experience:
Essential Cookies
- Authentication tokens (session management)
- User preferences and settings
- Shopping cart and checkout data
Analytics Cookies
- Page view tracking and navigation patterns
- QR code campaign attribution (flyer A vs B)
- Email engagement tracking (opens, clicks)
Marketing Cookies
- Email subscriber tracking and segmentation
- Campaign performance measurement
- Behavioral triggers for automated emails
Cookie Control: You can disable cookies through your browser settings, but this may limit certain features of our platform.
📧 Email Marketing & Communications
Australian Spam Act 2003 Compliance
All marketing emails comply with Australian anti-spam legislation:
- Consent Required: We only send marketing emails to users who have opted in
- Clear Identification: All emails clearly identify CollectInn as the sender
- Unsubscribe Options: Every email includes an easy unsubscribe link
- 5-Day Processing: Unsubscribe requests processed within 5 business days
- Australian Address: All emails include our Sydney, NSW business address
Email Types
- Transactional: Order confirmations, shipping updates (cannot opt out)
- Automated Sequences: Welcome series, onboarding flows (can opt out)
- Marketing Campaigns: Promotions, product launches (can opt out)
- Newsletters: Platform updates, TCG market insights (can opt out)
👤 Your Privacy Rights
Access and Correction
- View and update your profile information
- Download your personal data (data portability)
- Correct inaccurate or incomplete information
Deletion Rights
- Request account deletion and data removal
- Remove specific information from your profile
- Note: Transaction records may be retained for legal/tax purposes
Marketing Preferences
- Unsubscribe from marketing emails (via link in any email)
- Manage email preferences in account settings
- Opt out of behavioral tracking (via browser settings)
Right to Object
- Object to processing of your personal data for marketing
- Request restriction of processing in certain circumstances
- Lodge complaints with Australian Privacy Commissioner
👶 Children's Privacy
CollectInn does not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
Users between 13-18 years old should have parental consent before creating an account or making purchases.
🌏 Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations:
- Active Accounts: Data retained while account is active
- Inactive Accounts: May be deleted after 2 years of inactivity
- Transaction Records: Retained for 7 years (Australian tax law)
- Marketing Data: Retained until unsubscribe or account deletion
- Legal Holds: Data retained longer if required by law or legal proceedings
🔄 Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or platform notification.
Continued use of CollectInn after changes constitutes acceptance of the updated policy.