Privacy Policy

This Privacy Policy explains how Vintage Tracker ("we", "us", or "our") processes personal data when you visit https://vintagetracker.techor use the Vintage Tracker web application (the "Service"). We are the data controller for personal data described in this policy, unless stated otherwise.

By creating an account or using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Service.

1. Who we are

• Service name: Vintage Tracker
• Website: https://vintagetracker.tech
• Privacy contact: see the launch checklist at the top of this page — a contact email must be published before go-live.

2. Scope of this policy

This policy applies to:

• Visitors to our public website (landing page, blog, pricing, tools)
• Users who register for a Vintage Tracker account
• Subscribers who pay for Starter or Pro plans

It does not apply to third-party websites you may access through links in the Service (for example Vinted listing pages you import). Those sites have their own privacy policies.

3. Personal data we collect

3.1 Account registration and authentication

When you sign up or sign in, we collect:

• Email address — required to create and access your account, send transactional messages (such as email confirmation or password reset), and associate your subscription with your profile
• Password — stored in hashed form by our authentication provider; we do not store plain-text passwords
• Account identifiers — internal user ID, account creation date, and authentication session tokens

Authentication is provided through Supabase Auth. Session cookies or local storage entries may be set so you remain signed in.

3.2 User-generated inventory and order data

When you use Vintage Tracker as a reseller tool, you enter business data that may include personal data depending on what you choose to store. This may include:

• Product details — names, brands, sizes, conditions, photos, buy/sell prices, platforms, notes, and Vinted listing URLs
• Order and shipping data — buyer-related notes you add, tracking numbers, sale dates, and profit calculations linked to inventory items
• Feedback and feature requests — message content and optional contact details you submit through in-app forms
• Beta or waitlist information — name and email if you join optional programs

You are responsible for ensuring you have a lawful basis to store any personal data about third parties (for example buyers) in your inventory or orders. We process this data on your instructions to provide the Service.

3.3 Payment information

Paid subscriptions are processed by Stripe, Inc. We do not receive or store your full payment card number. Stripe may collect:

• Billing name and email
• Payment method details (handled directly by Stripe)
• Subscription status, invoice history, and customer ID

We store your Stripe customer ID and plan tier in our database to manage access to Starter and Pro features. See Stripe's Privacy Policy.

3.4 Analytics data

We use PostHog to understand how the Service is used and to improve product quality. Depending on your activity, PostHog may process:

• Page views and navigation paths within the app
• Device and browser information (user agent, screen size, language)
• Approximate location derived from IP address
• Product events — such as signup, login, inventory actions, checkout steps, and feature usage (see event names in our application code)
• Pseudonymous identifiers — a distinct ID per browser; after login we may associate events with your account user ID (identified profiles only for logged-in users)

PostHog is configured with person profiles for identified users only. Analytics on public marketing pages may use anonymous session data until you sign in.

3.5 Cookies and similar technologies

We and our providers use cookies, local storage, and similar technologies:

• Strictly necessary — authentication session cookies from Supabase so you can stay logged in and access your dashboard securely
• Analytics — PostHog cookies or local storage keys to distinguish sessions and measure usage (ph_* and related identifiers)
• Payment — Stripe may set cookies during checkout or when you manage billing in the Stripe Customer Portal

You can limit cookies through your browser settings. Blocking strictly necessary cookies may prevent you from signing in. Where required by law, we will obtain consent before non-essential analytics cookies are placed.

3.6 Technical and security logs

Our hosting and infrastructure providers may automatically log IP addresses, request timestamps, error reports, and similar technical data for security, abuse prevention, and reliability.

4. How we use personal data

We use personal data to:

• Provide, operate, and maintain the Service
• Authenticate users and secure accounts
• Store and display your inventory, orders, and analytics
• Process subscriptions and manage billing through Stripe
• Send service-related communications (account verification, password reset)
• Analyse usage to fix bugs, improve features, and measure conversion
• Respond to support requests, feedback, and legal obligations
• Enforce our terms and prevent fraud or abuse

Legal bases (GDPR/UK GDPR): performance of a contract (providing the Service you signed up for); legitimate interests (security, analytics, product improvement — balanced against your rights); consent where required (for example optional marketing or non-essential cookies); and legal obligation where applicable.

5. Third-party services

We rely on trusted processors to run Vintage Tracker. They process data only on our instructions and subject to appropriate safeguards:

• Supabase — authentication, database hosting, and file storage for product images. Supabase Privacy Policy
• Stripe — payment processing and subscription billing. Stripe Privacy Policy
• PostHog — product analytics (hosted in the United States). PostHog Privacy Policy
• Vercel (or equivalent hosting) — serves the web application and may process request metadata. Vercel Privacy Policy

We do not sell your personal data. We do not share it with advertisers for their independent marketing purposes.

6. International users and data transfers

Vintage Tracker is operated from and intended for users internationally, with a focus on European resellers. Your data may be processed in the European Economic Area, the United Kingdom, the United States, and other countries where our providers maintain infrastructure.

When personal data is transferred outside the EEA or UK to countries without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, UK International Data Transfer Agreement, or equivalent mechanisms offered by our providers (Supabase, Stripe, PostHog, Vercel).

If you access the Service from outside the EU/UK, local laws may also apply. By using the Service you understand your data may be processed in jurisdictions with different data protection rules than your own.

7. Data retention

We retain personal data only as long as necessary for the purposes above:

• Account and inventory data — for the life of your account plus a reasonable period after deletion to handle backups, disputes, or legal claims (typically up to 30 days in active systems, longer in encrypted backups per provider schedules)
• Billing records — as required by tax and accounting law (often 7 years in the EU)
• Analytics events — according to PostHog project retention settings (configurable; default periods apply unless we shorten them)
• Support and feedback — until resolved and for a limited period for quality and legal purposes

You may delete your account through Settings (where available) or by contacting us. Deletion requests are honoured subject to legal retention obligations.

8. Security measures

We implement technical and organisational measures designed to protect your data, including:

• HTTPS encryption for data in transit
• Hashed passwords and industry-standard authentication flows
• Row-level security and access controls in our database
• Least-privilege access for administrative operations
• Payment card data handled exclusively by PCI-compliant Stripe
• Monitoring for errors and suspicious activity

No method of transmission or storage is 100% secure. If you believe your account has been compromised, change your password and contact us immediately.

9. Your rights (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you may have the following rights regarding your personal data:

• Access — request a copy of personal data we hold about you
• Rectification — correct inaccurate data (many fields are editable in Settings and Inventory)
• Erasure — request deletion of your account and associated data, subject to legal exceptions
• Restriction — ask us to limit processing in certain circumstances
• Portability — receive data you provided in a structured, machine-readable format where technically feasible
• Objection — object to processing based on legitimate interests, including analytics where applicable
• Withdraw consent — where processing is based on consent (for example optional cookies)

To exercise these rights, use in-app controls where available or contact us using the details in Section 1. We respond within one month, extendable where permitted by law. You may lodge a complaint with your local supervisory authority (for example the Dutch Autoriteit Persoonsgegevens if you are in the Netherlands).

Users in other regions may have similar rights under local law (for example CCPA/CPRA in California). Contact us to submit a request.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-app notice where appropriate.

12. Contact us

For privacy questions, data subject requests, or complaints about this policy, contact:

• Service name: Vintage Tracker
• Website: https://vintagetracker.tech
• Privacy contact: see the launch checklist at the top of this page — a contact email must be published before go-live.

Related pages: Sign up, Login, Pricing.