Privacy Policy

Introduction

This Privacy Policy explains how Resell Vault LLP ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our services, including our Discord server, website, and related tools.

1. Information We Collect

a. Account & Identity Information

• Discord ID and username (for tool access and subscription management)
• Email address (captured via Supabase Auth or manually)
• Billing address and transaction metadata (via Stripe)

b. Subscription & Tool Data

• Subscription plan, activation, renewal status
• Data entered into our inventory / sales tools (e.g., product names, quantities, dates)
• Anonymous analytics on feature usage

c. Data from Minors

• Our Service may be used by individuals under 18. We purposely limit collection to non-sensitive data (e.g., Discord ID, basic tool inputs).

We do not collect:

• Special-category data (health, biometric, etc.)
• Precise IP addresses (we may receive transient IPs in server logs but do not store them separately)

2. How We Use Your Information

• Provide secure log-in and role-based access (Supabase Auth + Discord).
• Manage subscriptions and payments (Stripe).
• Deliver and improve our inventory and sales tools.
• Monitor security, prevent abuse, and diagnose issues.
• Provide customer support and essential service notifications.

We never sell or rent your personal data to advertisers or third parties.

3. Legal Bases for Processing

• Contractual necessity - delivering the Service you subscribe to.
• Legitimate interest - ensuring security, preventing abuse, improving functionality.
• Consent - optional communications or analytics.
• Legal obligation - accounting and tax record-keeping.

4. Data Storage & Security

• Authentication & primary database (Supabase Auth + Postgres): Encrypted in transit (TLS) and at rest; role-based access; daily backups
• Secondary database (MongoDB Atlas): Encryption at rest, network peering, IP whitelisting
• Payments (Stripe): PCI DSS-compliant; we never store full card details
• Discord: OAuth tokens scoped to required permissions only

We restrict data access to authorised staff and run periodic security audits.

5. Data Subject Rights

You can, at any time, request to:

• Access the personal data we hold on you.
• Rectify inaccurate or incomplete data.
• Erase data ("right to be forgotten") where legally permissible.
• Download your inventory/sales data in a portable format.
• Object or restrict certain processing.
• Lodge a complaint with the ICO.

Submit requests via Discord #support or contact@resellvault.co.uk. We respond within 30 days.

6. Children's Data

• Collect only minimal, non-sensitive data required for functionality.
• Encourage parental oversight.
• Promptly honour deletion requests for minor data.

If you believe we have unintentionally collected inappropriate information from a minor, please contact us.

7. Cookies & Tracking

• Essential cookies - maintain sessions after login.
• Preference cookies - remember UI settings.
• Optional analytics cookies (first-party, anonymous).

You can disable non-essential cookies in your browser without losing core functionality, though tool UX may degrade.

8. Third-Party Services

We integrate securely with:

• Supabase – authentication, primary data storage, file storage, and real-time APIs.
• Stripe – secure payment processing and invoicing.
• Discord – OAuth sign-in, role management, and bot-delivered tools.
• MongoDB Atlas – supplemental storage for certain tool features.

Each third-party complies with its own privacy and security standards; data transfers outside the UK are protected by appropriate safeguards (e.g., Standard Contractual Clauses).

9. Data Retention

• Account and subscription data: retained while you maintain an active subscription plus up to six years for financial compliance.
• Inventory/sales data: retained until you delete it or close your account.
• Back-ups: encrypted and purged on a 30-day rolling basis.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify users of any significant changes by posting the new policy on our website, announcing it in our Discord server, or contacting users directly when appropriate.

We encourage users to review this Privacy Policy periodically. Continued use of our services after any modifications constitutes acceptance of the updated policy.