Privacy Policy

Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Device Data

When you visit our website or interact with our services, we may automatically collect data about your device, such as:

• Device type
• Operating system
• Unique device identifiers
• Device settings
• Geo-location data

Personal Information

We may ask for personal information when you register an account, subscribe to our service, or contact us, which may include:

• Name
• Email address
• Country and city
• Payment information (processed securely by our payment provider)

User-Generated Content

We consider "user-generated content" to be materials (text, images) voluntarily supplied to us by our users for the purpose of using our service. This includes item descriptions, photos, and search criteria you provide for items you want us to find. All user-generated content is associated with your account.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:

• Register for an account
• Subscribe to our service
• Sign up to receive updates from us via email
• Use a mobile device or web browser to access our content
• Contact us via email, social media, or similar technologies

We may collect, hold, use, and disclose information for the following purposes:

• To provide you with our platform's core features and services
• To scan marketplaces for your registered items and send match notifications
• To contact and communicate with you
• To enable you to access and use our website and associated applications
• For internal record keeping and administrative purposes
• To comply with our legal obligations and resolve any disputes
• For security and fraud prevention

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. If you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system.

If your personal information is no longer required, we will delete it or make it anonymous by removing all details that identify you. However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation.

Children's Privacy

We do not aim any of our products or services directly at children under the age of 16 (or 13 in the United States) and we do not knowingly collect personal information about children.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

• Third-party service providers for the purpose of enabling them to provide their services, including IT service providers, data storage, hosting and server providers, analytics, payment systems operators
• Our employees, contractors, and/or related entities
• Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law
• Third parties to collect and process data
• An entity that buys, or to which we transfer all or substantially all of our assets and business

Third parties we currently use include:

• Supabase - Database and authentication infrastructure
• Stripe - Payment processing (PCI-DSS compliant)
• Acumbamail - Email delivery service
• Amazon Web Services - Image analysis for matching

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the services offered.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you.

Unsubscribe: To unsubscribe from our email database or opt-out of communications, please contact us or use the opt-out facilities provided in the communication.

Use of Cookies

We use "cookies" to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site.

Please refer to our Cookie Policy for more information.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.

Do Not Track

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. We honour Do Not Track signals where technically feasible.

US States Privacy Law Compliance

California (CCPA/CPRA)

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organisations for their marketing purposes.

You have the right to request the following from us:

• The categories of personal information we have collected about you
• The categories of sources from which the personal information was collected
• The business or commercial purpose for collecting the personal information
• The categories of third parties to whom the personal information was disclosed
• The specific pieces of personal information we have collected about you

We do not sell your personal information. To exercise any of these rights, please contact us using the details provided below.

Other US States

We also comply with privacy laws in Colorado, Connecticut, Delaware, Florida, Virginia, and Utah, which provide similar rights regarding access, deletion, and opt-out of certain processing activities.

GDPR Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organisations that process personal information for their own purposes (known as "data controllers") and organisations that process personal information on behalf of other organisations (known as "data processors"). We, PartsTrace, are a Data Controller with respect to the personal information you provide to us.

Legal Bases for Processing

Our lawful bases for processing your personal information include:

• Consent: Where you give us consent to collect and use your personal information
• Performance of a contract: Where you have entered into a contract with us
• Legitimate interests: For us to provide, operate, improve and communicate our services
• Compliance with law: Where we have a legal obligation to use or keep your information

International Transfers

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, such as standard contractual clauses approved by the European Commission.

Your Data Subject Rights

• Right to Restrict Processing: Request that we restrict the processing of your personal information
• Right to Object: Object to processing based on our legitimate interests
• Right to be Informed: Know how your data is collected, processed, shared and stored
• Right of Access: Request a copy of the personal information we hold about you
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Portability: Receive your personal data in a machine-readable format
• Right to Rectification: Correct inaccurate or incomplete personal information

UK GDPR Compliance

Following an adequacy decision by the EU Commission, the UK has been granted an essentially equivalent level of protection to that guaranteed under GDPR. We comply with the UK GDPR and Data Protection Act 2018.

If we transfer your personal information to third parties outside the UK or EEA, we will do so in accordance with the requirements of UK GDPR (Article 45) and Data Protection Act 2018, adopting appropriate safeguards such as standard contractual clauses.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk

Canadian PIPEDA Compliance

In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), we broaden our definition of personal information to include any information about an individual that can be used to identify them.

Your Rights Under PIPEDA

• Access the personal information we hold about you
• Correct any inaccurate or outdated personal information
• Withdraw consent for activities you have consented to

We will respond to access requests within 30 days. If we cannot meet this timeframe, we will notify you of the delay.

If you have concerns, you may contact the Office of the Privacy Commissioner of Canada: www.priv.gc.ca

Australian Privacy Act Compliance

Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act.

You have the right to lodge a complaint with the Office of the Australian Information Commissioner: www.oaic.gov.au

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here.

If the changes are significant, or if required by applicable law, we will contact you and all our registered users with the new details and links to the updated policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us.

Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority in your jurisdiction:

• UK: Information Commissioner's Office - ico.org.uk
• EU: Your local Data Protection Authority
• US (California): California Attorney General - oag.ca.gov/privacy
• Canada: Office of the Privacy Commissioner - priv.gc.ca
• Australia: Office of the Australian Information Commissioner - oaic.gov.au