Privacy Policy

Last updated: March 2026

1. Data We Collect

We collect the following types of personal data:

  • Account information: email address, nickname, and password (hashed).
  • Profile information: city, country, and builder level data.
  • Transaction data: purchase history, swap records, payment details (processed by Stripe).
  • Approximate location: city-level location derived from your profile for local swap matching.
  • Usage data: pages visited, features used, and anonymized analytics (via Vercel Analytics).
  • Communications: messages exchanged between users on the platform.

2. How We Use Your Data

Your personal data is used for the following purposes:

  • Service operation: to provide, maintain, and improve the BrickSwap platform.
  • Fraud prevention: to detect and prevent fraudulent transactions and abuse.
  • Transactional emails: to send order confirmations, shipping updates, and dispute notifications.
  • Local matching: to match you with nearby users for local swaps and meetups.
  • Platform improvements: to analyze usage patterns and improve our services.

3. Third-Party Services

We use the following third-party services to operate BrickSwap:

  • Stripe โ€” payment processing. Stripe processes your payment information directly and is PCI DSS compliant. We do not store your full card details.
  • Supabase โ€” database and authentication. Your account data and platform content are stored securely in Supabase.
  • Resend โ€” transactional email delivery. Used to send account-related and transaction-related emails.
  • Sentry โ€” error monitoring. Captures technical errors to help us maintain platform stability. May include anonymized request data.
  • Vercel โ€” hosting and analytics. Vercel hosts the BrickSwap application and provides privacy-friendly, cookie-free analytics.

4. Your Rights Under GDPR

As a user located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: request a copy of all personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data ("right to be forgotten").
  • Right to data portability: request your data in a structured, machine-readable format.
  • Right to object: object to processing of your data for specific purposes.
  • Right to restrict processing: request limitation of how your data is processed.

To exercise any of these rights, please contact us at legal@brickswap.app. We will respond to your request within 30 days.

5. Cookies

BrickSwap uses only essential cookies required for the platform to function properly, such as session authentication cookies. We do not use tracking cookies or third-party advertising cookies.

Vercel Analytics is our analytics provider and it does not use cookies. It collects anonymized, aggregated data about page visits without tracking individual users across sessions.

6. Data Retention

  • Account data: retained for the duration of your account. Deleted within 30 days of account deletion request.
  • Transaction records: retained for 5 years after the transaction date, as required by tax and commercial law.
  • Messages: retained for 2 years after the last message in a conversation.
  • Analytics data: anonymized and aggregated; not linked to individual users.
  • Error logs: retained for 90 days in Sentry, then automatically deleted.

7. Contact

For questions, concerns, or to exercise your data rights, please contact our Data Protection team at legal@brickswap.app.