EpicRacketsEpicRackets

Privacy Policy

Last updated: 5/31/2026

1. Information We Collect

We collect information you provide directly and information collected automatically when you use our platform.

Information you provide:

  • Account information (name, email address, phone number, physical address)
  • Profile details (username, avatar photo)
  • Listing content (photos, descriptions, pricing, equipment specifications)
  • Messages and communications with other users
  • Payment and financial information (processed securely via Stripe)
  • Customer support inquiries and feedback
  • Search queries and filter preferences

Information collected automatically:

  • Product interaction data (pages viewed, features used, actions taken)
  • Device information (device type, operating system, app version)
  • Coarse location data (city-level, used for shipping estimates and local listings)
  • Crash reports and performance diagnostics
  • Identifiers (user ID linked to your account, anonymous device ID for analytics)
  • Purchase history and transaction records

2. How We Use Your Information

We use the information we collect to:

  • Process transactions, payments, and send transaction notifications
  • Provide customer support and respond to inquiries
  • Send important account and service updates
  • Improve our platform, develop new features, and personalise your experience
  • Analyse how users interact with our app to improve usability and performance
  • Monitor app stability, detect and fix crashes and performance issues
  • Personalise search results and listing recommendations based on your location and preferences
  • Prevent fraud, abuse, and unauthorised access
  • Comply with legal obligations

3. Third-Party Services & Data Sharing

We share information only with trusted service providers who help us operate the platform. We never sell your personal information to third parties.

  • Stripe
    Processes payments and seller payouts securely. Receives payment details and transaction data. Stripe is PCI-DSS compliant.
  • Supabase
    Provides our database, user authentication, and file storage. Stores account data, listings, messages, and uploaded photos.
  • PostHog
    Product analytics to understand how users interact with the app. Collects anonymised usage data, product interaction events, and user ID. Hosted in the EU (eu.i.posthog.com). Consent-based — analytics are only enabled after you opt in.
  • Sentry
    Error monitoring and crash reporting. Collects crash data, device information, and performance metrics. No personally identifiable information is intentionally sent to Sentry.
  • Firebase (Google)
    Provides crash reporting (Crashlytics) and push notifications. Crash data and performance data are collected with a device ID that is not linked to your identity. Push notification tokens are linked to your account so we can deliver notifications to your device.
  • Resend
    Sends transactional emails (order confirmations, shipping notifications, account updates). Receives your email address and name.

To facilitate transactions, limited information (such as shipping address and username) is shared between buyers and sellers.

We may also share information when required by law, to protect our rights, or in connection with a business transfer such as a merger or acquisition.

4. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest
  • PCI-DSS compliant payment processing via Stripe (we never store card details)
  • Row-level security policies on our database ensuring users can only access their own data
  • Regular security reviews and dependency auditing
  • Access controls, authentication, and session management

5. Your Rights (GDPR)

If you are located in the European Economic Area, you have certain rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request limitation of processing

To exercise any of these rights, contact us at privacy@epicrackets.com. We will respond within 30 days.

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Keep you logged in
  • Analyse how you use our platform (via PostHog, EU-hosted, consent-based)
  • Improve user experience

You can control cookies through your browser settings. Disabling cookies may affect some platform features. Analytics tracking via PostHog is opt-in and can be disabled in your account settings.

7. Mobile App Permissions

Our mobile app may request the following device permissions:

  • Camera and photo library — to upload listing photos and profile pictures
  • Location (optional) — to show nearby listings and estimate shipping costs. We only collect coarse (city-level) location data.
  • Push notifications — to alert you about messages, orders, and important updates. You can disable these in your device settings.
  • Storage — to save images locally before upload

8. Data Retention

We retain your information for as long as necessary to provide our services:

  • Account data — retained until you request deletion
  • Transaction records and purchase history — retained for 7 years to comply with tax and legal obligations
  • Chat messages — retained while your account is active, deleted when your account is deleted
  • Listing content and photos — retained while the listing exists, removed when you delete the listing
  • Analytics data — retained for up to 24 months, then anonymised or deleted
  • Crash reports and diagnostics — retained for 90 days
  • Customer support records — retained for 3 years

When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

9. International Data Transfers

EpicRackets is operated from Portugal. Your data may be processed by our service providers in the EU and the United States. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions. Our analytics provider (PostHog) is hosted in the EU.

10. Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected data from a user under 18, we will delete it promptly.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. Continued use of EpicRackets after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your data rights, please contact us at:
Email: privacy@epicrackets.com

Privacy Policy - EpicRackets | EpicRackets