Privacy Policy

GameBid Ltd ("GameBid", "we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use the GameBid platform. It applies to all users of gamebid.co.uk and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our ICO registration number is available at ico.org.uk. Our data controller contact email is privacy@gamebid.co.uk.

1. Data We Collect

Information you provide

• Account registration: email address, password (hashed), display name, username
• Date of birth: collected at registration to verify you are 18 or older, as required by our Terms of Service. Stored securely and not publicly displayed.
• Phone number (optional): used for delivery notifications and account security alerts. Never shared with other users or displayed publicly.
• Gender (optional): collected for anonymised platform statistics and product improvement. Never publicly displayed and not shared with third parties for marketing.
• Profile information: bio, avatar image, shipping address, seller location
• Listings: game titles, descriptions, photos, pricing, condition details
• Messages: content of inbox conversations between buyers and sellers
• Payment information: processed by Stripe; we store only the last 4 digits and card brand
• Identity verification: for sellers with Stripe Connect, Stripe collects KYC data
• Feedback and reviews: ratings and written feedback between users

Information we collect automatically

• IP address (used for security and fraud detection)
• Browser type, operating system, device type
• Pages visited, time on site, referring URLs
• Cookies and similar tracking technologies (see Cookie Policy below)
• Bid history, search queries, watchlist activity

2. How We Use Your Data

We process your personal data on the following legal bases:

• Contract performance: to create and manage your account, process transactions, facilitate buyer–seller communication
• Legitimate interests: fraud prevention, platform security, improving our services, sending transactional emails
• Legal obligation: tax records, dispute resolution, compliance with UK law
• Consent: marketing emails (you may opt out at any time)

3. Data Sharing

We do not sell your personal data. We share data with:

• Stripe: payment processing and seller identity verification
• Supabase: database and authentication infrastructure (EU/US data centres)
• Resend: transactional email delivery
• IGDB / Twitch: game metadata lookup (no personal data shared)
• Law enforcement: when legally required by UK courts or regulatory authorities

4. Data Retention

• Active account data: retained while your account is open
• Transaction records: retained for 7 years for tax and legal compliance
• Deleted account data: anonymised within 30 days of account deletion
• IP addresses and fraud logs: retained for 12 months
• Marketing consent records: retained for 3 years from last interaction

5. Your Rights Under UK GDPR

You have the right to:

• Access: request a copy of all personal data we hold about you (data export available in your profile settings)
• Rectification: correct inaccurate personal data
• Erasure: request deletion of your personal data (account deletion available in profile settings)
• Restriction: request we limit how we process your data
• Portability: receive your data in a machine-readable format (JSON export)
• Object: object to processing based on legitimate interests
• Withdraw consent: unsubscribe from marketing at any time

To exercise any right, contact us at privacy@gamebid.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

6. Cookie Policy

Essential cookies

• Authentication session cookie: keeps you signed in (Supabase, HttpOnly)
• CSRF protection tokens
• Cookie consent preference (localStorage)

Analytics cookies (with consent)

• Page view analytics to understand how the site is used
• A/B test assignment cookies

You can manage cookie preferences via the banner shown on your first visit. Essential cookies cannot be declined as they are required for the platform to function. Declining optional cookies will not affect your ability to use GameBid.

To delete cookies, clear your browser data or use your browser's cookie management settings. See aboutcookies.org for guidance.

7. Security

We use TLS encryption for all data in transit. Passwords are hashed using bcrypt. Payment data is handled exclusively by Stripe. We offer two-factor authentication (2FA) for additional account security, which we strongly recommend enabling in your profile security settings. Despite these measures, no system is completely secure — please use a strong, unique password.

8. International Transfers

Our infrastructure uses services hosted in the EEA and USA. Transfers to the USA are protected by Supabase's Standard Contractual Clauses and Stripe's binding corporate rules under the UK GDPR international transfer framework.

9. Age Verification & Children

GameBid is strictly for users aged 18 and over. We collect date of birth at registration to verify age compliance. Account creation is blocked for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us immediately at privacy@gamebid.co.uk and we will take immediate action including deletion of the account and all associated data.

10. Changes to This Policy

We may update this policy. Material changes will be notified by email to registered users and via a banner on the site. Continued use of GameBid after changes constitutes acceptance.