Back to Home

Privacy Policy

Last Updated: January 5, 2026

Your Privacy Matters

At PostNickNacks, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our application and services.

1. Information We Collect

Personal Information You Provide

When you create an account or use our Service, we collect:

  • Account Information: Name, email address, phone number, username
  • Authentication Data: Password (encrypted), security questions, two-factor authentication details
  • Profile Information: Profile photo, bio, location, preferences
  • Verification Documents: Government-issued ID, proof of address (for seller verification)
  • Payment Information: Credit card details, billing address, transaction history
  • Communication Data: Messages, reviews, feedback, customer support inquiries

Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages viewed, features used, time spent, click patterns
  • Location Data: Approximate location based on IP address (precise location if you grant permission)
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies
  • Log Data: Access times, error logs, security events

Information from Third Parties

  • Social media profiles (if you choose to connect your accounts)
  • Payment processors and financial institutions
  • Identity verification services
  • Analytics and advertising partners

2. How We Use Your Information

We use your personal information for the following purposes:

Service Provision

  • Create and manage your account
  • Authenticate your identity during login
  • Process transactions and payments
  • Enable communication between buyers and sellers
  • Display your listings and facilitate sales

Security and Fraud Prevention

  • Verify user identity and prevent unauthorized access
  • Detect and prevent fraudulent transactions
  • Monitor for suspicious activity and security threats
  • Enforce our Terms of Service and policies
  • Respond to legal requests and prevent illegal activities

Improvement and Personalization

  • Analyze usage patterns to improve our Service
  • Personalize your experience and recommendations
  • Develop new features and functionality
  • Conduct research and analytics

Communication

  • Send transactional emails (receipts, confirmations, notifications)
  • Provide customer support
  • Send marketing communications (with your consent)
  • Notify you of policy changes or important updates

3. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

  • Contractual Necessity: Processing is necessary to perform our contract with you (account creation, transaction processing)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (fraud prevention, service improvement, security)
  • Legal Obligation: Processing is required to comply with legal obligations (tax reporting, law enforcement requests)
  • Consent: You have given explicit consent for marketing communications and optional data collection

4. Data Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Active Account Data: Retained while your account is active
  • Transaction Records: 7 years (to comply with tax and financial regulations)
  • Communication Logs: 3 years (for customer support and dispute resolution)
  • Marketing Data: Until you withdraw consent or 2 years of inactivity
  • Security Logs: 1 year (for security monitoring and incident response)

After deletion, some information may be retained in backup systems for up to 90 days and in anonymized form for analytics purposes.

5. Security Measures

We implement industry-standard security measures to protect your personal information:

Technical Safeguards

  • Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
  • Password Security: Passwords are hashed using bcrypt with salt
  • Two-Factor Authentication: Optional 2FA for enhanced account security
  • Access Controls: Role-based access and principle of least privilege
  • Regular Security Audits: Penetration testing and vulnerability assessments

Organizational Safeguards

  • Employee training on data protection and privacy
  • Confidentiality agreements with staff and contractors
  • Incident response plan for data breaches
  • Regular security awareness training

While we strive to protect your information, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

6. Third-Party Data Sharing

We do not sell your personal information. We may share your data with:

Service Providers

  • Payment Processors: Stripe, PayPal (for payment processing)
  • Cloud Hosting: AWS, Google Cloud (for infrastructure)
  • Analytics: Google Analytics (for usage analytics)
  • Email Services: SendGrid (for transactional emails)
  • Customer Support: Zendesk, Intercom (for support tickets)

Business Transfers

If PostNickNacks is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different Privacy Policy.

Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal requests (subpoenas, court orders)
  • Law enforcement investigations
  • Protection of our rights, property, or safety
  • Emergency situations involving danger to persons

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

Types of Cookies

  • Essential Cookies: Required for login, authentication, and security (cannot be disabled)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our Service
  • Marketing Cookies: Used to deliver relevant advertisements (optional, requires consent)

Cookie Management

You can control cookies through:

  • Browser settings (block or delete cookies)
  • Our cookie consent banner
  • Privacy settings in your account
  • Opt-out tools provided by advertising networks

Note: Disabling certain cookies may affect the functionality of our Service.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR Rights (EU Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

CCPA Rights (California Users)

  • Right to Know: Request information about data collection and sharing
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@postnicknacks.com
  • Privacy settings in your account dashboard
  • Written request to our mailing address

We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

9. International Data Transfers

PostNickNacks operates globally. Your information may be transferred to and processed in countries other than your country of residence, including the United States, which may have different data protection laws.

We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with adequate data protection
  • Data Processing Agreements with third-party processors
  • Security measures meeting international standards (ISO 27001, SOC 2)

10. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through a prominent notice on our Service
  • Provide at least 30 days notice for material changes
  • Obtain consent if required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact the Data Controller

If you have questions about this Privacy Policy or how we handle your personal information, please contact:

PostNickNacks Data Protection Officer

Email: privacy@postnicknacks.com

Support Email: support@postnicknacks.com

Twitter/X: @PostNickNacks

Website: www.postnicknacks.com

EU Representative (GDPR)

For users in the European Union, you may also contact our EU representative at:

Email: eu-privacy@postnicknacks.com

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Our Commitment to Your Privacy

We are committed to protecting your privacy and maintaining the security of your personal information. By using PostNickNacks, you acknowledge that you have read and understood this Privacy Policy.

Back to HomeView Terms of Service