Skip to main content

Privacy Policy

Last Updated: 23 April 2026 Effective Date: 23 April 2026

Operating Entity

RTC Collector is a service operated by RetroTechCollection.

Operating Entity: RetroTechCollection Service Name: RTC Collector Operating Entity Website: https://retrotechcollection.com Service URL: https://rtccollector.com

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use RTC Collector. In this policy, "we", "us", and "our" refer to RetroTechCollection, the operating company.

RetroTechCollection is based in the United Kingdom and processes data in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are

RetroTechCollection is the data controller for the personal information you provide when using RTC Collector. Our registered office is in the United Kingdom (full address available upon request).

For privacy questions, contact: [email protected] For data protection officer inquiries: [email protected]

2. What Information We Collect

Information You Give Us

When you register and use RTC Collector, we collect:

Account Information:

  • Email address
  • Username
  • Password (encrypted, we never see the actual password)
  • Date of birth (to verify age requirements)
  • Country (for tax and legal compliance)

Profile Information:

  • Display name
  • Bio/description (optional)
  • Profile photo (optional)
  • Collection privacy preferences

Collection Data:

  • Item details you enter (names, descriptions, serial numbers, purchase dates, values, conditions)
  • Photos you upload
  • Storage locations you define
  • Custom fields and notes
  • Relationships between items

Marketplace Activity:

  • Listings you create (prices, descriptions, shipping options)
  • Offers you make or receive
  • Transactions you complete
  • Shipping addresses (for completed transactions)
  • Payment information (processed by Stripe on web and Android — we only see the last 4 digits and card brand)
  • Ratings and reviews you give or receive

Subscription and Purchase Data:

  • Subscription tier (Hobbyist, Collector, Enthusiast) and billing interval
  • Subscription status (active, trialing, cancelled, past due)
  • Payment source (Stripe or Apple In-App Purchase)
  • For web and Android subscribers: Stripe customer and subscription IDs (no card details)
  • For iOS subscribers: anonymous Apple-issued transaction identifiers (we never see your Apple ID, your name, or your payment details — only that a valid subscription exists and when it renews or expires)
  • Trial eligibility history (whether you've used a free trial before)

Messages:

  • Content of messages you send (encrypted at rest)
  • Participants in conversations
  • Timestamps

Support Inquiries:

  • Content of your support requests
  • Attachments you send us

Information We Collect Automatically

Usage Information:

  • Pages you visit
  • Features you use
  • Time spent on the platform
  • Search queries
  • Filters and sort preferences

Device Information:

  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • IP address
  • Approximate location (city/region level, based on IP)

Cookies and Similar Technologies:

  • Session cookies (essential for login)
  • Preference cookies (language, theme settings)
  • Analytics cookies (with your consent)

See our Cookie Policy for details.

Information From Third Parties

Stripe (web and Android subscriptions):

  • Payment confirmation
  • Payout status (for sellers)
  • Fraud detection signals

Apple App Store (iOS subscriptions, via RevenueCat):

  • Apple-issued transaction identifier for your purchase (originalTransactionId) — this is an opaque reference, not your Apple ID
  • Product identifier you purchased (which tier and interval)
  • Subscription status changes from Apple's servers: renewal, cancellation, expiration, refund, billing retry, grace period
  • Introductory offer eligibility (whether Apple considers you eligible for a free trial on a given product)
  • Environment (sandbox vs production — so we don't treat test purchases as real subscriptions)

We never receive your Apple Account email, your name, your payment method, or any other information Apple holds about you.

RevenueCat: RevenueCat sits between our app and Apple. When you subscribe on iOS, the App Store's receipt and renewal notifications go to RevenueCat first. RevenueCat validates them with Apple and forwards a normalised record to our server so we can grant or revoke your tier. RevenueCat sees:

  • The Apple transaction identifier and product identifier described above
  • A pseudonymous "app user ID" which is our internal numeric User.id (not your name, email, or any direct identifier)
  • The approximate country inferred from the Apple Account region (so RevenueCat can render prices in the right currency)

RevenueCat's own privacy policy is at revenuecat.com/privacy.

Google Play (future — Android in-app billing, when enabled):

  • Equivalent to the Apple App Store entry above. Not active today; listed here so this policy stays accurate when we add it.

Wikipedia (optional):

  • When you use autofill features, we fetch public data from Wikipedia
  • We don't send Wikipedia any of your personal information

Google Sign-In (optional):

  • If you choose to sign in with Google, we receive your email address and basic profile information (name, avatar) from Google
  • You can revoke this at any time from your Google Account's third-party app settings

3. How We Use Your Information

We use your data for these purposes:

Providing the Service

  • Creating and maintaining your account
  • Enabling you to catalog your collection
  • Facilitating marketplace transactions
  • Processing payments and payouts
  • Sending transactional emails (purchase confirmations, shipping updates, etc.)
  • Providing customer support
  • Enforcing our Terms of Service

Legal Basis: Contract performance - we need this data to provide the service you've signed up for.

Improving RTC Collector

  • Understanding how people use the platform
  • Identifying bugs and fixing them
  • Testing new features
  • Analyzing which features are popular or underused
  • Optimizing performance

Legal Basis: Legitimate interests - improving our service benefits everyone.

Safety and Security

  • Detecting and preventing fraud
  • Identifying suspicious marketplace activity
  • Investigating violations of our Terms
  • Protecting against account takeovers
  • Complying with legal obligations

Legal Basis: Legitimate interests and legal obligations.

  • Sending you product updates and feature announcements
  • Notifying you about relevant marketplace activity
  • Weekly digest emails (if you've enabled them)

Legal Basis: Consent - you can opt out anytime.

  • Responding to law enforcement requests
  • Complying with court orders
  • Meeting tax and accounting requirements
  • Protecting our legal rights

Legal Basis: Legal obligation or legitimate interests.

4. How We Share Your Information

We don't sell your personal data. Ever.

We share limited data in these situations:

With Other Users

Public by Default:

  • Your username
  • Items you've marked as public in your collection
  • Marketplace listings
  • Ratings and reviews you leave

Visible to Friends (if you've enabled friend features):

  • Your full collection (if shared with friends)
  • Activity updates

In Transactions:

  • Buyers see your username and can message you
  • If a transaction completes, you share shipping addresses
  • After delivery, both parties see each other's ratings

You control most of this through privacy settings.

With Service Providers

We use third parties to help run RTC Collector:

Stripe (web and Android billing):

  • Processes all Stripe payments (web + Android subscriptions, marketplace transactions)
  • Handles seller payouts
  • Manages Stripe Connect accounts
  • They see payment details and receive transaction data

Apple (iOS billing):

  • Processes all iOS in-app purchases on its own infrastructure
  • Holds the payment relationship with you (your Apple Account is billed, not us)
  • Sends us receipts and renewal notifications via RevenueCat
  • We never transmit your personal data to Apple for billing — Apple already has its own relationship with you

RevenueCat (iOS subscription lifecycle):

  • Validates Apple receipts on our behalf
  • Stores the Apple originalTransactionId and product identifier linked to your internal User.id
  • Sends us webhook notifications when your subscription renews, cancels, expires, is refunded, or enters billing retry
  • Does not receive your email, name, payment details, or any personal identifier beyond the opaque User.id

Email Service:

  • Sends notification and transactional emails
  • Receives your email address and message content
  • We use them because reliable email delivery is hard

Hosting Provider:

  • Stores our database and files
  • Has access to all data but is contractually bound to only use it for hosting
  • Based in the EU with UK GDPR compliance

Analytics (if you consent):

  • Receives anonymized usage data
  • Helps us understand how the platform performs
  • We don't send them personally identifiable information

All service providers are carefully selected and contractually bound to protect your data.

We may disclose data if:

  • Required by law (court order, subpoena)
  • Necessary to protect rights or safety
  • Part of a business transfer (acquisition, merger)
  • You've given explicit consent

We'll notify you if possible, unless prohibited by law.

5. International Transfers

Our servers are in the EU. If you're outside the EU/UK, your data will be transferred internationally.

We ensure protections through:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions where applicable
  • Other appropriate safeguards under UK GDPR

6. How Long We Keep Your Data

We keep different types of data for different periods:

Active Accounts:

  • As long as your account is open
  • Plus retention periods for specific data types (below)

Closed Accounts:

  • Most data deleted within 30 days
  • Some data retained longer for legitimate reasons

Specific Data Types:

  • Transaction records: 7 years (tax/accounting requirement)
  • Support tickets: 3 years
  • Audit logs: 2 years
  • Marketplace disputes: 2 years after resolution
  • Backups: 90 days, then permanently deleted

Legal Holds:

  • If there's ongoing litigation or investigation, we keep relevant data until resolved

You can request deletion sooner, subject to legal requirements.

7. Your Rights Under UK GDPR

You have these rights:

Right to Access

You can request a copy of your personal data. We'll provide it in a portable format (JSON or CSV) within 30 days.

Right to Rectification

If your data is wrong or incomplete, you can update most of it yourself in settings. For things you can't change, contact us.

Right to Erasure ("Right to be Forgotten")

You can request deletion. We'll comply unless we need to keep data for:

  • Legal obligations (like tax records)
  • Defending legal claims
  • Completing transactions in progress

Right to Restrict Processing

You can ask us to limit how we use your data while we resolve a complaint or verify accuracy.

Right to Data Portability

You can export your collection data anytime from your account. For a complete export including transaction history, contact us.

Right to Object

You can object to processing based on legitimate interests. We'll stop unless we have compelling reasons to continue.

For things requiring consent (like marketing emails), you can opt out anytime. This doesn't affect processing we did before you withdrew consent.

We don't make automated decisions with legal or significant effects. If that changes, we'll update this policy and get consent where required.

How to Exercise Your Rights

Email [email protected] with your request. We'll:

  • Verify your identity (to protect your data)
  • Respond within 30 days
  • Explain if we can't comply and why

These requests are free. If you make excessive or repetitive requests, we may charge a reasonable fee or refuse.

Right to Complain

If you're unhappy with how we handle your data:

  1. Contact us first: [email protected]
  2. If not satisfied, complain to the UK Information Commissioner's Office (ICO):
    • Website: ico.org.uk
    • Phone: 0303 123 1113
    • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

8. Security

We take security seriously:

Technical Measures:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for sensitive data (AES-256-GCM)
  • Encrypted backups
  • Password hashing (bcrypt with 12 rounds)
  • Two-factor authentication available
  • WebAuthn/passkey support

Organizational Measures:

  • Access controls (role-based permissions)
  • Regular security audits
  • Employee training
  • Incident response procedures
  • Vendor security assessments

Limitations:

  • No system is 100% secure
  • You're responsible for keeping your password safe
  • Don't share your account
  • Enable 2FA for additional protection

If we discover a breach affecting your data, we'll:

  • Notify you within 72 hours where feasible
  • Report to the ICO if required
  • Take steps to mitigate harm

9. Children's Privacy

RTC Collector is not intended for children under 13. We don't knowingly collect data from children under 13.

Users aged 13-17 need parental consent to use the service. If we learn we've collected data from someone under 13, we'll delete it.

Parents can contact [email protected] if they believe their child has created an account.

10. Cookies and Tracking

We use cookies and similar technologies. See our Cookie Policy for full details.

In summary:

  • Essential cookies: Required for the site to work (can't be disabled)
  • Functional cookies: Remember your preferences
  • Analytics cookies: Help us improve (requires consent)
  • Marketing cookies: We don't currently use these

You can control non-essential cookies in your browser or our cookie banner.

11. Email and Notifications

We send several types of emails:

Transactional (can't opt out):

  • Account creation confirmation
  • Password resets
  • Purchase confirmations
  • Shipping updates
  • Security alerts

Notification (can customize):

  • New messages
  • Offer updates
  • Transaction status changes
  • Friend requests

Marketing (can opt out):

  • Product updates
  • New features
  • Weekly digest

Manage preferences in account settings.

12. Changes to This Policy

We may update this privacy policy. When we do:

  • We'll update the "Last Updated" date
  • For significant changes, we'll email you
  • We'll ask for new consent if required by law
  • Previous versions will be archived

Your continued use after changes means you accept the updated policy.

RTC Collector contains links to external sites (like Wikipedia). When you click them:

  • You're subject to their privacy policies
  • We're not responsible for their practices
  • Read their policies before providing data

14. Business Transfers

If RTC Collector is acquired or merged:

  • Your data may transfer to the new owner
  • We'll notify you beforehand
  • The new owner must honor this privacy policy (or get your consent for changes)
  • You can close your account before the transfer

15. Your California Privacy Rights (CCPA)

If you're a California resident, you have additional rights under CCPA. See the GDPR section above - we provide the same rights to everyone.

Key points:

  • We don't sell personal information
  • You can request disclosure of data collected and shared
  • You can request deletion
  • We won't discriminate if you exercise CCPA rights

16. Contact Us

Privacy questions: [email protected] Data Protection Officer: [email protected] General support: [email protected] Security concerns: [email protected]

Mail: RetroTechCollection [Address available upon request] United Kingdom

We aim to respond to privacy inquiries within 5 business days, and resolve requests within 30 days as required by law.

This privacy policy was written to be clear and understandable. If anything is confusing, please ask us to explain.