MyAuctionVerse Privacy Policy

1. Information We Collect

We collect information you provide directly and information collected automatically when you use the Service.

Personal Information

When you register for an account, we collect:

• Name or display name
• Email address
• Password (hashed and stored securely by Supabase; we never store or have access to your plain text password)

Payment Information

When you purchase a plan, our third-party payment processor, Razorpay, collects payment information necessary to complete the transaction (card details, UPI ID, net banking credentials). We do not directly collect or store your full credit card numbers or sensitive financial details. We only store transaction references (Order ID, Payment ID) for order fulfillment and record-keeping.

Log Data

When you visit our website, our servers (provided by Vercel and Supabase) may automatically log standard data provided by your web browser, including your device's IP address, browser type and version, pages visited, time and date of visit, time spent on each page, and technical details related to any errors.

Analytics Data

We use Vercel Analytics to collect anonymized usage data such as page views, referral sources, device type, and geographic region. This data is used to understand how users interact with the Service and to improve performance. Vercel Analytics does not use cookies and does not track individual users across websites.

User-Generated Content

When using the Service, you may upload auction content such as player names, player images, team names, team logos, and auction backgrounds. This content is stored on our servers (Supabase) and may be visible to other users if you make your auction publicly viewable.

2. How We Use Your Information

• To create and manage your account
• To provide, operate, and maintain the auction hosting service
• To process payments and manage subscriptions
• To send transactional emails (account verification, password resets, payment receipts)
• To respond to your support inquiries
• To monitor and analyze usage patterns to improve the Service
• To detect and prevent fraud, abuse, or security threats
• To comply with legal obligations

We do not use your personal information for automated decision-making or profiling. We do not send marketing or promotional emails unless you explicitly opt in.

3. Legal Bases for Processing

We process your personal information under the following legal bases:

• Performance of a Contract: To provide the auction services you registered for and to process your payments.
• Consent: Where you have given explicit consent, such as opting in to communications.
• Legitimate Interests: For security monitoring, analytics, fraud prevention, and improving the Service, where these interests do not override your fundamental rights.
• Legal Obligation: To comply with applicable laws, regulations, or legal processes.

4. Cookies and Tracking Technologies

The Service uses essential cookies required for authentication and session management (e.g., Supabase auth tokens). These are strictly necessary for the Service to function and cannot be disabled.

We do not use advertising cookies or third-party tracking cookies. Vercel Analytics, our only analytics tool, is cookie-free and privacy-focused.

5. Disclosure to Third Parties

We do not sell, rent, or trade your personal information. We share information with the following third-party service providers strictly for operating the Service:

• Supabase (US): Authentication, database hosting, file storage, and real-time features.
• Razorpay (India): Payment processing.
• Vercel (US): Website hosting and analytics.

We may also disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence, including the United States (where Supabase and Vercel are headquartered) and India (where Razorpay operates). These countries may have different data protection laws than your jurisdiction.

By using the Service, you consent to the transfer of your data to these jurisdictions. We ensure that our service providers maintain appropriate security measures to protect your data.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data (name, email): Retained until you delete your account.
• Auction data (players, teams, results): Retained until you delete the auction or your account.
• Payment records (transaction IDs): Retained for 7 years to comply with Indian tax and accounting regulations.
• Log data: Retained for up to 90 days and then automatically deleted.

When you request account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Right to Data Portability: Request your data in a structured, commonly used format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Object: Object to processing of your data for legitimate interest purposes.

To exercise any of these rights, contact us at the email address below. We will respond to your request within 30 days.

For Indian Users (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, you have the right to access, correct, and erase your personal data. You may also nominate another person to exercise your rights in the event of your death or incapacity.

For EU/UK Users (GDPR)

Under the General Data Protection Regulation, you have additional rights including the right to restrict processing and the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not register for an account or provide any personal information.

Users between 13 and 18 years of age may use the Service with the consent and supervision of a parent or legal guardian. The parent or guardian is responsible for the minor's use of the Service.

Auction Owner Responsibility: Where auction owners share bid links or invite participants to their auctions, the auction owner is responsible for ensuring that participants meet applicable age requirements and that appropriate parental or guardian consent has been obtained for any minors participating. MyAuctionVerse does not verify the age or identity of participants who access auctions via shared bid links.

If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encrypted data transmission (HTTPS/TLS)
• Password hashing (handled by Supabase)
• Row-level security on database tables
• Rate limiting on API endpoints
• Regular security reviews

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected users via email without undue delay and no later than 72 hours after becoming aware of the breach.
• Notify relevant data protection authorities as required by applicable law.
• Provide details of the breach, the data affected, and the measures taken to address it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the following person is designated as the Grievance Officer for the purpose of this Privacy Policy:

Name: Azhar Ellahi
Email: support@myauctionverse.com

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days of receipt.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Azhar Ellahi / MyAuctionVerse