ArcticCardBrokers ("we," "our," "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
Account information: When you register, we collect your username, email address, and password (stored as a secure hash — we never store your plain-text password).
Transaction data: We record purchases, sales, bids, raffle entries, and wallet transactions to operate the marketplace and resolve disputes.
Communications: Messages sent through the Platform are stored to facilitate transactions and resolve disputes.
Technical data: We collect IP addresses, browser type, and page access logs for security and fraud prevention purposes.
We use your information to: operate and improve the Platform; process transactions and facilitate buyer-seller communications; send transactional emails (order confirmations, shipping notifications, security alerts); prevent fraud, enforce our Terms of Service, and comply with legal obligations; and respond to support requests.
We do not store full payment card numbers on our servers. Payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. By making a payment, you agree to Stripe's Privacy Policy. We retain only tokenized payment references and transaction amounts.
We do not sell your personal information. We share data only with: service providers who help operate the Platform (payment processors, email delivery, hosting); other users as necessary to complete transactions (e.g., sellers see your shipping address for physical orders); law enforcement or regulators when legally required; and successors in the event of a merger or acquisition.
We use session cookies to keep you logged in and to prevent cross-site request forgery. We do not use third-party advertising trackers or sell your browsing data. You may disable cookies in your browser settings, but this will prevent you from logging in.
We retain your account data for as long as your account is active and for a reasonable period afterward to comply with legal obligations and resolve disputes. Transaction records are retained for 7 years for accounting and tax purposes. You may request deletion of your personal data by contacting us, subject to legal retention requirements.
You have the right to: access the personal information we hold about you; correct inaccurate data; request deletion of your account and associated data (subject to legal obligations); opt out of non-transactional marketing emails via the unsubscribe link in any email. To exercise these rights, contact us via the contact page.
We use industry-standard security measures including TLS encryption for data in transit, bcrypt hashing for passwords, and CSRF tokens for all form submissions. We recommend enabling two-factor authentication on your account for additional security.
The Platform is not directed to children under 18. We do not knowingly collect personal information from minors. If we learn that we have collected such information, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes via email and by posting the updated policy on this page with a new effective date.
For privacy-related questions or to exercise your rights, please contact us via our contact page.