Privacy Policy

1. Introduction

Auction Pro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise auction management platform, including our real-time bidding system, payment processing, and multi-role dashboards.

Our platform is designed for professional auction houses, government agencies, and enterprise clients requiring sophisticated auction management solutions. We understand the sensitive nature of auction data and financial transactions, and we implement industry-leading security measures to protect your information.

2. Information We Collect

2.1 Personal Information

• Name, email address, phone number, and business address
• Government-issued identification for verification purposes
• Banking and payment information for transaction processing
• Tax identification numbers for compliance and reporting
• Professional credentials and business licenses

2.2 Auction Data

• Bidding history and patterns
• Item preferences and watchlists
• Transaction records and payment history
• Auction participation timestamps and IP addresses
• Communication records related to auctions

2.3 Technical Information

• Device information, browser type, and operating system
• IP addresses and geographic location data
• Session data and authentication logs
• Platform usage analytics and performance metrics
• Security-related information for fraud prevention

3. How We Use Your Information

3.1 Core Platform Operations

• Processing real-time bids and managing auction sessions
• Facilitating secure payment processing through Stripe
• Managing cashier-controlled refunds and financial reconciliation
• Providing multi-role dashboard access (Admin, Cashier, User)
• Maintaining audit trails for compliance and security

3.2 Security and Compliance

• Preventing fraud and unauthorized access
• Complying with government regulations and audit requirements
• Implementing screenshot protection and data loss prevention
• Monitoring for suspicious activities and security threats
• Maintaining PCI DSS compliance for payment processing

3.3 Business Operations

• Customer support and technical assistance
• Platform improvements and feature development
• Legal compliance and regulatory reporting
• Business analytics and performance optimization
• Communication regarding platform updates and security notices

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

• Stripe for secure payment processing
• Supabase for secure file storage and database management
• NextAuth.js providers for authentication services
• Cloud hosting providers for platform infrastructure

4.2 Legal Requirements

• Government agencies for regulatory compliance
• Law enforcement when required by law
• Court orders and legal proceedings
• Tax authorities for financial reporting

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to the same privacy protections.

5. Data Security

We implement enterprise-grade security measures to protect your information:

• End-to-end encryption for all data transmission
• Advanced authentication and authorization systems
• Regular security audits and penetration testing
• Role-based access controls and data segregation
• Real-time monitoring and incident response procedures
• Secure backup and disaster recovery protocols
• PCI DSS Level 1 compliance for payment data
• Screenshot protection and data loss prevention

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account information: Duration of active account plus 7 years for regulatory compliance
• Transaction records: 10 years as required by financial regulations
• Audit logs: 5 years for security and compliance purposes
• Communication records: 3 years for customer support and legal purposes
• Technical logs: 1 year for security monitoring and system optimization

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request transfer of your data to another service
• Restriction: Request limitation of processing your information
• Objection: Object to certain types of processing

To exercise these rights, please contact us at privacy@auctionpro.com. We will respond within 30 days of your request.

8. International Data Transfers

Our platform may transfer and process your information in countries other than your country of residence. We ensure appropriate safeguards are in place through:

• Standard contractual clauses for data transfers
• Adequacy decisions from relevant data protection authorities
• Certification under recognized privacy frameworks
• Explicit consent for specific transfer purposes

9. Children's Privacy

Our platform is designed for professional use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through email or platform notifications at least 30 days before the changes take effect.

11. Contact Information

If you have questions or concerns about this Privacy Policy, please contact us: