Privacy Policy

RETRO//VRS (the "Platform"), owned and operated by RETROVRS Holdings, Inc.("RETROVRS," "we," "us," or "our"), is committed to protecting the privacy of our users ("you," "your"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access or use our websites Policy explains how we collect, use, disclose, and protect your personal data when you access or use our websites (including [www.retrovrs.com](http://www.retrovrs.com/) and [www.retrovrs.io](http://www.retrovrs.io/)), access or use our websites (including [www.retrovrs.com](http://www.retrovrs.com/) and [www.retrovrs.io](http://www.retrovrs.io/)), (including [www.retrovrs.com](http://www.retrovrs.com/) and [www.retrovrs.io](http://www.retrovrs.io/)), mobile applications, or any related services (collectively, the "Services"). By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Services.

1. General

Our Services are intended only for individuals 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we discover that a person under 18 has provided us with personal data, we will promptly delete it from our systems.

2. Data we Collect

2.1 Personal Data You Provide

Registration & Account Data: Name, email, phone number.
Shipping Information: Physical address (used for order fulfillment, though not stored long-term in our primary database).
Transaction Data: Purchase and sales history, items saved to cart, favorites, and communication with other users (e.g., buyers or sellers). Note: Transactions happen through the Stripe payment processor, which we then collect checkout information from.
User Communications: Information you submit when contacting support or providing feedback.

2.2 Data Collected Automatically

Technical Data: IP address, device identifiers, browser type, operating system, referring URLs.
Cookies & Email Tracking: We use Cookies to recognize you and gather analytics. See Section 6(Cookies) for details. Our email service provider (Brevo) uses tracking pixels to monitor email opens.
Analytics:
- Google Analytics (requires explicit consent) to analyze user behavior and improve our services.
- Vercel Analytics to collect anonymous performance metrics and basic usage data (page views, navigation events, country-level location) for platform stability and improvement. This essential analytics does not require explicit consent as it falls under legitimate interests and does not use cookies or collect personally identifiable information.

2.3 Data from Third Parties

Authentication Providers: For item authentication data (non-personal, item-related). We do notcurrently share personal user data with these providers.
Email/Gmail: We do not offer social logins, but you may register or sign in via email-based links (or Gmail in some cases) that supply us only with necessary account data (e.g., email).

2.4 Payment Information

All payment data (e.g., card details) is processed by Stripe, our third-party payment processor. We do not store or have direct access to full payment card information.

2.5 No Sensitive Data

We do not intentionally collect any sensitive data such as government-issued IDs or health information. If you voluntarily include such details in uploaded receipts or documents, you acknowledge that you are responsible for any sensitive data you disclose.

3. Why We Collect Your Data (Legal Basis Under GDPR)

Under the General Data Protection Regulation (GDPR) (where applicable), we rely on different legal bases for processing your data:

1. Contractual Necessity - To facilitate transactions (e.g., shipping, order confirmations). - To provide account management and user support.
2. Legitimate Interests - Analytics & Platform Improvement: We gather usage data (via Google Analytics and cookies) to understand user behavior and enhance our Services. - Basic Marketing Communications: We may send updates or offers we believe are of interest, unless you opt out.
3. Consent - Promotional Emails & Newsletters: We send marketing emails only if you've subscribed or otherwise consented. You can withdraw consent at any time—seeSection 8 (Your Rights).
4. Legal Obligations - We retain certain records to comply with tax, audit, or other legal requirements (e.g., 7-year retention).

If you have any questions about our legal bases for processing, please contact us at support@retrovrs.com.

4. How We Use Your Data

4.1 Blockchain & Smart Contracts

Certain documentation (e.g., authentication certificates, receipts) is uploaded to decentralized storage (like IPFS) and referenced on our blockchain smart contracts. Before we publish any document publicly, we redact personal or sensitive information (e.g., full names, addresses, payment info). However, we may retain unredacted versions in our secure, private database to verify authenticity or ownership, detect fraud, and otherwise maintain trust in our platform.

Please note that once data is placed on a public blockchain, it may beimmutable and publicly accessible. We take measures to mask or remove personal details before uploading, but we encourage users to avoid uploading any sensitive data they do not wish to make public.

4.2 Marketing Communications

We may use your email to send:

Transactional Emails: Order confirmations, shipping updates, and more updates on the state of your orders and/or posted items.
Marketing: Newsletters, promotions (if you've opted in).
Platform Updates: Changes to Terms, features, or policies.

You can unsubscribe from marketing emails anytime via the unsubscribe link or by contacting us.

4.3 Analytics & Improvement

We analyze user behavior to:

Improve our Services and user experience
Detect and prevent fraud or abuse
Understand how users interact with features
Measure the effectiveness of our marketing

5. Data Sharing & Third Parties

5.1 Service Providers

We share data with trusted service providers who help us operate, including:

Stripe: Payment processing (receives transaction & billing data)
Google Analytics: Usage analytics (receives behavioral data)
AWS/Cloud Providers: Hosting & storage

5.2 Legal Requirements

We may disclose data if required by law, regulation, or legal process (e.g., court order, subpoena).

5.3 Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your data may be transferred. We'll notify you of any change in ownership or data use.

6. Cookies & Tracking

6.1 Types of Cookies

Essential Session Cookies: Required for authentication and security. These cookies are strictly necessary and expire after 3 days of inactivity or upon logout. They are regularly rotated (every hour) for enhanced security.
Analytics: Help us understand how users interact with our Services (via Google Analytics). These cookies are only set after you explicitly consent by clicking "Allow All Cookies" in our cookie banner.

6.2 Cookie Security

Session Security: Our authentication cookies are HTTP-only, secure, and protected by additional security headers
Token Rotation: For security, we regularly rotate session tokens even during active sessions
Automatic Expiration: Sessions automatically expire after 3 days of inactivity

6.3 Managing Cookies

Essential Cookies: Session cookies are strictly necessary for the website to function and cannot be opted out of while using our Services.
Optional Cookies: Through your browser settings, you can choose to block or delete non-essential cookies (analytics and marketing).
Google Analytics: You can opt out by installing the Google Analytics opt-out add-on.
Effect of Disabling: While you can disable non-essential cookies, essential session cookies are required to log in and use the platform.

7. Data Security

We implement reasonable security measures to protect your data, including:

Encryption in transit and at rest
Access controls and authentication
Regular security assessments
Employee training and confidentiality agreements

However, no method of transmission or storage is 100% secure. We can't guarantee absolute security of your data.

8. Your Rights

Under GDPR and other privacy laws, you may have rights to:

Access your personal data
Correct inaccurate data
Request deletion ("right to be forgotten")
Object to or restrict processing
Export your data ("data portability")
Withdraw consent for optional processing

How to Exercise Your Rights

Email support@retrovrs.com with your request. We'll respond within 30 days. We may need to verify your identity.

Right to Complain

If you believe we are violating your rights, you can lodge a complaint with your local data protection authority (e.g., in the EU, your national supervisory authority).

9. Data Retention

We retain personal data as long as:

Your account is active;
We need it to provide the Services or comply with legal obligations;
It's necessary for legitimate business purposes.

10. International Transfers

We primarily process data in the United States. By using our Services, you consent to your data being transferred to countries that may have different data protection rules than your country. We implement safeguards (e.g., standard contractual clauses) for international transfers where required by law.

11. Children's Privacy

Our Services are not intended for children under 18. We do not knowingly collect data from children. If we learn we've collected data from a child under 18, we'll delete it promptly. Contact us if you believe we have data from a child.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We'll notify you of material changes via email or notice on our website. Your continued use after changes indicates acceptance of the updated Policy.

13. Contact Us

For questions about this Privacy Policy or our data practices:

Email: support@retrovrs.com

Mail:
RETROVRS Holdings, Inc.
10685B Hazelhurst Drive
Houston, TX 77043
United States

For EU/UK residents: Our EU representative can be contacted at our Paris office.