Privacy Policy

Last updated: 5/14/2026

1. Data we collect

  • Account information you provide: name, email address, mobile phone number, username, and password.
  • Deal information: product names, conditions, quantities, expiration dates, and photographs of the products.
  • Device information: your IP address, browser user-agent, and timestamps of account events.

2. How we use it

  • To manage your account and process buyback deals.
  • To send transactional notifications by SMS and email (deal approvals, point changes, redemption status, suspension/ban notices).
  • To detect and prevent fraud and program abuse.
  • To send occasional promotional updates and flash deal announcements (you may unsubscribe at any time).

3. Selling and sharing

We do not sell your personal data to third parties. We share data only with the service providers needed to operate the platform (Supabase for data storage, Resend for email, Twilio for SMS, Vercel for hosting) and only the minimum needed for them to perform their role.

4. California residents (CCPA)

If you reside in California, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal data we hold about you.
  • Right to delete your personal data, subject to limited exceptions (e.g. audit records of completed transactions).
  • Right to opt out of sale. We do not sell personal data, so there is nothing to opt out of, but this right is preserved by law.
  • Right against discrimination for exercising these rights.

To exercise any CCPA right, email a.plusteststrips@gmail.com.

5. Communications opt-out

  • SMS: reply STOP to any text message at any time. Your number will be added to our suppression list and Twilio's carrier-level opt-out registry within seconds.
  • Email: click the unsubscribe link at the bottom of any non-essential email.
  • Opting out of SMS does not affect your ability to log in, view your dashboard, or receive critical account emails.

6. IP address retention

IP addresses may be retained permanently and associated with banned accounts for fraud and ban enforcement. This is a security measure to prevent users who have been removed from rejoining the program under a new identity.

7. Photo storage and access

Photographs uploaded as part of a deal submission are stored in a private, access-controlled bucket. Only you (the uploading affiliate) and the admin/co-admin team can access them, and they are used only for deal verification. Photos are served via signed URLs that expire in under one hour.

8. Security

We hash passwords with industry-standard algorithms via Supabase Auth, enforce HTTPS site-wide, set strict Content-Security-Policy and HSTS headers, and apply row-level security so users can only access their own data. We strip EXIF metadata (including GPS) from uploaded photos before they are stored.

9. Contact

a.plusteststrips@gmail.com