Privacy Policy

Account data. Email, display name, handle, password hash, optional avatar and bio, account preferences, and notification settings. If you sign up through a referral or campaign link, we record that attribution.

Identity data. Your legal name, when needed for shipping labels or tax reporting (for example, at membership checkout or your first sale). Sellers completing payout verification provide identity information directly to Stripe.

Shipping data. Recipient name, street address, city, state or province, postal code, country, and phone number. A snapshot of the address you choose is stored with each order so we can resolve delivery questions later.

Collection data. Pieces you add to your Vault, photos you upload, notes, provenance, correction submissions, certification submissions, want lists, and trade history on the platform.

Payment data. Billing details and purchase records. Card numbers and bank details are collected and stored by our payment processors; we never store full card numbers on our servers. We do store a card fingerprint (a token that identifies a card without revealing its number) to detect fraud rings that span multiple accounts.

Device and usage data. Browser type, pages visited, and interactions with the service, used for security, fraud prevention, and product improvement. Our infrastructure providers log IP addresses as part of operating and securing the service.

Push notifications. If you enable push, we store the browser-issued push subscription token, your device’s user-agent string, and the preferences you set (drop alerts, trade offers, and so on). We also log whether our notifications were delivered, so we can stop sending to dead endpoints. You can revoke push at any time in your settings or at the browser level.

Waitlist. If you join the waitlist before launch, we store your email, optional name, and how you found us.

We use your data to:

• ◆Run your Vault, Registry activity, and Marketplace transactions.
• ◆Ship physical pieces to you, and generate shipping labels and customs forms.
• ◆Authenticate pieces and prevent counterfeits.
• ◆Process payments, payouts, and refunds, and meet tax-reporting obligations.
• ◆Send transactional emails (order confirmations, authentication results, drop timing, gift claims).
• ◆Send push notifications you opted into.
• ◆Detect fraud, abuse, and security threats, including matching card fingerprints across accounts.
• ◆Administer giveaways and verify winner eligibility.
• ◆Improve the platform and build new features.

We rely on a small set of vetted processors to run the platform. Each receives only what it needs to do its job.

• ◆Supabase: database, authentication, file storage, edge functions.
• ◆Vercel: hosting the web application and edge delivery.
• ◆Stripe: payment processing, payouts, seller identity verification, and tax forms.
• ◆Shippo: shipping labels, address validation, and tracking. Shippo receives the recipient’s name, address, phone, and email for each shipment.
• ◆Crossmint: on-chain certificate minting and wallet operations for certified pieces.
• ◆Resend and Google Workspace: transactional and account email delivery.
• ◆Sentry: error and crash diagnostics, which can include IP address and device information when an error occurs.
• ◆Anthropic: piece-recognition analysis. When you submit photos to identify a piece, those photos are sent to Anthropic's Claude vision API to suggest a match. They are used for that analysis, not for advertising.
• ◆Voyage AI: image embeddings that power piece-recognition matching, computed from the same photos you submit for identification.
• ◆Browser push services (Apple, Google, Mozilla): deliver the push notifications you opted into via your browser’s push infrastructure.
• ◆Netlify: DNS management for the carrycollect.app domain.

Some sharing is part of how a collector marketplace works, and we want you to know about it before it surprises you.

Artists who fulfill their own drops see the buyer information needed to ship: your name, handle, and shipping address appear on their fulfillment screen, packing slips, and shipping labels for pieces you bought from them.

If you make a piece public in the Registry, your handle is shown as its holder, and that attribution is permanent: the Registry continues to show the last known public holder even if the piece is later sealed. Choose Public deliberately.

Final sale prices on the platform are public and feed the comparable-value data everyone sees. Demand signals (how many collectors are hunting a piece) are shown only as aggregate counts, never as identities. Provenance displays never reveal identities unless a collector opts in.

Your Vault is private by default. Profile visibility, directory listing, and financial details all default to their most private settings, and you control each toggle.

We use a small number of first-party cookies to keep you signed in and protect your session. We do not run third-party advertising cookies or tracking pixels.

Your browser’s local storage holds functional state (drafts, dismissed prompts, a referral code if you arrived through one, tour progress). It stays on your device.

We do not currently run an analytics tool. If we add one, it will be a privacy-respecting, aggregated tool, and we will update this Policy first.

Account data: while your account is open, plus a short window after closure for dispute and fraud purposes.

Transaction and shipping records (including the address snapshot on each order): at least seven years, to meet US tax and accounting rules.

Vault photos and notes: until you delete them or close your account. You can delete individual pieces from your Vault at any time. Registry attribution survives as described in Section 4.

Push tokens and delivery logs: until you revoke permission or we detect the token is no longer valid.

Waitlist entries: until launch outreach completes, then deleted or converted to account data if you sign up.

Wherever you live, we offer you the same set of rights:

• ◆Ask for a copy of the personal data we hold about you.
• ◆Correct data that’s wrong or incomplete.
• ◆Delete your data (with exceptions for records we are required to keep, like transaction history).
• ◆Object to, or restrict, certain processing.
• ◆Receive your data in a portable format.
• ◆Withdraw consent for anything you opted into, like push notifications.

Export and deletion are self-service: download a copy of your data and delete your account anytime from Settings. For anything else (corrections, objections, or if you simply prefer a human), email vault@carrycollect.app from the address on your account. We respond to verified requests within 45 days and may extend once for another 45 days if a request is complex; we will tell you if so. We may need to verify your identity before releasing or deleting data.

CarryCollect is a small US business. At our current size we fall below the applicability thresholds of the comprehensive state privacy laws, including the California Consumer Privacy Act. We honor the rights in Section 7 for everyone anyway, as a matter of policy rather than statutory obligation, and we do not sell or share personal information for advertising in the sense those laws regulate.

The service is directed to residents of the United States and Canada. We do not target the EU or UK, ship there, or price in euros or pounds. If you visit from the EU or UK anyway, the rights in Section 7 are available to you, and you can always raise a concern with your local supervisory authority.

CarryCollect is for adults: you must be 18 or older to hold an account. The service is not directed to children, and we do not knowingly collect personal information from anyone under 13. If you believe a child has given us data, email us and we will delete it.

We protect your data with encryption in transit, restricted production access, least-privilege database policies (row-level security on every table), and ongoing security reviews.

No system is perfectly secure. We design so that a single failure does not expose your data, and we test that design regularly.

If we detect a breach that affects you, we will notify you promptly, tell you what happened and what we are doing about it, and cooperate with regulators as required.

We may update this Policy as the platform grows. Material changes will be announced in-platform and by email at least 14 days before they take effect.

Questions, requests, or concerns: vault@carrycollect.app

CarryCollect, LLC is an Ohio limited liability company. A physical mailing address for legal notices is available upon request by writing to the address above.