1. Who we are
Coollect ("we", "us", "our") is a platform dedicated to football shirt collectors. We provide cataloguing, authentication, valuation and trading services for football jerseys and related memorabilia. Our platform is accessible at mycoollect.com.
2. What data we collect
We collect data you provide directly and data generated by your use of the platform:
- Account data: name, email address, username, profile photo (from Google OAuth if used).
- Collection data: jersey details, images, valuations, provenance information and purchase history you add to your collection.
- Transaction data: listings, sale prices, offers and communications related to marketplace activity.
- Authentication data: CoollectCodes scan results, COA documents, condition notes and any provenance documentation you upload.
- Wallet data: Ethereum wallet address if you connect one for on-chain certification.
- Usage data: pages visited, features used, browser type, IP address, timestamps.
3. How we use your data
- To provide, maintain and improve the platform.
- To authenticate your identity and secure your account.
- To generate valuations and comparable market data.
- To facilitate transactions between collectors.
- To send service notifications (e.g. messages, offers, valuation updates).
- To detect and prevent fraud or misuse.
- To comply with legal obligations.
4. Legal basis for processing (GDPR)
We process your data under the following legal bases:
- Contract performance: processing necessary to provide the services you requested.
- Legitimate interest: fraud prevention, platform security and product improvement.
- Consent: marketing communications (you may withdraw at any time).
- Legal obligation: compliance with applicable laws.
5. Third-party services
We use the following third-party services that may process your data:
- Supabase: database and authentication infrastructure (EU data residency).
- Vercel: hosting and edge deployment.
- Google OAuth: optional sign-in method. If you use Google to log in, we receive your name, email and profile picture from Google.
- OpenAI: AI-assisted jersey enrichment and valuation features. Jersey descriptions may be processed to improve matching accuracy.
6. Data retention
We retain your account data as long as your account is active. Collection data you create is retained to maintain the integrity of provenance records. You may request deletion of your account and associated data at any time.
7. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Object to or restrict certain processing.
- Data portability — receive your data in a structured format.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at privacy@mycoollect.com.
8. Cookies
We use essential cookies to keep you logged in and maintain your session. We do not use advertising or tracking cookies. Analytics, if any, are aggregated and anonymous.
9. Security
We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls. No system is completely secure; we encourage you to use a strong password and keep your credentials private.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified via email or a prominent notice on the platform. Continued use after the effective date constitutes acceptance.
11. Contact
For any privacy-related questions: privacy@mycoollect.com