Privacy Policy

Last updated: April 2026

GearTrad (operated by AuricMinds Group) is committed to protecting your privacy. This policy explains what data we collect, why, and how we keep it safe.

1. Data We Collect

Account data: email address, username, password hash (stored encrypted — we never see your plain password), account type (buyer/seller), and profile information you choose to provide. Transaction data: listing details, order history, payment method type (not card numbers — those go directly to Paymob), and escrow status. Verification data (optional): government-issued ID image and selfie, collected only when you apply for a Verified badge. Usage data: pages visited, features used, listings clicked — collected anonymously to improve the platform. Device/session data: IP address, browser type, and session tokens for security and fraud detection.

2. What We Do NOT Collect

We do not collect or store card numbers, CVVs, or full banking credentials. Payments are peer-to-peer — buyers send money directly to sellers via their chosen method (Vodafone Cash, InstaPay, crypto, etc.). We do not handle or intermediate any funds. We do not collect your physical location beyond country level. We do not sell, rent, or trade your personal data to any third party for marketing purposes, ever.

3. How We Use Your Data

To operate the platform: process transactions, manage escrow, deliver notifications, and enable chat. To verify identity: review submitted ID documents for Verified badge applications. To prevent fraud: detect suspicious activity, enforce bans, and protect users from scams. To improve the platform: analyze anonymous usage patterns. To communicate: send transactional emails (purchase confirmations, dispute updates) and important account notices. We do not send marketing emails without your explicit opt-in.

4. Data Sharing

We share data with: (a) Supabase — our database and authentication provider, hosted on secure infrastructure; (b) Resend — transactional email delivery (recipient email address and email content only); (c) Law enforcement — only when legally required by a valid court order or Egyptian law. We do not share data with advertisers, data brokers, or any other third parties.

5. Identity Verification Data

Government ID images and selfies submitted for verification are stored in encrypted Supabase Storage. They are accessible only to authorized GearTrad moderators. They are used solely to verify your identity, are never shared externally, and are retained for as long as your account is active or as required by applicable law.

6. Cookies & Local Storage

We use session cookies to keep you logged in and preference cookies (locale, theme). We use browser localStorage to store anonymous activity data for personalized recommendations — this data never leaves your device and is not transmitted to our servers. You can clear localStorage at any time via your browser settings. We do not use third-party tracking cookies or advertising pixels.

7. Data Security

All data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed with bcrypt via Supabase Auth. Database access is protected by Row Level Security (RLS) — users can only access their own data. Our infrastructure uses Supabase's managed security, which includes encryption at rest and regular security audits. We apply security headers (CSP, HSTS, X-Frame-Options) to protect against common web attacks.

8. Data Retention

Active account data is retained for as long as your account exists. After account deletion, personal data is removed within 30 days, except data we are legally required to retain (transaction records for financial compliance — typically 5 years). Verification documents are deleted within 90 days of account deletion.

9. Your Rights

You have the right to: (a) access a copy of your personal data; (b) correct inaccurate data; (c) request deletion of your account and data; (d) object to processing of your data; (e) data portability (receive your data in a machine-readable format). To exercise any of these rights, contact us via the Help Center. We will respond within 14 days.

10. Children's Privacy

GearTrad is not directed at users under 16. We do not knowingly collect personal data from children under 16. If we discover such data has been collected, we will delete it immediately. If you believe a minor has created an account, contact us immediately.

11. Changes to This Policy

We will notify users of significant changes to this policy via email or an in-app notice at least 7 days before changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise your data rights, contact us through the Help Center. For data deletion requests, include "Data Deletion Request" in your message.