Privacy Policy

Effective Date: January 1, 2024 | Last Updated: January 15, 2024

Table of Contents
1. Introduction 2. Information We Collect 3. How We Use Your Information 4. Information Sharing 5. Data Retention 6. Data Security 7. Your Rights (GDPR/CCPA) 8. International Transfers 9. Children's Privacy 10. Cookies & Tracking 11. Third-Party Services 12. Changes to This Policy 13. Contact Us

1. Introduction

Las Vegas Mushrooms, LLC, doing business as StaxxLogix ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the CollectLogix platform, including our website (collectlogix.com), mobile applications, and related services (collectively, the "Service").

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password (hashed), phone number (optional)
  • Profile Information: Avatar, timezone, locale, currency preferences
  • Billing Information: Payment card details (processed by Stripe), billing address, company name (if applicable)
  • Collection Data: Item descriptions, images, valuations, notes, grading information
  • Communications: Support tickets, feedback, survey responses

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, unique device identifiers
  • Usage Data: Pages viewed, features used, time spent, click patterns
  • Log Data: IP address, access times, referring URLs, error logs
  • Location Data: Approximate location based on IP address (not precise GPS)
  • Session Information: Login times, session duration, device fingerprints

2.3 Information from Third Parties

  • Payment Processors: Transaction status, payment confirmation from Stripe
  • Grading Services: Certification verification data from PCGS, NGC, PSA, etc.
  • Authentication Providers: If using social login (not currently offered)

2.4 Images and AI Processing

When you use our AI identification feature:

  • Images are processed using Google Gemini AI services
  • Images may be temporarily stored for processing
  • AI results are stored in your account
  • Images are not used to train AI models without explicit consent

3. How We Use Your Information

We use collected information to:

3.1 Provide and Improve the Service

  • Create and manage your account
  • Process transactions and send billing confirmations
  • Enable core functionality (collections, items, pricing)
  • Provide AI identification services
  • Synchronize data across devices
  • Improve and optimize the Service

3.2 Communication

  • Send service-related notifications (password resets, security alerts)
  • Respond to support requests
  • Send marketing communications (with consent)
  • Notify you of updates to Terms or Privacy Policy

3.3 Security and Fraud Prevention

  • Detect and prevent fraudulent activity
  • Monitor for security threats
  • Enforce our Terms of Service
  • Comply with legal obligations

3.4 Analytics and Research

  • Analyze usage patterns to improve features
  • Conduct aggregated, anonymized research
  • Generate internal business reports

4. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share data with trusted third parties who assist in operating our Service:

  • Stripe: Payment processing
  • Google Cloud: AI processing, cloud infrastructure
  • SendGrid: Transactional email
  • Firebase: Push notifications, mobile analytics
  • Hosting Providers: Cloud infrastructure

These providers are contractually obligated to protect your data.

4.2 Third-Party Integrations

When you connect to third-party services (eBay, grading services), information may be shared as necessary for the integration. Each third-party has its own privacy policy.

4.3 Legal Requirements

We may disclose information if required by law or if we believe disclosure is necessary to:

  • Comply with legal process or government requests
  • Protect our rights, privacy, safety, or property
  • Prevent fraud or security issues
  • Enforce our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify you for research, marketing, or other purposes.

5. Data Retention

We retain your information as follows:

  • Active Account Data: Retained while your account is active
  • Deleted Account Data: Deleted within 90 days of account termination, except as required for legal compliance
  • Billing Records: Retained for 7 years for tax and legal purposes
  • Security Logs: Retained for 2 years
  • Support Communications: Retained for 3 years

6. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Password Hashing: Bcrypt with appropriate cost factors
  • Access Controls: Role-based access, principle of least privilege
  • Security Audits: Regular vulnerability assessments
  • Incident Response: Documented procedures for security incidents

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

7.1 Rights for All Users

You have the right to:

  • Access and download your personal data
  • Correct inaccurate information
  • Delete your account and associated data
  • Opt-out of marketing communications
  • Manage cookie preferences

7.2 GDPR Rights (European Economic Area)

If you are in the EEA, you have additional rights under GDPR:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing: We process your data based on: (a) contract performance, (b) legitimate interests, (c) legal obligations, and (d) consent where applicable.

7.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the CCPA:

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of exercising your rights

Categories of Information Collected: Identifiers, commercial information, internet activity, geolocation data, and inferences drawn from the above.

7.4 Exercising Your Rights

To exercise your rights, you can:

  • Use the data export/delete features in Account Settings
  • Email us at privacy@collectlogix.com
  • Submit a request through our Help Center

We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing requests.

8. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, please be aware that data protection laws may differ from your country.

For EEA users, we implement appropriate safeguards for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with sub-processors

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@collectlogix.com.

10. Cookies & Tracking Technologies

10.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Functional Cookies: Remember your preferences (language, timezone)
  • Analytics Cookies: Help us understand how you use the Service
  • Marketing Cookies: Used to deliver relevant advertisements (only with consent)

10.2 Managing Cookies

You can manage cookie preferences through:

  • Our cookie consent banner
  • Your browser settings
  • Account settings

Note: Disabling essential cookies may impair Service functionality.

10.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals as there is no industry standard for compliance.

11. Third-Party Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

Third-party services we integrate with include:

12. Changes to This Policy

We may update this Privacy Policy at any time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights:

StaxxLogix
Attn: Privacy Officer
Email: privacy@collectlogix.com
Website: www.collectlogix.com/privacy

For GDPR-related inquiries, you may also contact your local data protection authority.

Summary: We collect information to provide and improve CollectLogix. We don't sell your data. You have rights to access, correct, and delete your information. We use industry-standard security measures to protect your data.