Privacy Notice

1. Introduction

The Mini Exchange ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you use our platform (the "Platform"). By using the Platform, you consent to the practices described in this Privacy Notice.

2. Information We Collect

2.1 Information You Voluntarily Provide

We collect information that you voluntarily provide when using the Platform:

• Account and Contact Information: Email address, display name, location, bio, profile photo
• Listing Information: Vehicle details, photos, descriptions, pricing, mileage, condition, modifications, heritage certificates, other Classic Mini specifications, and structured location data (city, state/province, country, postal code, and geographic coordinates for map display)
• Communications: Messages sent through our messaging system, comments posted on listings, and correspondence with us
• Payment Information: Payment card details processed securely through Stripe for the premium listing tier ($10)
• Preferences: Email notification preferences, theme settings, preferred currency for price display, watchlist items
• Contact Form Information: Name, email address, and message content submitted through our Contact Seller or general Contact Us forms. This information is used to relay your inquiry and is not stored in our database beyond the resulting email delivery.

2.2 Automatically Collected Information

We automatically collect certain information when you use the Platform through cookies, web beacons, and similar tracking technologies:

• Device Information: IP address, browser type and version, device type, operating system, unique device identifiers
• Usage Data: Pages viewed, listings browsed, search queries, features used, time spent on the Platform, click patterns, and navigation paths
• Log Data: Access times, error logs, referring URLs, exit pages
• Performance Data: Page load times, server response times, technical errors

2.3 Cookies, Local Storage, and Tracking Technologies

We use the following types of cookies, browser storage, and similar technologies:

• Essential Cookies: Required for authentication, security, and core Platform functionality
• Preference Cookies: Remember your settings such as dark mode preferences
• Analytics Cookies: Help us understand how users interact with the Platform to improve our services
• Browser Local Storage: We use your browser's localStorage to persist theme preferences (light/dark mode), currency display preference, and authentication session tokens. This data remains on your device and is not transmitted to our servers.

You can control cookies through your browser settings. Disabling essential cookies may affect Platform functionality, including your ability to log in and maintain your session. Clearing your browser's localStorage will reset your theme and currency preferences.

2.4 Information from Third Parties

We may receive information from third-party service providers:

• Supabase: Authentication data, database services
• Stripe: Payment processing data for premium listing features (card type, last 4 digits, expiration date, transaction status). We never store complete payment card numbers.
• Resend: Email delivery status and engagement data
• PostHog: Product analytics and usage data to help us understand how users interact with the Platform and improve our services
• Mapbox: Geocoding and location services for converting listing locations into geographic coordinates for map display
• Google Fonts: Typeface delivery for Platform typography. Google may collect basic usage data such as your IP address when fonts are loaded.
• Exchange Rate API: Currency conversion rates for displaying listing prices in your preferred currency. No personal data is shared with this service.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Platform Operation and Service Delivery

• Providing, operating, and maintaining the Platform
• Creating and managing your account
• Processing, displaying, and featuring your listings according to your selected tier
• Facilitating communication between buyers and sellers through our messaging system
• Processing payments for premium listing tiers through Stripe
• Enabling watchlist and notification features
• Moderating content, comments, and messages for compliance with our guidelines
• Sending transactional emails (listing status updates, message notifications, payment receipts)

3.2 Platform Improvement and Analytics

• Analyzing usage patterns and user behavior to improve features and user experience
• Conducting research, testing, and analytics
• Developing new features and services
• Measuring Platform performance and effectiveness
• Troubleshooting technical issues and debugging

3.3 Safety, Security, and Fraud Prevention

• Detecting, preventing, and investigating fraud, abuse, or violations of our Terms of Service
• Protecting the rights, property, and safety of The Mini Exchange, our users, and the public
• Implementing rate limiting and security measures to prevent spam and automated abuse
• Enforcing our policies and legal agreements
• Responding to legal requests and preventing illegal activity

3.4 Communications and Marketing

• Sending you email notifications based on your preferences (new messages, listing comments, watchlist updates)
• Responding to your inquiries and providing customer support
• Sending administrative messages about account or Platform changes
• Providing information about new features or services (you can opt out of promotional emails but not transactional emails)

3.5 Payment Processing

Payment card information is collected and processed exclusively by Stripe, our third-party payment processor. We use payment information solely for processing transactions for the premium listing tier ($10) and fraud prevention. We never use payment card information for marketing or advertising purposes.

4. How We Share Your Information

4.1 Public Information

The following information is publicly visible to anyone who accesses the Platform, including search engines:

• Your display name and profile photo
• Your location (if provided)
• Your bio and profile description (if provided)
• Your active and sold listings, including all photos and vehicle details
• Your public comments on listings
• Timestamps for listing creation, updates, and comments
• Listing data included in our public RSS, Atom, and JSON feeds (listing title, description, photos, seller display name, and creation date)

4.2 Information Shared with Transaction Participants

When you engage with other users on the Platform:

• Sellers: When you message a seller about their listing, they can see your display name, profile information, and message content
• Buyers: When a buyer messages you about your listing, you can see their display name, profile information, and message content
• Messages are private and only visible to conversation participants

4.3 Information That Remains Private

The following information is NOT publicly visible and is not shared with other users:

• Your email address (unless you explicitly choose to share it in messages)
• Your private messages and conversations
• Your watchlist and saved listings
• Your notification preferences and settings
• Your payment information (handled exclusively by Stripe)
• Your IP address and technical data

4.4 Third-Party Service Providers

We share information with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the specific purposes we authorize:

• Supabase: Database hosting, authentication, and file storage services
• Vercel: Platform hosting and content delivery
• Stripe: Payment processing for premium listing tiers. Stripe processes payment information according to their own privacy policy and PCI-DSS security standards
• Resend: Transactional email delivery for notifications, welcome emails, and system messages
• PostHog: Product analytics for understanding user behavior and improving Platform features
• Mapbox: Geocoding services for converting listing locations into geographic coordinates
• Google Fonts: Web font delivery for Platform typography

4.5 Business Transfers

If The Mini Exchange is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any such change in ownership or control.

4.6 Legal Requirements and Protection

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or other valid legal processes
• Respond to claims that content violates the rights of third parties
• Enforce our Terms of Service and other policies
• Protect the rights, property, or safety of The Mini Exchange, our users, or the public
• Detect, prevent, or investigate fraud, security breaches, or illegal activity

4.7 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as when you choose to link your account to external services.

4.8 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not engage in cross-site tracking for advertising purposes or share your information with advertising networks.

5. Data Retention

We retain your information for as long as necessary to provide the Platform, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Data: Retained while your account is active and for 30 days after account deletion to allow for account recovery
• Active Listings: Retained while listed and for 90 days after expiration or cancellation
• Sold Listings: Archived publicly as historical reference for market data and Classic Mini heritage documentation
• Messages and Comments: Retained while your account is active; deleted 30 days after account deletion
• Payment Records: Retained for 7 years to comply with financial record-keeping requirements
• Log Data and Analytics: Typically retained for 90 days, though aggregated and anonymized data may be retained indefinitely for analytics
• Legal Hold Data: Information subject to legal proceedings, government requests, or investigations may be retained until the matter is resolved

After the applicable retention period, we securely delete or anonymize your personal information. Some information may remain in backup systems for up to 30 additional days.

6. Your Rights and Choices

6.1 Access and Update Your Information

You have the right to access and update your personal information through the Platform:

• View and edit your profile information, display name, bio, and location
• Manage your active listings, photos, and descriptions
• Review your messages and comments
• View your watchlist

6.2 Email Communication Preferences

You can control which email notifications you receive by updating your notification preferences in Settings. Available options include:

• New message notifications
• Listing comment notifications
• Watchlist updates (price changes, status changes)
• Weekly digest of new listings and Platform activity
• Platform updates and feature announcements

Note: You cannot opt out of essential transactional emails, including account security notifications, payment receipts, and important Platform changes that affect your account.

6.3 Cookie Control

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However:

• Disabling essential cookies will prevent you from logging in and using core Platform features
• Disabling preference cookies will reset your settings (such as dark mode) on each visit
• You can typically block third-party cookies while still allowing first-party cookies necessary for Platform operation

6.4 Delete Your Account and Data

You have the right to request deletion of your account and associated personal data. To delete your account, contact us at hello@theminiexchange.com with your account email address.

When you delete your account:

• Your profile, bio, and contact information will be permanently deleted
• Your active and expired listings will be removed from public view
• Your private messages will be deleted
• Your comments may remain visible but will be anonymized (attributed to "Deleted User")
• Sold listings may remain in the public archive for market history purposes but will be disassociated from your account

Note: Some information may be retained as required by law, for legitimate business purposes (such as fraud prevention), or as described in our Data Retention policy above.

6.5 Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format. To request your data, contact us at hello@theminiexchange.com.

6.6 Correct Inaccurate Information

You have the right to request correction of inaccurate personal information. Most information can be updated directly through your account settings. For assistance, contact us at hello@theminiexchange.com.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction:

• Encryption in Transit: All data transmitted to and from the Platform uses HTTPS/TLS encryption
• Encryption at Rest: Database and file storage are encrypted using AES-256 encryption
• Secure Authentication: Passwordless magic link authentication eliminates password-related vulnerabilities. No passwords are stored.
• Access Controls: Strict access controls limit who can access personal data. Service accounts use principle of least privilege.
• Rate Limiting: Automated abuse prevention through rate limiting on messages, comments, and API endpoints
• Input Sanitization: All user-generated content is sanitized to prevent XSS and injection attacks
• Security Monitoring: Continuous monitoring for suspicious activity and security threats
• Regular Updates: Security patches and updates applied promptly
• Third-Party Security: Payment processing through Stripe meets PCI-DSS Level 1 compliance standards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we implement reasonable security measures, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and should notify us immediately of any unauthorized access.

8. Children's Privacy

The Platform is not intended for, and we do not knowingly collect personal information from, individuals under 18 years of age. We do not knowingly solicit or collect information from children. If we become aware that a user is under 18, we will promptly delete their account and all associated personal information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@theminiexchange.com so we can delete the information.

9. International Users and Data Transfers

The Platform is operated from and hosted in the United States. If you access the Platform from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

The data protection laws in the United States and other countries may differ from the laws in your country of residence. By using the Platform, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this Privacy Notice.

We take steps to ensure that your information receives an adequate level of protection in accordance with applicable data protection laws.

10. State-Specific Privacy Rights

10.1 California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information we have collected from you
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information. Note: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information beyond what is necessary to provide our services
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, email us at hello@theminiexchange.com with "California Privacy Request" in the subject line. We will verify your identity before processing your request.

10.2 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights to those described above. To exercise your rights, contact us at hello@theminiexchange.com.

10.3 Nevada Residents

Nevada residents have the right to opt-out of the sale of certain covered information. We do not sell your personal information as defined under Nevada law. If you have questions, contact us at hello@theminiexchange.com.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this Privacy Notice
• Post the revised Privacy Notice on this page
• For material changes, we may notify you via email or through a prominent notice on the Platform before the changes take effect

Your continued use of the Platform after changes are posted constitutes your acceptance of the revised Privacy Notice. We encourage you to review this Privacy Notice periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or our privacy practices, please contact us at:

Email:hello@theminiexchange.com

Subject Line: Privacy Inquiry

We will respond to your inquiry within 30 days.