Legal
Privacy Policy
Last updated: 1 March 2026
CollectIt (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and your rights under UK GDPR and the Data Protection Act 2018.
Who we are
CollectIt is operated by CollectitApp, reachable at support@collectitapp.com.
1. Data we hold and why
(a) Shop accounts (studio owners and staff)
When you create a CollectIt account we collect your name, email address, and billing information. We use this to provide the service and process your subscription. The legal basis is performance of a contract.
(b) Your customers' data
CollectIt provides tools that allow you to collect information from your own customers — including their name, email address, phone number, collection preferences, and photos of their items. You are the data controller for this information; we process it on your behalf as a data processor. You are responsible for ensuring you have a lawful basis to collect it and that your own customers are aware of how it is used.
(c) Payment data
Subscription payments are processed by Stripe. We do not store card numbers or full payment details on our systems. Stripe's privacy policy applies to data they handle: stripe.com/gb/privacy.
(d) Usage and technical data
We collect standard server logs (IP addresses, browser type, pages visited) for security and to diagnose problems. This data is not sold or used for advertising.
2. Who we share data with
We use the following third-party services to operate CollectIt. Each acts as a data processor under our instructions:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU / US |
| Resend | Transactional email delivery | US |
| Vercel | Application hosting | US |
| Stripe | Subscription billing | US |
| Cloudflare | DNS and content delivery | US |
Where data is transferred outside the UK, we rely on standard contractual clauses or adequacy decisions. We do not sell personal data to third parties.
3. How long we keep data
Account data kept for as long as your subscription is active, plus 90 days after cancellation to allow for reactivation.
Customer records you create within CollectIt are kept until you delete them or close your account.
Payment records are retained for 7 years as required by UK tax law.
4. Your rights
Under UK GDPR you have the right to:
Access the personal data we hold about you
Correct inaccurate data
Erase your data ("right to be forgotten")
Restrict or object to certain processing
Portability — receive your data in a machine-readable format
To exercise any of these rights, email us at support@collectitapp.com. We will respond within 30 days.
If you are unhappy with how we handle your data you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
5. Cookies
CollectIt uses only essential cookies required for authentication (keeping you logged in). We do not use tracking or advertising cookies.
6. Changes to this policy
We may update this policy from time to time. We will notify account holders of significant changes by email. The date at the top of this page shows when it was last updated.
7. Contact
For any privacy-related questions: support@collectitapp.com