1. Information We Collect
1.1 Account Data
When you create an account, we collect information you provide, including:
- Display name and email address
- Password (stored securely using industry-standard hashing)
- Profile information (bio, avatar, phone number if provided)
- Payment wallet addresses
1.2 Usage Data
We automatically collect certain information when you use the Platform:
- IP address and approximate geolocation
- Browser type, operating system, and device information
- Pages visited, features used, and time spent
- Referral source and search queries
- Bid history and transaction records
3. Data Sharing
We do not sell your personal data. We never have and never will sell your information to third parties for marketing or advertising purposes.
We may share information in limited circumstances:
- With transaction counterparties — Limited information shared between buyers and sellers as needed to complete transactions
- Service providers — Third parties who help us operate the Platform (payment processors, hosting providers, analytics)
- Legal requirements — When required by law, legal process, or governmental request
- Business transfers — In connection with a merger, acquisition, or sale of assets (with prior notice)
4. Data Security
We implement industry-standard security measures to protect your information:
- Encryption — All data transmitted to and from ExitBid.io is encrypted using TLS 1.3
- Secure storage — Sensitive data is encrypted at rest using AES-256
- Access controls — Strict internal access policies limit who can view user data
- Regular audits — We conduct periodic security reviews and vulnerability assessments
While we take extensive precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Cookies
ExitBid.io uses cookies and similar technologies for:
- Essential cookies — Required for authentication and basic Platform functionality
- Preference cookies — Remembering your settings and preferences
- Analytics cookies — Understanding how users interact with our Platform
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may impair Platform functionality.
6. Your Rights
You have the following rights regarding your personal data:
- Access — Request a copy of all personal data we hold about you
- Correction — Update or correct inaccurate information
- Deletion — Request deletion of your account and personal data (subject to legal retention requirements)
- Export — Receive your data in a portable, machine-readable format
- Opt-out — Unsubscribe from marketing communications at any time
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
6.1 California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following additional rights:
- Right to know — What personal information we collect, the sources, the business or commercial purpose for collection, and the third parties with whom we share it.
- Right to delete — Request deletion of personal information we have collected (subject to statutory exceptions).
- Right to correct — Request correction of inaccurate personal information.
- Right to opt-out of sale or sharing — ExitBid.io does not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of because we don't engage in this practice in the first place.
- Right to limit use of sensitive personal information — Request that we limit the use or disclosure of any sensitive personal information we collect.
- Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise your California rights, email [email protected] with the subject line "CCPA Request". We will verify your identity and respond within 45 days (extendable by 45 days with notice).
6.2 European Union & United Kingdom Residents (GDPR / UK GDPR)
Under the General Data Protection Regulation (GDPR) and the UK GDPR, residents of the European Economic Area, United Kingdom, and Switzerland have the following rights:
- Right of access — Obtain confirmation that we process your personal data and receive a copy.
- Right to rectification — Have inaccurate personal data corrected.
- Right to erasure ("right to be forgotten") — Request deletion of your personal data.
- Right to restriction of processing — Restrict how we use your data under certain conditions.
- Right to data portability — Receive your data in a structured, commonly used, machine-readable format.
- Right to object — Object to processing based on legitimate interests, including profiling for direct marketing.
- Rights in relation to automated decision-making — Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
- Right to lodge a complaint — File a complaint with your local supervisory authority if you believe your data is being handled unlawfully.
Legal basis for processing: We process personal data under the following GDPR bases — (a) performance of a contract (operating the Platform and processing transactions), (b) legitimate interests (fraud prevention, service improvement, security), (c) consent (marketing communications, where applicable), and (d) legal obligation (tax, regulatory, and law-enforcement requirements).
International transfers: Personal data may be processed in the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission.
To exercise your GDPR/UK GDPR rights, email [email protected] with the subject line "GDPR Request". We will respond within 30 days.