Privacy Policy

This Privacy Policy describes how [COLLECTOR NATION LEGAL ENTITY NAME, LLC] ("Collector Nation," "we," or "us") collects, uses, shares, and protects personal information when you use our websites, mobile applications, and APIs (collectively, the "Services").

1. Information we collect

1.1 Information you provide

• Account basics — when you sign in via our identity provider (currently Clerk, Inc.), we receive your email address, a stable user ID, and, if you connect a third-party login, the identifier returned by that provider. We do not see or store your password.
• Profile information — any display name, handle, or creator-claim information you voluntarily provide.
• Takedown and creator-rights requests — when you submit a takedown under our DMCA policy, we collect the information required by law: your name, contact info, a description of the allegedly infringing material, and your statements under penalty of perjury.

1.2 Information generated as you use the Services

• Engagement events — impressions (which cards you scroll past), clicks, plays, follows, saves, and search queries. We use these to rank the feed and improve recommendations.
• Device and log data — IP address, user agent, approximate location (country/region, derived from IP), referrer, and timestamps. Used for security, rate-limiting, and troubleshooting.
• Cookies and similar technologies — a session cookie set by Clerk keeps you signed in; a small number of first-party cookies remember your preferences. We do not use third-party advertising cookies. See Section 6.

1.3 Information from third parties

• Creator metadata — when we index content from YouTube, TikTok, Instagram, or Facebook, we retrieve publicly available metadata (channel name, title, thumbnail, description, published date) via each platform's official API.
• Platform embed telemetry — when you play an embedded video, the source platform may set its own cookies and collect its own telemetry on you. That data is governed by the source platform's privacy policy, not this one.

2. How we use information

We use the information described above to:

• Provide, maintain, and improve the Services.
• Personalize your feed and surface creators and content we expect you'll enjoy, based on signals you generate.
• Communicate with you about product updates, moderation actions on your account, and security alerts. (We do not currently send marketing email; if that changes, you will get a clear opt-in.)
• Detect and prevent abuse, fraud, and security incidents.
• Comply with legal obligations, including responding to valid legal process and honoring takedown requests.

3. What we do NOT do with your information

• We do not sell your personal information as the term is defined under the California Consumer Privacy Act (CCPA) or any other applicable law.
• We do not share your personal information with advertisers for behavioral targeting. Sponsor slots in the feed are inventory placements based on broad content topics — not on who you are or what you have saved.
• We do not build, buy, or use "shadow" profiles of logged-out users from third-party data brokers.
• We do not run ad SDKs from Facebook, Google, or other third-party networks on our app. The only third-party code that runs in your browser or device is what's required for the embedded-content players you choose to open (YouTube, TikTok, etc.), identity (Clerk), and error monitoring (Sentry).

4. How we share information

We share personal information only with the following categories of recipients, and only as needed to operate the Services:

• Infrastructure providers — Vercel (hosting), Railway or similar (API + database), Clerk (identity), Sentry (error monitoring). Each is bound by a data-processing agreement.
• Legal and safety recipients — law enforcement, courts, or rightsholders when we are required to do so by valid legal process, or when we reasonably believe disclosure is necessary to prevent fraud, abuse, or imminent harm.
• Business-transaction counterparties — if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. You will be notified beforehand.

5. Data retention

We keep account information for as long as the account is active. If you delete your account, your personal information is removed or de-identified within 30 days, except for narrow records we must keep for legal, accounting, or fraud-prevention reasons (e.g., a takedown request you filed under the DMCA, which we must preserve for our safe-harbor compliance).

Aggregate engagement data (stripped of direct identifiers) may be retained indefinitely for product analytics.

6. Cookies and tracking

Collector Nation uses only the cookies required to operate the site:

• Session cookie (from Clerk) — keeps you signed in. Expires when you log out or the session times out.
• Preference cookies — remember display preferences (feed filter, last surface) for the life of the browser.

We do not use third-party advertising cookies and do not honor cross-site tracking requests from third parties. Your browser's Global Privacy Control (GPC) signal, where sent, is respected.

7. Your rights and choices

7.1 Access, correction, deletion

You can request access to, correction of, or deletion of your personal information at any time by emailing privacy@thecollectornation.com. We verify requests against the signed-in account before taking action.

7.2 California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, the categories of sources and recipients, and the business purposes for collection; to request deletion; to correct inaccurate information; and to opt out of "sale" or "sharing" for cross-context behavioral advertising. Collector Nation does not sell or share personal information as those terms are defined by the CPRA.

7.3 EEA / UK residents (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, you have the rights to access, rectify, erase, restrict processing of, and port your personal data, and to object to processing. Our legal basis for processing is (a) consent (which you can withdraw at any time), (b) the performance of our contract with you, or (c) our legitimate interests in operating a secure, personalized service. You may lodge a complaint with your local supervisory authority. Collector Nation does not currently have an EU establishment; our EU/UK representative (if required) is listed at privacy@thecollectornation.com.

8. Children's privacy

Collector Nation is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International transfers

Our primary infrastructure is located in the United States. If you access the Services from outside the US, you acknowledge that your information will be transferred to and processed in the US, which may have different data-protection rules than your home jurisdiction.

10. Security

We use industry-standard measures to protect personal information, including TLS-encrypted connections, hashed session tokens, audited secret storage, and principle-of-least-privilege access controls. No system is ever completely secure; if we become aware of a breach affecting your personal information, we will notify you as required by applicable law.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced on the site or by email at least 14 days before taking effect.

12. Contact

Privacy questions, rights requests, or complaints can be sent to privacy@thecollectornation.com or mailed to [COLLECTOR NATION LEGAL ENTITY NAME, LLC], Attn: Privacy, [MAILING ADDRESS].

Counsel review pending. This draft is a starting point produced by the engineering team. Have a privacy attorney review before relying on it in production, especially the GDPR/UK sections if you plan to take EU/UK traffic.