3.1 Information You Provide Directly

3.2 Information Collected Automatically

When you use Museum App, we automatically collect certain technical and usage information:

3.3 Information from Third Parties

3.4 Special Categories of Personal Data and Sensitive Data

Museum App does NOT intentionally request or collect special categories of personal data in accordance with GDPR/UK GDPR (racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, genetic or biometric data).

We expressly prohibit users from uploading, posting or processing through the Service any content containing:

• Biometric data (facial recognition, fingerprints, iris scans, facial geometry, etc.) without adequate legal basis and explicit consent
• Special categories of personal data from third parties
• Medical, financial or minors' information without authorization

Content that violates this prohibition may be removed without prior notice, and the responsible account may be suspended or permanently deleted. For more information, see our Terms and Conditions.

4.1 Service Provision and Management

• Create, manage and authenticate your user account
• Enable publication, editing and management of collectibles, posts and virtual museums
• Enable social features: follow users, like, comment, save content, share posts, create reposts
• Real-time private messaging (1-to-1 chat) via WebSocket/Socket.io
• Manage collectible search/wishlist lists
• Personalize your experience according to your preferences (language, theme, currency, formats)
• Remember your privacy and account settings

4.2 Security and Protection

• Secure authentication and prevention of unauthorized access
• Detection and prevention of fraud, spam, abuse and malicious activity
• Content moderation and user report review
• Protect the integrity and security of the platform
• Send security notifications via email: new devices detected, password changes, email address changes, suspicious access attempts
• Maintain audit logs (LoginHistory, sensitive data changes) for security investigations

4.3 Product Improvement and Development

• Aggregated analytics and usage statistics (without individual identification)
• Technical bug fixes and performance improvements
• A/B testing to optimize features
• Development of new features and improvements
• Research and analysis of collecting trends

4.4 Communications

• <strong>Transactional communications (mandatory):</strong> registration confirmations, password reset, account change notifications, security alerts, payment confirmations
• <strong>Service notifications:</strong> social activity (new followers, likes, comments, mentions, private messages), saved content updates
• <strong>Technical support:</strong> query responses and assistance
• <strong>Important notices:</strong> changes to Terms and Conditions, Privacy Policy, scheduled maintenance
• <strong>Marketing communications (optional, with opt-in):</strong> newsletters, product news, promotions, educational collecting content

4.5 Billing and Subscriptions

• Process Premium and Premium Max subscription payments
• Manage automatic renewals, upgrades, downgrades and cancellations
• Issue invoices and electronic receipts
• Provide billing and payment support
• Comply with tax and accounting obligations

4.6 Special Tools and Features

• <strong>Collection value calculator:</strong> estimate total collection value based on data you provide (not constituting professional appraisal)
• <strong>Lot price calculator:</strong> calculate price paid for item lots
• <strong>Content metrics:</strong> post and collectible views, viewing duration, engagement
• <strong>Recommendations:</strong> suggest relevant users, categories or content based on your interests

4.7 Advertising (web and mobile applications)

Museum App may display advertising through networks such as Google AdSense (web) and Google AdMob (mobile applications). Advertising availability may vary depending on your geographic location and account settings. When advertising is active in your region:

• In the EU/EEA and United Kingdom: We request your explicit consent before using non-essential cookies/SDKs or personalizing ads. If you do not give consent, we show non-personalized ads and apply Limited Ads when appropriate
• In the United States: We respect privacy signals such as Global Privacy Platform (GPP) and Global Privacy Control (GPC), and offer opt-out controls for "sale/sharing" where state laws apply (CCPA/CPRA, Virginia, Colorado, Connecticut, Texas)
• We use a Consent Management Platform (CMP) compatible with IAB TCF 2.2 standards to manage your advertising and cookie preferences
• We offer contextual (non-personalized) ads as an alternative when you do not consent to personalized advertising
• Full details about partner categories, advertising purposes and cookie durations are available in our Cookie Policy

Legal basis in EEA/United Kingdom: The legal basis for using advertising cookies/SDKs and personalized ads is your consent (art. 6.1.a GDPR). If you deny or withdraw it, we will only serve non-personalized ads and limit identifiers according to Limited Ads policies.

4.8 Legal Compliance

• Comply with valid requests from competent authorities
• Defend our legal rights in judicial or administrative proceedings
• Enforce our Terms and Conditions
• Prevent illegal or harmful activities

4.9 Analysis and Predictive Tools (Future)

In the future, Museum App may develop market analysis and value prediction tools using completely anonymized collectible pricing data.

• Market value estimates for similar collectibles
• Historical price trends in the collectibles market
• Predictive tools based on aggregated market data
• All such analysis would be performed exclusively with completely anonymized data, with no possibility of identifying individual users or collectibles

5.1 Consent

We obtain your explicit and informed consent for:

• Non-essential cookies and personalized advertising (via TCF 2.2 compliant CMP)
• Marketing communications by email (you can unsubscribe at any time)
• Sharing data with certain third parties outside strictly operational scope

5.2 Contract Performance

Processing is necessary to fulfill the contract you have with us (Terms and Conditions):

• Create and manage your account
• Provide service features (posts, collectibles, museums, chat, search lists)
• Process subscriptions and payments
• Provide technical support

5.3 Legal Obligation

Processing is necessary to comply with applicable legal obligations:

• Retention of financial and billing data for legal periods (e.g., 7 years)
• Response to legitimate requests from competent authorities
• Compliance with tax and accounting regulations

5.4 Vital Interests

In exceptional cases, we may process data to protect the life or physical integrity of a person.

5.5 Legitimate Interests

Processing is necessary for our legitimate interests, provided your rights and freedoms do not override:

• Platform security and fraud/abuse prevention
• Content moderation and policy enforcement
• Non-intrusive aggregated analytics to improve the product
• Technical error detection and performance improvement
• Personalized advertising (when implemented)
• Marketing communications (newsletters, promotions)
• Certain mobile device permissions (camera, photo gallery, push notifications)
• Use of precise location data (if requested in the future)

6.1 Service Providers (data processors)

We share data with third parties that provide services on our behalf, under contracts that oblige them to protect your data and use it only for specified purposes:

• Hosting and infrastructure: Digital Ocean (servers and web hosting)
• CDN (Content Delivery Network): Cloudflare (global static content distribution, DDoS protection)
• Payment processing: Stripe Inc. (secure credit card processing, subscription management, billing)
• Transactional email: Amazon Simple Email Service (Amazon Web Services Inc., USA) — sending verification emails, security notifications, invoices, support
• Transactional email fallback: Resend (Resend Inc., USA) — used only when AWS SES is temporarily unavailable, so verification and security emails still reach you. Same data scope as the primary path: recipient address and the contents of the message we send.
• Authentication: NextAuth (session management), Google OAuth (Google login), and Apple Sign-In (Apple ID login)
• Real-time chat: Socket.io (WebSocket self-hosted on our servers, no third-party transfer)
• Image processing: Sharp (local image processing on our servers, no external transfer)
• Geolocation: MaxMind GeoLite2 (local IP-to-location lookup; the GeoLite2 database is downloaded periodically from MaxMind, Inc., USA — IP addresses are not transferred per request)
• Crash reporting and APM: Sentry (Functional Software Inc., USA) — capture of mobile app errors and performance metrics. Authorization headers, JWTs and sensitive query parameters are redacted before transmission; users are identified only by numeric user ID, never by username or email.

6.2 Advertising Networks and Measurement

When advertising is enabled in your region, we may share information with advertising networks (such as Google AdSense, Google AdMob) in accordance with your consent preferences and applicable laws. Shared information may include:

• Device or advertising identifiers (ad IDs, advertising cookies)
• Browsing and usage data (pages visited, interactions, app events), always with regional privacy controls
• Impression, click, conversion and advertising performance metrics
• Approximate demographic information (age, gender, general location) when you have given consent

In the EU/EEA and United Kingdom, this sharing only occurs after obtaining your explicit consent through our CMP. In the United States, we automatically recognize opt-out signals (GPC/GPP) and comply with applicable state laws.

Note for residents of certain U.S. states: Some state laws (CCPA/CPRA California, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA) may consider this sharing as "sale" or "sharing for behavioral advertising". We offer opt-out controls through browser privacy signals (GPC/GPP) and from your account settings (Settings → Privacy → Advertising preferences). For more information, see Section 14 of this Policy.

6.3 Legal Authorities and Regulatory Compliance

We may disclose your personal data when required by law or when we believe in good faith that it is necessary to:

• Comply with court orders, subpoenas, valid government requests
• Enforce our Terms and Conditions
• Protect our rights, property or security, as well as those of our users or the public
• Prevent fraud, abuse or illegal activities
• Cooperate with law enforcement investigations

6.4 Corporate Transfers

In the event of a merger, acquisition, asset sale or corporate restructuring, your personal data may be transferred to the successor entity. We will notify you through prominent notice before your data is transferred and subject to a different Privacy Policy.

8.1 Active Account

While your account remains active and you use the service, we retain your personal data to provide you the service.

8.2 Deleted Content or Closed Account

• Operational deletion: Data is deleted from our production systems within approximately 90 days from content deletion or account closure
• Backups: Data may remain in automatic backup copies for an additional period of up to 90 days, after which it is permanently purged
• Exceptions: We may retain certain data longer if:

• It is necessary to comply with legal obligations (invoices, tax records)
• There is a pending legal dispute or resolution procedure
• They are necessary for security, fraud or abuse investigations
• You have specifically requested their retention

8.3 Billing and Transaction Data

Invoices, receipts, payment history and subscription-related data: 5 to 10 years, as required by applicable tax and accounting laws (IRS in the United States, local regulations in other countries).

8.4 Security and Audit Logs

• Login history (LoginHistory): 12 to 24 months
• Access logs and security events: 12 months
• Records of changes to sensitive data (email, password, username): 24 months

8.5 Consent Records and Privacy Preferences

We retain consent status, opt-out and privacy preferences (CMP signals, TCF 2.2 strings, GPP/GPC, cookie choices, advertising preferences) for 24 months or the minimum period required by law, whichever is greater. This retention allows us to comply with advertising network audit requirements and demonstrate valid consent when legally required.

8.6 Retention Criteria

To determine the appropriate retention period, we consider:

• The nature and sensitivity of the data
• The potential risk of harm from unauthorized use or disclosure
• The purposes of processing
• Whether we can fulfill the purposes through other less invasive means
• Applicable legal, regulatory, tax or accounting obligations

You can request detailed information about our criteria and specific retention periods by sending an email to [email protected].

9.1 Technical Measures

• Encryption: Data in transit via HTTPS/TLS; passwords stored with bcrypt cryptographic hash (never in plain text)
• Secure authentication: Secure session tokens managed by NextAuth, support for two-factor authentication (future)
• Access control: Role-based access, principle of least privilege
• Security monitoring: Detection of unauthorized access, intrusion attempts, suspicious activity
• Backups: Regular automatic backups with encryption and secure storage
• Environment segregation: Separation between production, development and testing
• DDoS protection: Cloudflare for denial of service attack mitigation

9.2 Organizational Measures

• Security and data protection policies
• Staff training and awareness
• Confidentiality agreements with employees and providers
• Security audits and periodic reviews
• Security incident response plan

9.3 Limitations

Despite our efforts, no security system is completely infallible. We cannot guarantee that our systems are invulnerable to all types of cyber attacks, hacking or unauthorized access.

9.4 Security Breach Notification

In the event of a security breach affecting personal data, Museum App will comply with all notification obligations established by applicable laws:

• GDPR/UK GDPR: Notification to the supervisory authority within 72 hours; communication to affected individuals without undue delay when there is high risk
• U.S. state laws: Notification to affected residents according to each state's deadlines
• We will provide information about the nature of the breach, affected data, measures taken and steps you can take to protect yourself

9.5 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your password and access credentials
• Not sharing your account with third parties
• Notifying us immediately of any unauthorized use of your account by sending an email to [email protected]
• Using strong passwords (minimum 8 characters, combination of letters, numbers and symbols)
• Keeping your device and browser software up to date

For more information about our liability limitations in case of security breaches, see Section 8 of our Terms and Conditions.

10.1 United States (COPPA)

Museum App does not allow the use of the service to users below the minimum age of digital consent in their jurisdiction — 13 years in most countries (in compliance with the Children's Online Privacy Protection Act, COPPA), and 16 years in the European Economic Area, United Kingdom, and Switzerland (in compliance with GDPR Article 8).

We do not intentionally collect personal information from children below this threshold. If we discover that we have collected data from such a user without verifiable parental consent, we will delete that information from our systems as soon as possible.

10.2 European Union and United Kingdom (GDPR/UK GDPR)

Local minimum ages for digital consent as provided by article 8 of GDPR/UK GDPR apply (between 13 and 16 years depending on the member country). When legally required, Museum App will implement reasonable mechanisms for verifying parental or legal guardian consent.

10.3 Advertising Targeted at Minors

Museum App does not use personalized ads or identifiers for behavioral targeting directed at users we know or reasonably infer to be minors.

We apply family-friendly content policies and targeting limitations in accordance with advertising network policies (Google AdSense/AdMob "Child-directed treatment").

10.4 If You Are a Parent or Legal Guardian

If you believe your minor child has provided personal data to Museum App without your consent, contact us immediately at [email protected]. We will take steps to delete that information as soon as possible.

• ✓ Access: Obtain a copy of your personal data
• ✓ Rectification: Correct inaccurate or incomplete data
• ✓ Deletion: Request deletion of your data (with certain legal exceptions)
• ✓ Portability: Receive your data in downloadable format
• ✓ Objection: Object to certain data processing
• ✓ Withdraw consent: Cancel previously granted consents
• ✓ Opt-out of advertising: Reject personalized advertising (when implemented)

12.1 From Your Account

Go to Settings → Privacy and Security to:

• View and edit your personal information
• Download your data: Request a complete export including posts, collectibles, messages, comments, activity history, and more (see detailed process below)
• Delete your account permanently
• Manage preferences for privacy, cookies and notifications

12.2 By Email

For special requests (correction of specific data, partial deletion, portability to another service, etc.), send an email to [email protected] indicating:

• Your full name and username
• Email associated with your account
• Right you wish to exercise (access, rectification, deletion, portability, objection)
• Detailed description of your request

Response times: 30-45 days depending on your location (GDPR: 30 days; CCPA: 45 days). We will verify your identity via email code before processing sensitive requests.

12.3 Additional Rights

• Authorized agents: You can designate a legal representative to submit requests on your behalf (requires power of attorney)
• Appeals (U.S.): If we reject your request, you can appeal by writing to [email protected] with subject "Appeal". We will respond within 45 days, or the period required by applicable law
• Privacy signals: We recognize Global Privacy Control (GPC) and Global Privacy Platform (GPP) for automatic advertising opt-out

13.1 Opt-in (prior consent)

For users in the European Union, European Economic Area, United Kingdom and other jurisdictions that require it, we request your explicit consent (opt-in) before sending you marketing communications, such as:

• Newsletters with product news
• Special promotions and offers
• Educational collecting content
• Surveys and user feedback

13.2 Opt-out (unsubscribe)

You can unsubscribe from marketing communications at any time by:

• "Unsubscribe" link in each marketing email
• Account settings: Settings → Notifications → Disable "Promotional emails"
• Email: [email protected] with subject "Unsubscribe marketing"

13.3 Transactional Communications (non-cancelable)

Some communications are essential for service operation and cannot be cancelled while you maintain your active account:

• Registration confirmations and email verification
• Password reset
• Security notifications (new device, account changes)
• Payment confirmations and invoices
• Changes to Terms and Conditions or Privacy Policy
• Account closure or suspension notices

16.1 Notification of Changes

Minor changes: We update the "Last updated" date at the beginning of this Policy

Material changes: We will notify you by:

• Email to your registered address
• Prominent notification in the application (banner or pop-up)
• Notice on our website

16.2 Effective Date

Changes will take effect on the date indicated at the top of this Policy ("Last updated"). Your continued use of the service after the effective date constitutes your acceptance of the changes.

16.3 Version History

You can request previous versions of this Privacy Policy by sending an email to [email protected].

16.4 Third-Party Services - Geolocation

This site uses GeoLite2 Data created by MaxMind, available at https://www.maxmind.com. This service allows us to detect your country of origin to comply with applicable privacy regulations (GDPR, CCPA, LGPD).