This Privacy Policy explains how ListPop collects, uses, stores, and protects your personal information.
1. Data Controller
The data controller is:
ListPop Ltd
(registered address to be added upon incorporation)
Email: privacy@listpop.io
2. Information We Collect
Account Information
When you create an account, we may collect: full name; email address; password (stored only in hashed form); country information.
Vinted Listing Data
To provide the Service, the extension may access listing titles, descriptions, prices, category information, condition details, brand details, size information, listing photo URLs, Vinted listing IDs, and Vinted usernames.
Usage and Schedule Data
We collect relist schedules, relist activity logs, subscription information, and billing cycle information.
Payment Information
Payment processing is handled by Stripe. ListPop does not receive or store card numbers, security codes, or banking credentials. We receive only information necessary to manage subscriptions, such as Stripe customer ID, subscription status, and transaction status.
Technical Information
We may collect IP address, browser type, browser version, extension version, device information, error reports, and security logs.
Cookies
Our dashboard uses essential session cookies, security cookies, and preference cookies. We do not use advertising cookies. A cookie consent mechanism is provided where legally required.
3. Information We Do Not Collect
ListPop does not collect or store Vinted passwords, Vinted login credentials, Vinted session tokens, data relating to other Vinted users, or listing image files themselves. Vinted session information remains within your browser and is not transmitted to our servers.
4. Legal Bases for Processing
| Data Category | Legal Basis |
|---|---|
| Account information | Contract |
| Listing information | Contract |
| Schedule data | Contract |
| Subscription management | Contract |
| Payment records | Contract and legal obligation |
| Security logs | Legitimate interests |
| Error reporting | Legitimate interests |
| Marketing emails | Consent |
5. How We Use Your Information
We use personal data to provide the Service, operate relisting functions, manage subscriptions, process billing, send service communications, provide customer support, improve system reliability, detect abuse and fraud, maintain security, and comply with legal obligations.
We do not sell personal data, rent personal data, use personal data for advertising, or share listing content except where necessary to operate the Service.
6. Marketing Communications
Where you opt in, we may send product updates, feature announcements, newsletters, and promotional communications. You may withdraw consent at any time using the unsubscribe link or by contacting us.
7. Sharing Data with Third Parties
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Supabase or Railway | Hosting and database services |
| Resend or Postmark | Transactional emails |
| Google Chrome Web Store | Extension distribution |
All processors are required to protect personal data and process it only under our instructions.
8. International Transfers
Some providers may process data outside the UK or European Economic Area. Where transfers occur, we rely on legally approved safeguards including UK International Data Transfer Agreements (IDTAs), UK adequacy regulations, and/or EU Standard Contractual Clauses (SCCs).
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Active account plus 30 days after closure |
| Relist logs | 12 months |
| Payment records | 7 years |
| Technical logs | 90 days |
| Marketing records | Duration of consent plus 3 years |
10. Your Rights
You may have the right to access your data, correct inaccurate data, delete personal data, restrict processing, object to processing, request portability of your data, and withdraw consent.
Requests should be sent to: privacy@listpop.io
We normally respond within 30 days. Complex requests may take longer where permitted by law.
11. Automated Decision-Making
ListPop does not make automated decisions that produce legal or similarly significant effects on users.
12. Security
We use appropriate technical and organisational measures, including HTTPS/TLS encryption, restricted access controls, password hashing, monitoring and logging, secure hosting infrastructure, and security review procedures. Vinted session tokens are never transmitted to ListPop servers.
13. Data Breaches
Where required by law, we will notify relevant supervisory authorities and affected users following a personal data breach.
14. Children's Privacy
The Service is not intended for anyone under 18 years old. If we learn that personal data has been collected from a person under 18, we will delete the information and close the account.
15. Complaints
UK Users
You may complain to the Information Commissioner's Office.
EU Users
You may also complain to your local data protection authority. Examples include:
- Commission Nationale de l'Informatique et des Libertés (France)
- Garante per la protezione dei dati personali (Italy)
- Federal Commissioner for Data Protection and Freedom of Information (Germany)
16. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified by email at least 14 days before they take effect. The latest version will always be available at listpop.io/privacy.