SneakValue Privacy Policy

Effective Date: January 23, 2025 Last Updated: January 23, 2025

1. INTRODUCTION

SneakValue ("we," "us," "our," "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SneakValue platform, website, mobile application, or API services (collectively, the "Service"). Please read this Privacy Policy carefully. By using our Service, you consent to the practices described in this Policy. If you do not agree with our practices, please do not use our Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration Data: - Email address - Full name - Password (encrypted) - Profile information (optional) - Google account information (if using Google OAuth) Collection and Portfolio Data: - Sneakers added to your collection - Portfolio values and tracking preferences - Custom collection names and notes - Wishlist items and saved searches Payment Information: - Billing address - Payment method details (processed by Stripe) - Subscription plan and billing history - Tax identification information (if required) Communications: - Support requests and correspondence - Feedback and survey responses - Email preferences and settings

2.2 Information Collected Automatically

Usage Data: - Search queries and results - Pages visited and features used - Time spent on different sections - Click patterns and navigation behavior - API usage statistics and patterns Technical Information: - IP address and geolocation data - Device type, operating system, browser information - Screen resolution and device capabilities - Unique device identifiers - Referrer URLs and traffic sources Performance Data: - Service response times - Error logs and debugging information - Feature usage statistics - System performance metrics

2.3 Information from Third Parties

Authentication Providers: - Google OAuth profile information - Social media profile data (if connected) Data Service Providers: - KicksDB product and pricing data - StockX marketplace information - Other sneaker database providers Payment Processors: - Stripe payment processing data - Transaction verification information - Fraud prevention data

3. HOW WE USE YOUR INFORMATION

3.1 Service Provision

- Account Management: Create and maintain your account - Portfolio Tracking: Enable sneaker collection management - Price Predictions: Generate AI-powered market analysis - Search Functionality: Provide relevant sneaker search results - Notifications: Send price alerts and service updates

3.2 Business Operations

- Billing and Payments: Process subscriptions and manage billing - Customer Support: Respond to inquiries and resolve issues - Service Improvement: Analyze usage patterns to enhance features - Quality Assurance: Monitor system performance and reliability

3.3 Legal and Compliance

- Legal Obligations: Comply with applicable laws and regulations - Fraud Prevention: Detect and prevent fraudulent activities - Security: Protect against security threats and unauthorized access - Dispute Resolution: Handle legal claims and disputes

3.4 Communications

- Service Communications: Send account-related notifications - Marketing Communications: Share product updates and promotions (with consent) - Educational Content: Provide sneaker market insights and trends

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area, we process personal data based on: Contract Performance: Processing necessary to provide our Service - Account creation and management - Service delivery and support - Payment processing Legitimate Interests: Processing for our legitimate business interests - Service improvement and analytics - Fraud prevention and security - Marketing to existing customers Consent: Processing with your explicit consent - Marketing communications - Optional data collection - Cookies and tracking technologies Legal Obligations: Processing required by law - Tax and accounting requirements - Regulatory compliance - Law enforcement requests

5. DATA SHARING AND DISCLOSURE

5.1 Service Providers

We share data with trusted third-party service providers: Authentication Services: - Google (OAuth authentication) - Identity verification providers Payment Processing: - Stripe (payment processing and billing) - Tax calculation services Data and Analytics: - KicksDB (sneaker data and pricing) - StockX (marketplace information) - Analytics and monitoring services Infrastructure: - Google Cloud Platform (hosting and storage) - Content delivery networks - Email service providers

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

5.3 Legal Requirements

We may disclose information when required by law or to: - Comply with legal process or government requests - Protect our rights, property, or safety - Prevent fraud or illegal activities - Enforce our Terms of Service

5.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for: - Market research and analysis - Industry reports and insights - Service improvement and development

6. AI AND ALGORITHMIC PROCESSING

6.1 Price Prediction AI

Our AI systems process your data to provide price predictions: - Historical Data Analysis: Analyze market trends and patterns - Portfolio Optimization: Suggest collection improvements - Risk Assessment: Evaluate investment risk levels - Personalized Insights: Tailor recommendations to your interests

6.2 Automated Decision Making

We use automated systems for: - Fraud Detection: Identify suspicious activities - Usage Monitoring: Enforce subscription limits - Content Filtering: Ensure data quality and relevance - Recommendation Engine: Suggest relevant sneakers and insights

6.3 Your Rights Regarding Automated Processing

Under GDPR, you have the right to: - Request human review of automated decisions - Object to automated processing - Understand the logic behind automated decisions - Contest decisions that significantly affect you

7. DATA RETENTION

7.1 Retention Periods

Account Data: Retained while your account is active, plus 2 years after closure Usage Data: Retained for 2 years from collection date Payment Data: Retained for 7 years for tax and accounting purposes Support Communications: Retained for 3 years after resolution

7.2 Data Deletion

We delete data when: - Retention period expires - You request deletion (subject to legal requirements) - Data is no longer necessary for our purposes - You withdraw consent (where applicable)

7.3 Anonymization

Instead of deletion, we may anonymize data by removing personal identifiers while retaining statistical value for service improvement.

8. DATA SECURITY

8.1 Security Measures

We implement industry-standard security practices: - Encryption: Data encrypted in transit and at rest - Access Controls: Role-based access with authentication - Network Security: Firewalls and intrusion detection - Regular Audits: Security assessments and vulnerability testing

8.2 Payment Security

- PCI Compliance: Payment processing meets PCI DSS standards - Tokenization: Card data tokenized by Stripe - Secure Transmission: SSL/TLS encryption for all transactions

8.3 Data Breach Response

In case of a data breach: - Immediate investigation and containment - Notification to authorities within 72 hours (if required) - User notification if high risk to rights and freedoms - Remediation and prevention measures

9. YOUR PRIVACY RIGHTS

9.1 Access and Control

Account Settings: Update personal information and preferences Data Export: Request a copy of your personal data Data Correction: Correct inaccurate or incomplete information Account Deletion: Delete your account and associated data

9.2 Communication Preferences

Email Unsubscribe: Opt out of marketing communications Notification Settings: Control service-related notifications Data Processing Objection: Object to certain data processing activities

9.3 European Users' Rights (GDPR)

Right of Access: Obtain confirmation and copy of personal data Right to Rectification: Correct inaccurate personal data Right to Erasure: Request deletion of personal data Right to Restrict Processing: Limit how we process data Right to Data Portability: Receive data in structured format Right to Object: Object to processing based on legitimate interests Right to Withdraw Consent: Withdraw consent for consent-based processing

9.4 California Users' Rights (CCPA)

Right to Know: Information about data collection and use Right to Delete: Request deletion of personal information Right to Opt-Out: Opt out of sale of personal information Right to Non-Discrimination: Equal service regardless of privacy choices

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies We Use

Essential Cookies: Required for basic service functionality - Authentication and session management - Security and fraud prevention - Load balancing and performance Analytics Cookies: Help us understand service usage - User behavior analysis - Feature usage statistics - Performance monitoring Preference Cookies: Remember your settings and preferences - Language and region settings - Dashboard configurations - Notification preferences

10.2 Third-Party Cookies

Google Analytics: Website traffic and usage analysis Stripe: Payment processing and fraud prevention Authentication Providers: Login and identity verification

10.3 Cookie Management

Browser Controls: Configure cookie settings in your browser Opt-Out Options: Disable non-essential cookies Third-Party Opt-Outs: Use third-party opt-out mechanisms

11. INTERNATIONAL DATA TRANSFERS

11.1 Cross-Border Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and other countries where our service providers operate.

11.2 Transfer Safeguards

For transfers from the EEA, we ensure adequate protection through: - Adequacy Decisions: Transfers to countries with adequate protection - Standard Contractual Clauses: EU-approved data transfer agreements - Binding Corporate Rules: Internal data protection standards - Consent: Your explicit consent for specific transfers

11.3 Data Localization

Where required by law, we store and process data locally within specific jurisdictions.

12. CHILDREN'S PRIVACY

12.1 Age Requirements

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

12.2 Parental Rights

If you believe we have inadvertently collected information from a child under 18, please contact us immediately. We will take steps to delete such information promptly.

13. THIRD-PARTY LINKS AND SERVICES

13.1 External Links

Our Service may contain links to third-party websites, including StockX, brand websites, and other sneaker marketplaces. We are not responsible for the privacy practices of these external sites.

13.2 Brand Assets and Trademarks

We display brand logos and images for identification and informational purposes. This usage does not imply endorsement by or affiliation with these brands.

13.3 Third-Party Integrations

Google Services: Authentication and analytics Stripe: Payment processing KicksDB: Product data and pricing information Each integration is subject to the respective provider's privacy policy.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Policy Updates

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. Material changes will be communicated through: - Email notification to registered users - Prominent notice on our website - In-app notifications

14.2 Continued Use

Your continued use of the Service after policy changes constitutes acceptance of the updated Privacy Policy.

14.3 Version History

We maintain a record of previous policy versions for transparency and compliance purposes.

15. REGIONAL PRIVACY INFORMATION

15.1 European Economic Area (EEA)

Data Controller: SneakValue is the data controller for personal data collected through our Service. Representative: [EU Representative Name and Contact Information] Data Protection Officer: [DPO Contact Information]

15.2 California Residents

CCPA Compliance: This Privacy Policy serves as our CCPA privacy notice. Personal Information Sales: We do not sell personal information to third parties. Opt-Out Rights: Contact us to exercise your CCPA rights.

15.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. Contact us for jurisdiction-specific information.

16. CONTACT INFORMATION

16.1 General Privacy Inquiries

Privacy Team PKDM Services OÜ Registration Code: 17198549 Email: privacy@sneakvalue.com Address: Juhkentali Street 8, Tallinn, Harju County 10132, Estonia

16.2 Data Protection Officer

DPO Contact Email: dpo@sneakvalue.com Address: Juhkentali Street 8, Tallinn, Harju County 10132, Estonia

16.3 EU Representative

EU Representative PKDM Services OÜ (Estonia is an EU member state) Email: legal@sneakvalue.com Address: Juhkentali Street 8, Tallinn, Harju County 10132, Estonia

16.4 Response Time

We will respond to privacy inquiries within: - 30 days for general inquiries - 30 days for GDPR requests - 45 days for CCPA requests - As required by applicable law

17. EFFECTIVE DATE

This Privacy Policy is effective as of the date first written above and applies to all information collected on or after that date. By using SneakValue, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein. --- Document Version: 1.0 Last Review Date: January 23, 2025 Next Review Date: July 23, 2025