EastBid

Legal

Privacy Policy

Effective [EFFECTIVE_DATE] · Last updated [EFFECTIVE_DATE]

Note for review: Structured to comply with PIPEDA. A Canadian privacy lawyer should review before publication, particularly Sections 5 and 8 in light of your actual Stripe, Vercel, and Google configurations.

In plain terms: we collect the minimum we need to run auctions and pickups, we don't sell your data, we use Stripe for payments (they hold your card number, not us), and you can request your data or account deletion any time.

1. Who we are and how to contact us

EastBid Inc. ("we," "us," "our") operates the EastBid auction platform. Our registered office is at #303, 495 Water St, St. John's, NL A1E 6B5, Canada.

For privacy questions, contact our privacy officer: admin@eastbid.ca, or by phone at 1.709.700.0951.

2. What personal information we collect

Account information

  • Name and email address (from Google when you sign in)
  • Profile photo (from Google)
  • Phone number, if you provide one
  • Town or neighbourhood, if you provide one
  • A unique account ID we generate

Payment information

  • A reference token to your payment method stored with Stripe
  • The last 4 digits and card brand (for display only)
  • Billing name and postal code as you enter them in Stripe's form

We never see or store your full card number, CVV, or expiry. This information is handled entirely by Stripe, which is PCI-DSS Level 1 certified.

Activity information

  • Listings you view, bid on, or watch
  • Bid amounts, timestamps, outcomes
  • Pickup slots you claim
  • Messages you send us

Technical information

  • IP address and approximate location derived from IP
  • Browser type and operating system
  • Pages visited and referring pages
  • Session cookies required to keep you signed in

Seller information (estate sellers only)

If you book our estate service, we additionally collect phone number, property address, the items to be catalogued, and your disposal preference. This is necessary to perform the service and process payment.

3. How we use your information

We use your information only for these purposes:

  • To provide the Platform and process bids, payments, and pickups
  • To verify your identity and prevent fraud
  • To comply with our legal obligations (tax records, law enforcement requests)
  • To send transactional messages (bid outbid, auction ending, winner notification, receipts)
  • To send service announcements (major feature changes, outages, terms updates)
  • To respond to your support requests
  • To enforce our Terms of Service
  • With your explicit consent, to send you marketing emails (you can opt out any time)

We do not sell your personal information to third parties, full stop.

4. Legal basis for processing

Under PIPEDA, we process your personal information on these bases:

  • Consent: you provided it when you signed up and accepted these terms
  • Necessary for a contract: we can't run an auction you won without charging your card
  • Legitimate interest: fraud detection, account security, aggregate analytics
  • Legal obligation: tax records, responses to lawful court orders

5. Who we share your information with

We share your personal information only with the service providers necessary to run the Platform, and only to the extent necessary. Each of these has their own privacy policy and is contractually bound to protect your data.

ProviderPurposeWhat they see
Vercel (USA)Hosting, database, image storageAll account and activity data, server-side only
Stripe (USA/Canada)Payment processing, seller payoutsName, email, card details, transaction amounts
Google (USA)Sign-in (OAuth), Sheets API for importsEmail, name, profile photo on sign-in
Resend (USA)Transactional emailEmail address, message contents

These providers are located in Canada and the United States. By using the Platform, you consent to the transfer of your personal information outside Canada, where it may be subject to different laws, including U.S. laws that may allow government access in certain circumstances.

We may also share your information:

  • With law enforcement when required by a lawful court order or subpoena
  • With a successor entity if we sell or merge our business (you would be notified)
  • With other users only to the extent necessary (e.g. a seller sees the winning bidder's first name at pickup)

We never share your data for third-party marketing.

6. Cookies and tracking

We use a minimal set of cookies:

  • Strictly necessary: session cookies to keep you signed in; CSRF protection tokens
  • Preferences: remembering your filter choices on the feed

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking. We do not use Google Analytics, Facebook Pixel, or similar.

Note for review: If analytics tooling (Plausible, Umami, Posthog, Vercel Analytics) is added later, update this section and add a cookie consent banner as needed.

7. Your rights

Under PIPEDA, you have the right to:

  • Access: request a copy of the personal information we hold about you
  • Correction: ask us to fix any inaccurate information
  • Deletion: request that we delete your account and personal information
  • Withdrawal of consent: any time, subject to legal and contractual restrictions
  • Complain: to the Office of the Privacy Commissioner of Canada (priv.gc.ca)

To exercise these rights, email admin@eastbid.ca. We will respond within 30 days.

Note: some information (transaction records, bid history on completed auctions) must be retained for financial and legal reasons even if you request account deletion. We will delete what we can and anonymize the rest.

8. How long we keep your information

DataRetention
Active accountWhile your account is open
Closed account30 days then personal fields deleted; transaction records anonymized
Transaction and tax records7 years (required by Canadian tax law)
Server logs (IP, pages visited)90 days
Email unsubscribe listIndefinitely (to honour your opt-out)

9. Security

We protect your personal information with industry-standard measures:

  • All traffic to and from the Platform is encrypted with TLS
  • Database and file storage encrypted at rest
  • Admin access restricted by two-factor authentication and an email allowlist
  • Card details never touch our servers, handled entirely by Stripe
  • Passwords never stored (Google OAuth only)
  • Regular security updates to all software

Despite these measures, no system is 100% secure. If we become aware of a breach affecting your personal information, we will notify you and the Privacy Commissioner of Canada as required by law.

10. Children

The Platform is not intended for anyone under 18. We do not knowingly collect personal information from children. If you are a parent and believe your child has created an account, contact us and we will delete the account and associated information.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and by a notice on the Platform at least 14 days before the effective date. Continued use after the effective date constitutes acceptance.

12. Contact

Questions or concerns? Email us at admin@eastbid.ca or write to us at [REGISTERED_ADDRESS].

You can also file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Terms of ServicePrivacy PolicySeller AgreementProhibited ItemsBack to browse