Privacy Policy
Last updated: 12 January 2026
This Privacy Policy explains how BidSense ("we", "us", "our") collects, uses, shares, and protects personal data when you use our mobile application and website in the European Economic Area (EEA) and United Kingdom. It also explains your rights under applicable data protection laws such as the EU General Data Protection Regulation (GDPR).
1. Data controller
The data controller for personal data collected through the BidSense service is: BidSense. For questions about this policy or to exercise your data subject rights, contact: privacy@bidsense.nl.
2. Data we collect
We collect the following categories of personal data to provide and improve the service:
- Account information: email address, display name, profile image when you register or sign in via Firebase authentication.
- Device and usage data: device type, OS, app version, crash reports, and anonymous usage analytics (to improve reliability and features).
- Content you provide: listing URLs, text you paste into the app, images you upload (if any), and notes you save.
- Payments and subscriptions: when you purchase a subscription we receive purchase receipts and entitlement status via our payment provider (RevenueCat).
- Support and communications: messages you send to support, contact email, and correspondence history.
3. Legal bases for processing
Under GDPR, we rely on the following legal bases:
- Contract/Performance: to provide the app functionality and fulfil your purchases or subscriptions.
- Consent: for optional analytics and marketing communications where we request your consent (you may withdraw consent at any time).
- Legitimate interests: to operate, secure, and improve our services, prevent fraud, and protect our rights (we perform a balancing test to ensure your rights are respected).
4. How we use personal data
We use personal data to:
- Provide and operate the app features (analysis, saving and retrieving your saved items).
- Manage your account and authenticate you.
- Process payments and manage subscriptions via RevenueCat.
- Send transactional messages (e.g., receipts, account updates) and, where consented, marketing communications.
- Analyze and improve the app, diagnose problems, and monitor usage.
- Comply with legal obligations and protect our rights and the rights of others.
5. Sharing and disclosure
We may share personal data with:
- Service providers: processors who perform services on our behalf (e.g., Firebase/Google for authentication and data storage, RevenueCat for subscription management, hosting and analytics providers). These providers act as processors under contract and only process data per our instructions.
- Legal requests: if required by law, court order, or to respond to government requests, or to protect the rights, property or safety of BidSense, our users, or others.
6. International transfers
Some of our service providers are based outside the EEA/UK (for example, Google and RevenueCat in the United States). Where personal data is transferred outside the EEA/UK we rely on applicable safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or explicit consent. You can request details of the safeguards we use by contacting privacy@bidsense.nl.
7. Data retention
We retain personal data only as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods:
- Account data: retained while your account exists and for a reasonable period afterward for backup and fraud prevention (typically up to 2 years unless otherwise required).
- Usage and analytics data: aggregated or pseudonymized for long-term analysis; raw logs retained for a limited period (e.g., 90 days).
- Purchase records: retained for financial and legal compliance (e.g., up to 7 years where required).
8. Cookies and similar technologies
We and our third-party providers use cookies and similar technologies (local storage) for authentication, preferences, analytics and to improve your experience. You can manage cookies in your browser or device settings. For analytics and marketing cookies, we will request consent where required by law.
9. Your rights
Under the GDPR you have the right to:
- Request access to and a copy of the personal data we hold about you.
- Request rectification of inaccurate or incomplete data.
- Request erasure (the "right to be forgotten") in certain circumstances.
- Request restriction of processing or to object to processing based on legitimate interests.
- Request portability of your personal data in a structured, commonly used and machine-readable format.
- Lodge a complaint with a supervisory authority (for example, the Data Protection Authority in your member state).
To exercise any of these rights, contact us at privacy@bidsense.nl. We will respond within the timeframe required by applicable law (normally one month).
10. Security
We use industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS) and access controls. However, no system is completely secure — if you suspect a security incident, contact us immediately at privacy@bidsense.nl.
11. Children
Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, contact us and we will take steps to delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify users via the app or by email where required. The "Last updated" date at the top of this policy indicates when it was last revised.
13. Contact and supervisory authority
If you have questions, requests, or concerns about this policy or our processing, contact us at: privacy@bidsense.nl.
You also have the right to lodge a complaint with the data protection supervisory authority in the EU member state where you live, work or where an alleged infringement occurred. A list of supervisory authorities is available online at the European Data Protection Board website.