Privacy Policy

Effective date: [DATE — to be confirmed before launch]

Auction Brain ("we", "us", "our") is operated by BridgeMatch. We are committed to protecting your privacy. This policy explains what data we collect, why, and your rights under UK GDPR.

1. Who We Are

Data controller: Bridgematch Limited (company number 17061771)
Contact: hello@bridgematch.co.uk
Website: auctions.bridgematch.co.uk

2. What Data We Collect

Data	When	Why
Email address	When you sign in or subscribe to alerts	Account access, deal alerts
Name	If you provide it via sign-in or contact form	Personalisation, support
Payment details	When you purchase a Day Pass or Pro subscription	Process payment (handled by Stripe)
Usage data	Automatically when you browse	Improve the service, fix bugs
IP address	Automatically via server logs	Security, rate limiting
Search filters & preferences	When you filter auction lots	Shareable URLs, restore your session

We do not collect: ID documents, financial statements, credit reports, or any data from the properties you browse.

3. How We Use Your Data

Provide the service — show auction lots, run AI analysis, match bridging lenders
Process payments — Day Pass and Pro subscriptions via Stripe
Send deal alerts — only if you subscribe (you can unsubscribe any time)
Improve the product — aggregate usage analytics to understand which features are useful
Security — detect abuse, rate-limit requests, prevent scraping

4. Legal Basis (UK GDPR)

Contract — processing your payment and providing access to paid features
Consent — sending marketing emails (deal alerts). You can withdraw consent at any time
Legitimate interest — analytics, security, service improvement

5. Third-Party Services

We use the following third-party services that may process your data:

Service	Purpose	Data shared
Stripe	Payment processing	Payment card details (we never see your full card number)
Supabase	Authentication & database	Email, account data
Resend	Transactional email	Email address, name
Anthropic (Claude AI)	Auction lot analysis	Public auction catalogue text only — no personal data
Railway	Server hosting	Server logs, IP addresses

We do not sell your data to anyone. We do not share personal data with auction houses.

6. Cookies

We use minimal cookies:

Authentication cookie — keeps you signed in (essential, session-based)
Preference cookies — remember your filter settings (functional)

We do not use third-party advertising or tracking cookies.

Analytics

We use Umami Cloud, a privacy-respecting analytics service, to understand how our site is used. Umami does not use cookies, does not collect personal data, and is fully GDPR compliant. We also log anonymised activity events (such as searches and analyses) on our server to improve the service. No personal browsing data is shared with third parties.

7. Data Retention

Account data — retained while your account is active, deleted within 30 days of account deletion request
Payment records — retained for 7 years as required by UK tax law
Server logs — automatically deleted after 30 days
Email alert subscriptions — retained until you unsubscribe

8. Your Rights

Under UK GDPR, you have the right to:

Access — request a copy of your personal data
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your data ("right to be forgotten")
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interest
Withdraw consent — for marketing emails, at any time

To exercise any right, email hello@bridgematch.co.uk. We will respond within 30 days.

9. Data Security

We protect your data with:

HTTPS encryption on all connections
Secure authentication via magic links (no passwords stored)
Rate limiting and abuse detection
Regular security headers (CSP, HSTS, X-Frame-Options)

10. Children

Auction Brain is not intended for anyone under 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The effective date at the top of this page will always reflect the latest version.

12. Contact & Complaints

For any privacy questions or concerns:
Email: hello@bridgematch.co.uk

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):
ico.org.uk/make-a-complaint