Privacy Policy

Effective date: November 11, 2025

GemTCG, LLC d/b/a ‘CollectBuySell’ (“CollectBuySell”, “GemTCG”, “we”, “us”, or “our”) operates the CollectBuySell websites, applications, and related services (the “Service”).

This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use the Service, and the choices you have. By using the Service, you agree to this Policy and our Terms of Service. If you do not agree, do not use the Service.

Key Definitions

Service: The CollectBuySell marketplace and any sites, apps, or features we operate.
Personal Data: Information that identifies or can reasonably be linked to a particular person.
Usage Data: Data collected automatically about how the Service is accessed and used (e.g., device type, IP, pages viewed).
Cookies: Small files that store information on a browser or device. See our Cookie Policy.
Controller: The entity that determines why and how Personal Data are processed. For most processing described here, CollectBuySell is the Controller.
Processor: A service provider that processes data for us under contract.
User: Any person using the Service (buyers, sellers, visitors).

Information We Collect

Information you provide to us

Account & profile: name, username, email, phone (optional), country/region, shipping address.
Seller info: store name, logo, description, policies, tax-exemption details (if applicable).
Listings & content: titles, descriptions, photos, categories, tags, conditions, pricing, shipping settings, external links, messages you send via our tools.
Payments: limited details necessary to route payments and payouts (e.g., Stripe identifiers). We do not store full payment card numbers.
Compliance: age declaration; where required, identity/KYC information for fraud, sanctions, or AML checks.
Support: information in inquiries, disputes, claims, feedback, or surveys.

Information collected automatically

Usage Data: IP address, device and browser type, operating system, pages or screens viewed, referring/exit pages, timestamps, approximate location (derived from IP), and similar diagnostic data.
Cookies & similar technologies: for authentication, preferences, analytics, and security. See our Cookie Policy.

Information from third parties

Payments & identity: confirmations from payment processors (e.g., Stripe), fraud screening services, and identity verification vendors.
Shipping & logistics: tracking updates from carriers or shipping tools you connect.
Public/partner sources: information we reasonably need to verify accounts, prevent fraud, or comply with law.

How We Use Your Information (Purposes & Legal Bases)

We process Personal Data as necessary to:

Provide the Service (Art. 6(1)(b) GDPR): authenticate users, enable buying and selling, display listings, manage orders, facilitate payments/payouts, and provide support.
Operate and improve the Service (Art. 6(1)(f) legitimate interests): monitor performance, develop new features, conduct analytics and internal reporting, ensure quality, and personalize experiences.
Safety, integrity & compliance (Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests): prevent fraud, spam, abuse, unauthorized access, off-platform circumvention, and illegal activity; satisfy KYC/AML/sanctions checks; respond to lawful requests.
Communicate with you (Art. 6(1)(b)/(f)): transactional emails (receipts, order updates), policy updates, support messages.
Marketing (where permitted) (Art. 6(1)(a) consent or 6(1)(f) legitimate interests): send promotions or newsletters. You can opt out at any time.
Legal claims & recordkeeping (Art. 6(1)(f)/(c)): establish, exercise, or defend legal claims; maintain required records.

Messaging Safety & Automated Monitoring

To protect our users and marketplace integrity, we use automated systems and limited, role-based manual review to scan and review messages and attachments sent through our messaging tools. This helps us detect and prevent fraud, abuse, spam, illegal content, and off-platform solicitation or transactions that bypass our protections. We may retain communications for security, dispute resolution, and compliance. Do not share sensitive personal data in messages.

We share information only as needed and with appropriate safeguards:

Service Providers/Processors: cloud hosting, analytics (e.g., Google Analytics), performance and security (e.g., Cloudflare), logging and error monitoring (e.g., Sentry), email and notification providers, payment processing and payouts (e.g., Stripe), ID verification, fraud prevention, and shipping tools.
Transaction Counterparties: necessary order information shared between buyer and seller (e.g., shipping name/address, item details).
Compliance & Safety: law enforcement or authorities when legally required or to protect rights, safety, and property.
Corporate events: in a merger, acquisition, or financing, data may be transferred consistent with this Policy.
With consent: where you direct us to share or we have your explicit consent.

We do not sell Personal Data for money. If we engage in activities that are considered “sharing” or “targeted advertising” under applicable law, you will have the right to opt out.

Data Retention

We retain Personal Data only as long as necessary for the purposes described above:

For active accounts, until deletion or as needed to provide the Service.
For legal, security, and tax/compliance obligations, disputes, and enforcement, for the applicable limitation periods.
Thereafter, we delete or irreversibly anonymize data.

Your Rights

Depending on your location (e.g., EEA/UK, Switzerland, California, Brazil, and other regions), you may have the right to:

Access, correct, or delete your Personal Data.
Object to or restrict processing.
Port your data.
Withdraw consent (where processing is based on consent).
Opt out of marketing.
Opt out of certain “sharing”/targeted advertising (where applicable law provides such a right).

To exercise rights, contact us at pcontact@gemtcg.com. We may request additional information to verify your identity. You also have the right to lodge a complaint with your local supervisory authority.

International Transfers

We may process and store data in the United States and other countries that may not provide the same level of data protection as your home jurisdiction. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) to protect your information.

Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data and risks involved (e.g., encryption in transit, access controls, monitoring). No system is 100% secure; you are responsible for maintaining the security of your account credentials and devices.

Children

The Service is not directed to children under 13 (or the minimum age required by law in your location). We do not knowingly collect Personal Data from children. If you believe a child provided Personal Data, contact us to request deletion.

Third-Party Services

The Service may link to third-party websites or services. Their practices are governed by their own policies. We are not responsible for their content or privacy practices.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Effective date” and, where required, provide additional notice. Please review this page periodically.

Contact Us

CollectBuySell, LLC
Email: contact@gemtcg.com
Support: contact@gemtcg.com
If you are in the EEA/UK and wish to contact our representative (if/when appointed), email *contact@gemtcg.com.

Region-Specific Disclosures

California (CPRA)

We provide the following rights to California residents: right to know/access, delete, correct, data portability, and to limit/opt out of certain uses/disclosures. We do not sell Personal Data for money. If we “share” Personal Data for cross-context behavioral advertising, you may opt out via your browser signals or by contacting us. We do not use Sensitive Personal Information for purposes other than those permitted by CPRA §1798.121.

Controller: GemTCG, LLC d/b/a ‘CollectBuySell’ Legal bases: as listed above.
Data Protection Officer: If/when appointed, contact details will be published here; until then, email contact@gemtcg.com.
Transfers: safeguarded by appropriate transfer mechanisms (e.g., SCCs).

Additional Notes for Sellers & Buyers

We may suspend, restrict, or review accounts to protect our users and comply with law.
We may retain evidence (including message logs and order metadata) for fraud prevention, dispute resolution, and compliance.
Attempts to transact off-platform or circumvent marketplace protections may result in enforcement actions, including account limits or closure.

If you have questions about this Policy or how we handle your information, contact us at contact@gemtcg.com.

Privacy Policy

Effective date: November 11, 2025

Key Definitions

Service: The CollectBuySell marketplace and any sites, apps, or features we operate.
Personal Data: Information that identifies or can reasonably be linked to a particular person.
Usage Data: Data collected automatically about how the Service is accessed and used (e.g., device type, IP, pages viewed).
Cookies: Small files that store information on a browser or device. See our Cookie Policy.
Controller: The entity that determines why and how Personal Data are processed. For most processing described here, CollectBuySell is the Controller.
Processor: A service provider that processes data for us under contract.
User: Any person using the Service (buyers, sellers, visitors).

Information We Collect

Information you provide to us

Account & profile: name, username, email, phone (optional), country/region, shipping address.
Seller info: store name, logo, description, policies, tax-exemption details (if applicable).
Listings & content: titles, descriptions, photos, categories, tags, conditions, pricing, shipping settings, external links, messages you send via our tools.
Payments: limited details necessary to route payments and payouts (e.g., Stripe identifiers). We do not store full payment card numbers.
Compliance: age declaration; where required, identity/KYC information for fraud, sanctions, or AML checks.
Support: information in inquiries, disputes, claims, feedback, or surveys.

Information collected automatically

Usage Data: IP address, device and browser type, operating system, pages or screens viewed, referring/exit pages, timestamps, approximate location (derived from IP), and similar diagnostic data.
Cookies & similar technologies: for authentication, preferences, analytics, and security. See our Cookie Policy.

Information from third parties

Payments & identity: confirmations from payment processors (e.g., Stripe), fraud screening services, and identity verification vendors.
Shipping & logistics: tracking updates from carriers or shipping tools you connect.
Public/partner sources: information we reasonably need to verify accounts, prevent fraud, or comply with law.

How We Use Your Information (Purposes & Legal Bases)

We process Personal Data as necessary to:

Provide the Service (Art. 6(1)(b) GDPR): authenticate users, enable buying and selling, display listings, manage orders, facilitate payments/payouts, and provide support.
Operate and improve the Service (Art. 6(1)(f) legitimate interests): monitor performance, develop new features, conduct analytics and internal reporting, ensure quality, and personalize experiences.
Safety, integrity & compliance (Art. 6(1)(c) legal obligation; Art. 6(1)(f) legitimate interests): prevent fraud, spam, abuse, unauthorized access, off-platform circumvention, and illegal activity; satisfy KYC/AML/sanctions checks; respond to lawful requests.
Communicate with you (Art. 6(1)(b)/(f)): transactional emails (receipts, order updates), policy updates, support messages.
Marketing (where permitted) (Art. 6(1)(a) consent or 6(1)(f) legitimate interests): send promotions or newsletters. You can opt out at any time.
Legal claims & recordkeeping (Art. 6(1)(f)/(c)): establish, exercise, or defend legal claims; maintain required records.

Messaging Safety & Automated Monitoring

We share information only as needed and with appropriate safeguards:

Service Providers/Processors: cloud hosting, analytics (e.g., Google Analytics), performance and security (e.g., Cloudflare), logging and error monitoring (e.g., Sentry), email and notification providers, payment processing and payouts (e.g., Stripe), ID verification, fraud prevention, and shipping tools.
Transaction Counterparties: necessary order information shared between buyer and seller (e.g., shipping name/address, item details).
Compliance & Safety: law enforcement or authorities when legally required or to protect rights, safety, and property.
Corporate events: in a merger, acquisition, or financing, data may be transferred consistent with this Policy.
With consent: where you direct us to share or we have your explicit consent.

We do not sell Personal Data for money. If we engage in activities that are considered “sharing” or “targeted advertising” under applicable law, you will have the right to opt out.

Data Retention

We retain Personal Data only as long as necessary for the purposes described above:

For active accounts, until deletion or as needed to provide the Service.
For legal, security, and tax/compliance obligations, disputes, and enforcement, for the applicable limitation periods.
Thereafter, we delete or irreversibly anonymize data.

Your Rights

Depending on your location (e.g., EEA/UK, Switzerland, California, Brazil, and other regions), you may have the right to:

Access, correct, or delete your Personal Data.
Object to or restrict processing.
Port your data.
Withdraw consent (where processing is based on consent).
Opt out of marketing.
Opt out of certain “sharing”/targeted advertising (where applicable law provides such a right).

International Transfers

Security

Children

Third-Party Services

The Service may link to third-party websites or services. Their practices are governed by their own policies. We are not responsible for their content or privacy practices.

Changes to This Policy

Contact Us

CollectBuySell, LLC
Email: contact@gemtcg.com
Support: contact@gemtcg.com
If you are in the EEA/UK and wish to contact our representative (if/when appointed), email *contact@gemtcg.com.

Region-Specific Disclosures

California (CPRA)

Additional Notes for Sellers & Buyers

We may suspend, restrict, or review accounts to protect our users and comply with law.
We may retain evidence (including message logs and order metadata) for fraud prevention, dispute resolution, and compliance.
Attempts to transact off-platform or circumvent marketplace protections may result in enforcement actions, including account limits or closure.

If you have questions about this Policy or how we handle your information, contact us at contact@gemtcg.com.

Privacy Policy

Key Definitions

Information We Collect

Information you provide to us

Information collected automatically

Information from third parties

How We Use Your Information (Purposes & Legal Bases)

Messaging Safety & Automated Monitoring

When We Share Information

Data Retention

Your Rights

International Transfers

Security

Children

Third-Party Services

Changes to This Policy

Contact Us

Region-Specific Disclosures

California (CPRA)

EEA/UK (GDPR)

Additional Notes for Sellers & Buyers

Privacy Policy

Key Definitions

Information We Collect

Information you provide to us

Information collected automatically

Information from third parties

How We Use Your Information (Purposes & Legal Bases)

Messaging Safety & Automated Monitoring

When We Share Information

Data Retention

Your Rights

International Transfers

Security

Children

Third-Party Services

Changes to This Policy

Contact Us

Region-Specific Disclosures

California (CPRA)

EEA/UK (GDPR)

Additional Notes for Sellers & Buyers