Privacy Policy

Effective date: April 23, 2026

This Privacy Policy ("Privacy Policy") describes how Poketerminal ("Poketerminal," "we," "us," or "our") collects, uses, stores, and shares personal information when you: (1) access or use our website at poketerminal.io and related marketing pages (the "Website"); (2) use the Poketerminal mobile application (the "App"); and (3) otherwise communicate with us (for example email, waitlist, or support) ("Communications"). Together, the Website, App, and related features we offer are the "Services." "Personal information" means information about an identifiable individual, or any similar term used in privacy or data protection laws that apply to you.

This Privacy Policy does not apply to products, services, or websites operated by third parties (for example app stores, payment processors, or analytics vendors). Those parties have their own policies.

Please read this Privacy Policy carefully. If you do not agree, do not use the Services. By using the Services, you acknowledge the practices described here. We may update this Privacy Policy from time to time (see Changes to our Privacy Policy). Where changes are material, we will provide additional notice as required by law.

Purpose

This Privacy Policy explains what personal information we may collect when you purchase, download, install, register for, access, or use the Services—or when you communicate with us—and how we collect, use, protect, and disclose that information.

Quick links

• Cookies and automated collection — technologies we use on the Website and how you can manage them.
• Your choices — access, correction, marketing preferences, and cookie controls.

How we collect personal information

We collect information in three broad ways:

• Directly from you — for example when you create an account, join the waitlist, save portfolio items, set preferences, contact support, or submit forms on the Website.
• Automatically — when you visit the Website or use the App, we and our partners may collect technical and usage information using cookies, SDKs, pixels, log files, and similar technologies.
• From partners and providers — for example when you authenticate or pay through a platform provider, or when we enrich catalog or market data from third-party APIs you interact with through the Services.

What personal information we collect

Depending on how you use the Services, this may include:

• Contact and account identifiers — name, email address, authentication identifiers, and profile details when you register or sign in (for example via Supabase-backed authentication).
• Collection and trading-related data — portfolio holdings, saved items, wishlists, alerts, scans or images you submit for identification, and content you post in features such as listings or messages.
• Location — if you allow it, approximate or precise location from your device to power map-based features (for example nearby shops). You can revoke permission in device settings.
• Waitlist and marketing — email addresses submitted on the Website and related metadata; we use providers such as Resend to deliver messages.
• Usage, diagnostics, and analytics — events and device data to understand product usage and improve reliability (for example through services such as Mixpanel or Sentry).
• Payments — purchase metadata from app stores or subscription services (such as RevenueCat); we do not receive your full payment card number from those platforms.
• Technical data — IP address, device type, operating system, app version, browser type, timestamps, and similar log data for security and operations.

How we use personal information

We use personal information to:

1. Provide, maintain, secure, and improve the Services;
2. Authenticate users, sync data across devices, and enforce plan limits where applicable;
3. Fulfill the purposes for which you provided the information;
4. Send transactional or service-related messages (including waitlist confirmations);
5. Detect, investigate, and help prevent fraud, abuse, and security incidents;
6. Comply with law, respond to lawful requests, and enforce our terms;
7. Conduct research and development, including aggregate or de-identified analytics; and
8. Other purposes with your consent where required.

Who we share personal information with

We may share personal information as follows:

• Legal and safety — when we believe disclosure is required to comply with law, legal process, or regulatory requests; to protect the rights, safety, and property of Poketerminal, our users, or the public; or to investigate violations of our policies.
• Affiliates — with subsidiaries or affiliates where they exist and the sharing is consistent with this Privacy Policy.
• Business transactions — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to applicable law and appropriate safeguards.
• Service providers — vendors who process information on our behalf (hosting, database, email delivery, analytics, error reporting, maps, payments, and similar functions), bound by confidentiality and instructions consistent with this Privacy Policy.
• Other users — when you choose to publish information (for example a public listing) or when a feature explicitly shares data with a counterparty you interact with.
• Aggregated or de-identified data — we may use or share data that does not reasonably identify you.

We do not sell your personal information for cash. Where applicable laws define "sale" or "sharing" more broadly (for example for cross-context behavioral advertising), we will honor opt-out rights as required for your region when those features apply.

Third-party sites and links

The Services may link to third-party websites or services. We are not responsible for their privacy practices. Please review their policies before providing information.

Retention

We retain personal information for as long as needed to fulfill the purposes described in this Privacy Policy, unless a longer period is required or permitted by law. When we delete information, we take reasonable steps to do so securely, subject to backup and disaster recovery cycles.

International transfers

We may process and store information in the United States and other countries where we or our vendors operate. Those jurisdictions may have different data protection laws. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

How we protect personal information

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is 100% secure. You are responsible for safeguarding passwords and for the security of your device.

Children

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will take appropriate steps to delete it, subject to legal retention obligations.

Cookies and automated collection technologies

We and our partners use cookies, pixels, SDKs, and similar technologies to operate the Website and App, remember preferences, measure performance, and improve the Services.

• Essential — required for core functionality (for example session or security cookies on the Website).
• Analytics — help us understand how the Services are used and diagnose issues.

You can control cookies through your browser settings. Disabling some cookies may affect functionality. We do not currently respond to "Do Not Track" browser signals in a uniform way; you can learn more at allaboutdnt.org.

Your choices

Access and correction

You may request access to or correction of personal information we hold about you, subject to applicable law. We may ask for information to verify your request.

Marketing communications

You can opt out of promotional emails from us by following unsubscribe instructions in those emails. You may not opt out of certain non-promotional messages (for example receipts or security notices).

Cookies and similar technologies

Manage cookies through your browser or device settings. Analytics providers may offer their own opt-out tools (for example Google provides information at policies.google.com/technologies/partners).

Withdrawing consent

Where we rely on consent, you may withdraw it as permitted by law. Withdrawing consent may affect our ability to provide certain features.

Legal bases (EEA, UK, and Switzerland)

If you are in the EEA, UK, or Switzerland, we rely on one or more of: performance of a contract, legitimate interests (such as securing and improving the Services), consent where required, and legal obligation.

Changes to our Privacy Policy

We may amend this Privacy Policy to reflect legal, technical, or business changes. We will update the effective date at the top of this page. We encourage you to review this Privacy Policy periodically.

Complaints

If you have concerns about how we handle personal information, please contact us using the information below. You may also have the right to lodge a complaint with a supervisory authority in your jurisdiction, where applicable law provides that right.

Contact information

For questions about this Privacy Policy or to exercise privacy rights, contact us at privacy@poketerminal.io. You may also use our contact form for general inquiries.

This Privacy Policy is informed by common marketplace-app practices and is not legal advice. Have qualified counsel review it for your entity, regions of operation, and product changes.