Privacy Policy

Effective date: 1 March 2026

Overview

This Privacy Policy explains how Collectaneum (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website and registry services (the “Service”).

If you have questions, contact us at our contact page.

Who we are

Controller: Collectaneum is operated by Centrillio Limited, a company registered in England and Wales with company number 12189838.

Data we collect
  • Account data: name/handle, email address, password hash (never your raw password), and account preferences.
  • Registry content you provide: item notes, provenance text, valuations you enter, and images you upload (if enabled). This may include personal data if you choose to include it.
  • Payment data (if paid plans): billing contact details and subscription status. Card details are processed by our payment provider (we do not store full card numbers).
  • Technical data: IP address, device/browser details, and usage logs (for security and debugging).
  • Cookies: small files used for sign-in, preferences, and analytics (if enabled).
How we use your data
  • Provide and operate the Service (accounts, access control, core features).
  • Secure the Service (fraud prevention, abuse detection, auditing).
  • Support and communications (responding to enquiries, service messages).
  • Improve the Service (product analytics and performance monitoring, if enabled).
  • Billing and subscriptions (if applicable).
  • Comply with legal obligations (tax/accounting, lawful requests).
Legal bases (UK/EU)

We process personal data under the following bases:

  • Contract: to provide the Service you requested (account, registry access).
  • Legitimate interests: to secure and improve the Service (balanced against your rights).
  • Consent: for optional cookies/analytics or marketing emails (where used).
  • Legal obligation: where required by law (e.g., financial records).
Sharing and processors

We share data only as needed to run the Service:

  • Hosting & infrastructure (e.g., Vercel, storage providers) to serve the site and store data.
  • Authentication (if using a third-party auth provider).
  • Payments (e.g., Stripe) for subscriptions.
  • Analytics / error monitoring (optional) to understand performance and fix bugs.

These providers act as processors under contracts that require appropriate safeguards.

International transfers

Some providers may process data outside your country. Where this occurs, we use appropriate safeguards such as standard contractual clauses or equivalent protections.

Retention

We keep personal data only as long as necessary:

  • Account data: while your account is active.
  • Registry content: while your account is active, unless you delete it earlier.
  • Logs/security data: retained for a limited period for security and troubleshooting.
  • Billing records: retained as required by law.
Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You can also withdraw consent where processing is based on consent.

To exercise rights, contact us via Contact.

Cookies

We use cookies for essential sign-in functionality and preferences. If we use analytics cookies, we will present appropriate consent controls.

Security

We use reasonable technical and organisational measures to protect data (access control, encryption in transit, and least-privilege). No method of transmission or storage is completely secure.

Changes

We may update this policy. If changes are material, we’ll take reasonable steps to notify you (for example via the Service).