Your Privacy Matters.

Welcome to Phantstore ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Privacy Policy explains how we collect, use, disclosure, and safeguard your information when you visit our website or use our services.

We collect information that you voluntarily provide to us when you register on the website, express an interest in obtaining information about us or our products and services, when you participate in activities on the website, or otherwise when you contact us.

• Personal Data: Personally identifiable information, such as your name, email address, username, and profile photo that you provide when registering.
• Derivative Data: Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.
• Activity & Meetup Contact Data: When you join a community activity or meetup, you may optionally provide a phone number and/or contact email address to help the organiser coordinate the event. This data is encrypted at rest using AES-256 envelope encryption and is never stored in plain text. It is only accessible to the activity organiser, only while you remain a confirmed participant, and is permanently deleted when you withdraw or when the activity is cancelled.
• Private Event Location: Organisers may provide an exact meeting location for an activity. This is stored separately from the public location label and is only revealed to confirmed participants. It is never shown publicly.

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site to:

• Create and manage your account.
• Facilitate the item sharing process between users.
• Email you regarding your account or activity.
• Coordinate community activities and meetups, including sharing your contact details with the activity organiser solely for the purpose of that specific activity.
• Prevent fraudulent transactions, monitor against abuse, and protect against criminal activity.
• Maintain an immutable audit log of every access to community activity contact data, as required by applicable law, retained for 90 days.

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Security and Anti-Abuse Providers: We use Cloudflare Turnstile to help distinguish legitimate visitors from automated abuse on protected forms. Turnstile may process limited device and browser signals for this security purpose. For more information, see Cloudflare's Turnstile Privacy Addendum.

Phantstore offers a community activities and meetups feature that allows users to organise and join local events. This feature involves additional data handling which we describe here.

• Encryption: Contact information (phone number and email) provided when joining an activity is encrypted at rest using AES-256 envelope encryption. Raw values are never stored in the database.
• Access control: Only the activity organiser can access participant contact details, and only for confirmed participants. Waitlisted, withdrawn, or removed participants' contact data is inaccessible to the organiser.
• Deletion on withdrawal: If you withdraw from an activity, your contact data is permanently deleted from our systems in the same database transaction. The organiser immediately loses access.
• Deletion on cancellation: If an activity is cancelled by the organiser, all participant contact data is permanently purged for every participant at the same time.
• Audit logging: Every time an organiser accesses, exports, or messages participants using their contact details, an audit record is created before the data is returned. Audit logs are retained for 90 days and cannot be deleted.
• Phone deduplication: A one-way HMAC-SHA256 hash of your normalised phone number is stored alongside the encrypted value solely to prevent duplicate registrations. This hash cannot be reversed to recover the original number.
• Private location: The exact meeting location of an activity is encrypted separately. It is revealed only to confirmed participants and is never included in any public listing or search result.
• Rate limits: Contact reveal, export, and bulk-message operations are rate-limited per activity per day to prevent misuse.

If you have questions or comments about this Privacy Policy, please contact us at:

help@phantstore.com

help.phantstore@gmail.com