Privacy Policy
Effective date: 06/16/2025
1. Overview & Applicability
This Global Privacy Policy (“Policy”) governs how Jumpspree, Inc. and its affiliates (“Jumpspree,” “we,” “us,” or “our”) handle Personal Data worldwide. We are committed to compliance with international data protection laws including the European Union’s GDPR, the UK GDPR, California’s CCPA/CPRA, Canada’s PIPEDA, Australia’s Privacy Act, and relevant statutes in India, Brazil, Japan, Mexico, and other jurisdictions. These terms apply to all users of the Jumpspree website, mobile and desktop applications, software tools, APIs, services, and any offline data collection activities.
2. Definitions
- Personal Data: any information that directly or indirectly identifies an individual (e.g., name, email, IP, transaction history).
- Processing: any action performed on Personal Data such as collection, storage, use, sharing, or deletion.
- Controller: Jumpspree, which determines how and why Personal Data is processed.
- Processor: a third-party acting on behalf of Jumpspree (e.g., Stripe, AWS).
- User Content: any information uploaded or shared by you on the Platform.
- Sensitive Data: data that is extra private, such as biometric info, political beliefs, union membership; we do not knowingly collect sensitive data.
3. Data We Collect
We collect Personal Data in multiple categories, both voluntarily provided and automatically captured:
- Registration & Account Information
Name, email address, password, username, date of birth (for age verification), phone number, profile images.
- Business Data (Optional)
For sellers and business users: business name, address, registration details, tax ID, reseller authorization information.
- User Content
Posts, comments, product listings, articles, media files (photos, GIFs, videos), profile bios, search history, browsing behavior, poll responses, purchased items, follow list.
- Communication Data
Direct messages, chat threads, inquiry forms, email feedback, call logs where explicitly recorded.
- Transactional Information
Buyer and seller records including order numbers, item descriptions, pricing, payment method metadata, promotions, shipping address, returns, Purchase Protection activity.
- Usage and Diagnostic Data
Device model, operating system, unique device identifiers, IP address, geolocation (if enabled), session duration, crash logs, performance metrics, application version, browser type.
- Preference Data
Notification selections, email preferences, feed filters, language and region settings.
- Third-Party Identities
OAuth/SSO connection tokens if you use Google, Apple, X, Threads, or other integration tools.
4. How We Use Your Data (Purposes & Legal Basis)
We process your Personal Data for the following core purposes:
a. Platform Functionality & Account Management
- Providing the Services you opt into: registration, login, profile display, post creation, seller storefront and
b. Transaction Processing & Purchase Protection
- Processing sales, payments, shipping and returns via Stripe; administering refunds, disputes, compliance with tax and consumer law.
c. Compliance & Safety (Child Protection)
- Enforcing the minimum age requirement of 12+, requiring parental consent for minors 12–13.
d. Filtering and removing prohibited content, including any depiction of minors engaging in sexual activities.
- Immediate reporting to law enforcement and relevant governmental agencies for child exploitation violations.
e. Service Improvement & Personalization
- Analyzing platform usage and trends to tailor feeds, provide recommendations, custom notifications, and track feature engagement (e.g., Channels usage, trending posts).
f. Marketing, Promotion & Communications
- Sending service notifications, promotional offers, newsletters, reminders, and product/service updates.
- Audience segmentation for targeted campaigns and performance analysis.
g. Analytics & Performance Monitoring
- Measuring app performance and optimizing user interface/experience.
- Conducting surveys, A/B tests, and product usage analytics.
h. Legal Obligations
- Compliance with global data retention requirements, tax regulations, customs law, law enforcement requests, and audit procedures.
Under GDPR/UK GDPR:
- Consent: explicit authorization for marketing communications.
- Contractual necessity: data needed to provide the Platform and Seller features.
- Legal obligation: for financial reporting, tax compliance, and child protection.
- Legitimate interests: analyzing usage patterns, fraud prevention, security enforcement.
Under CCPA/CPRA:
- Data processing is categorized as business or commercial. You may request disclosures, deletion, or exercise opt-out rights. We do not sell your personal data.
Under PIPEDA, Privacy Act, and counterparts:
- We obtain consent where law requires and provide control over personal data corrections or deletions.
- India’s PDPB scope expected to be incorporated post-legislation.
We share Personal Data selectively and securely:
- Service Providers and Processors
- Stripe for payment and fraud detection
- AWS, Google Cloud for data hosting, redundancy, and backups
- Push notification, email services (SendGrid, Twilio)
- Analytics and performance tools (Mixpanel, Firebase, Segment)
- Social media integration (e.g., X, Threads via Channels)
- Legal and Safety Enforcement
- Authorities in case of child protection issues, subpoenas, legal process, or to respond to fraudulent activity.
- Business Transactions
- Mergers, acquisitions, financing events—with assurances of confidentiality and continuation of data protection.
- Aggregated/De-identified Data
- Shared with third-parties or public for analytical or promotional purposes where identity is removed.
We do not sell or rent Personal Data to third parties.
7. International Data Transfers
Your data may be transferred internationally. We rely on:
- EU/UK Standard Contractual Clauses
- Binding Corporate Rules
- Adequacy decisions where applicable
- Localized processing in certain jurisdictions (e.g., EU or India) as required.
Any cross-border data transfer is protected by binding agreements and technical safeguards.
8. Data Retention
We retain your data based on the following schedule:
- Account & profile data: held indefinitely while your account is active; deleted within 90 days of account deactivation unless legal obligations require retention.
- Transactional data: retained for 7 years for audit, tax, Purchase Protection, or customs obligations.
- Analytics: user-level information anonymized after 180 days; aggregated and de-identified data retained indefinitely.
- Dispute data: retained until final resolution plus 3 years.
Depending on your location:
Access, portability, correction, deletion or restriction of Personal Data; right to object to certain processing; right to lodge a complaint with your data protection authority.
- California Residents (CCPA/CPRA)
Right to request disclosure of collected categories and sources; deletion requests; opt-out of sale (we do not sell); non-discrimination for exercising rights. Verified via email, user portal, or toll-free.
Right to access and correct Personal Data; complaint procedures escalate to the Office of the Privacy Commissioner.
Rights to access, correct, and lodge privacy complaints; optional merger into Government ID systems.
All may contact privacy@jumpspree.com for data inquiries. Response provided within 30 days (45 days in the EU) with request tracking and resolution.
We deploy cookies, SDKs, and tracking technologies for:
- a. Functional cookies: essential for account login, security, payments
- b. Analytics cookies: device performance metrics, feature engagement
- c. Advertising cookies: marketing and retargeting
- d. Social plug-ins: Channels integration tools
Manage your cookie preferences via your browser or device privacy settings. Our Cookie Policy provides further detail.
Our measures include:
- TLS encryption for data in transit
- AES-256 / KMS storage encryption
- Access controls and RBAC
- Penetration testing and vulnerability scanning
- Incident response planning and logging
- Mandatory privacy training for staff
No system is foolproof. Please secure your credentials and if compromised, change them and contact us immediately.
12. Child Abuse & Protection
Zero tolerance enforcement against child exploitation.
We employ Adult Safeguarding Teams, content filters, and user-reporting. Any suspicion triggers suspension, investigation, law enforcement notification, and data preservation protocols. COPPA, UK law, and EU laws enforced rigorously.
13. False or Misleading Information Policy
We evaluate and remove false or misleading material upon user notice or automated detection. Appeals can be made to privacy@jumpspree.com within 30 days. Repeat offenders may be suspended.
14. Automated Decision-Making
We use algorithms to personalize your feed and detect harmful behavior. Decisions impacting user privileges may be reviewed upon user request. EU/UK users may request meaningful logic and human review.
Significant updates will be posted to the app, emailed, and notified 30 days prior. Continued use after notice implies consent. Minor updates apply immediately.
16. Contact & Dispute Resolution
For privacy concerns or data rights:
Email: privacy@jumpspree.com
Mailing Address: 3 Audrey Avenue, Oyster Bay, NY 11771, USA
EU Representative: Jumpspree Europe SL, C/Via Augusta 123, 08006 Barcelona, Spain
UK Representative: Jumpspree UK Ltd, 10 Downing St, London SW1A 2AA
CA Privacy Commissioner: www.priv.gc.ca
AU OAIC: oaic.gov.au
Other regulatory bodies as applicable.
Disputes unresolved internally may be arbitrated or filed with supervisory authorities.