Last updated: April 2026
This Data Policy explains what data Finds collects, how it is stored, how long it is kept, who it is shared with, and how you can control it. This policy should be read alongside our Privacy Policy and Terms of Service. Where there is any conflict, the Privacy Policy takes precedence.
Finds is the data controller responsible for your personal data. We are registered in the United Kingdom.
Contact: contact@getfindsapp.com
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are responsible for deciding how your personal data is used and protected.
We process your data under the following legal bases as defined by UK GDPR:
Contract Performance (Article 6(1)(b)): Processing necessary to provide you with the Finds service, including account creation, listing items, processing transactions, facilitating communication between buyers and sellers, managing your balance and withdrawals, and providing shipping information.
Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including improving and developing the App, preventing fraud and abuse, ensuring platform security, analysing usage patterns to improve the user experience, and enforcing our Terms of Service.
Consent (Article 6(1)(a)): Processing based on your explicit consent, including precise location data for the Scout Map feature, marketing communications, and push notifications. You may withdraw consent at any time.
Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements, including financial recordkeeping, tax reporting obligations, responding to law enforcement requests, and fraud prevention regulations.
Account data (name, email, username, password, profile photo, bio, location) for account creation and profile display.
Listing data (photos, title, description, price, category, condition, era, style, material, colour, size, brand, origin, room suitability, special tags, shipping price) for displaying listings and enabling search and filtering.
Transaction data (offer amounts, shipping split selections, order details, delivery confirmations) for processing sales, offers, and dispute resolution.
Financial data (bank account details, card details via Stripe, balance and withdrawal history) for processing payments and seller payouts.
Communication data (messages between users, support enquiries) for facilitating buyer-seller communication and customer support.
Review data (ratings, written reviews for users and events) for displaying feedback and maintaining trust.
Scout Map data (photos, titles, descriptions, prices, GPS coordinates or manually entered addresses) for operating the Scout Map feature.
Stories data (photos and videos posted to stories) for displaying story content to other users.
Shipping data (courier selection, tracking numbers, dispatch dates) for order fulfilment and delivery tracking.
Device data (device model, operating system, OS version, unique device identifiers) for app compatibility and security.
Usage data (pages viewed, items browsed, searches, filters applied, items saved, sellers followed, session duration) for improving the App and personalising your experience.
Location data (approximate) (IP-based location) for showing relevant local listings and events.
Location data (precise) (GPS coordinates, with consent only) for Scout Map feature, showing nearby items and events.
Log data (IP address, access times, error logs) for security monitoring and debugging.
Stripe: Transaction confirmations, payout status, limited financial data for payment processing and payout management.
Apple / Google (social login): Name, email, profile ID for account authentication.
Courier services: Delivery status updates, tracking events for order tracking.
Your data is stored on servers provided by Supabase (database and authentication) and Stripe (payment data). Supabase infrastructure is hosted within the European Union. Stripe may process payment data in the United States and other countries in accordance with their own data protection policies and Standard Contractual Clauses.
We implement the following technical and organisational measures to protect your data:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
Account data: Duration of account + 30 days after deletion.
Listing data (active): While listing is live.
Listing data (sold/removed): 2 years after sale or removal.
Transaction and financial records: 7 years after transaction (UK tax and accounting regulations).
Messages: 2 years after last message in thread.
Reviews: Duration of reviewed user's account.
Scout Map pins (active): Until claimed or 6 months after posting.
Scout Map pins (claimed): Anonymised and retained indefinitely.
Stories: 24 hours after posting (auto-deleted).
Event reviews: Duration of event listing or 2 years.
Usage and log data: 12 months.
Device data: 12 months.
Payment card details: Held by Stripe per their retention policy.
Bank account details: Duration of account + 30 days.
When data reaches the end of its retention period, it is either permanently deleted or irreversibly anonymised.
Other Finds users: Public profile info, listing details, reviews, Scout Map pins (per visibility settings), stories for core marketplace and community functionality.
Buyers (when you sell): Your name, response times, ratings for transaction completion.
Sellers (when you buy): Your name, delivery address for shipping and order fulfilment.
Stripe: Transaction amounts, bank details, identity data for payment processing and payouts.
Supabase: All app data for database hosting and authentication.
Courier services: Delivery address, parcel details for order delivery.
Analytics providers: Anonymised or aggregated usage data for service improvement.
Law enforcement / regulators: Data as required by law for legal compliance.
Where your data is transferred outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place. These include Standard Contractual Clauses (SCCs) as approved by the UK Information Commissioner's Office, adequacy decisions by the UK Secretary of State, and binding corporate rules where applicable.
Right of Access (Article 15): You can request a copy of all personal data we hold about you. We will provide this within 30 days.
Right to Rectification (Article 16): You can correct inaccurate data through your account settings or by contacting us.
Right to Erasure (Article 17): You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
Right to Restrict Processing (Article 18): You can request that we limit how we use your data in certain circumstances.
Right to Data Portability (Article 20): You can request a copy of your data in a structured, machine-readable format (JSON or CSV).
Right to Object (Article 21): You can object to processing based on legitimate interests.
To exercise any of these rights, contact us at contact@getfindsapp.com. We will respond within 30 days.
The Finds mobile app does not use browser cookies. We use local device storage to keep you logged in and store your preferences. This data remains on your device and is not transmitted to our servers unless necessary for functionality.
Finds is not intended for users under 18. We do not knowingly collect data from anyone under 18. If we discover that data has been collected from a minor, we will delete it promptly.
Due to the nature and scale of our current data processing activities, we are not required to appoint a Data Protection Officer under UK GDPR. All data protection enquiries should be directed to contact@getfindsapp.com.
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We encourage you to contact us first at contact@getfindsapp.com so we can attempt to resolve your concern directly.
We may update this Data Policy from time to time. Material changes will be communicated through the App and the "Last Updated" date will be revised. Continued use of the App after changes are posted constitutes acceptance of the updated policy.
Email: contact@getfindsapp.com
Finds
United Kingdom