Privacy Policy.

Shutterdex is an independent project building cache-first market intelligence for used photography gear. The data controller for the purposes of GDPR is the Shutterdex operator. You can reach us at [email protected] for any privacy-related question, including data subject requests.

• Email address: only if you submit the newsletter form. Used to send a confirmation email (double opt-in) and, after confirmation, the launch invite and occasional product updates.
• Technical data: IP, browser, device type, referrer and pages viewed. Used for security, fraud prevention, rate-limiting and aggregate anonymous analytics.
• Outbound click data: when you click a link to eBay we record an event (without IP or PII) to measure the conversion funnel of the affiliate program. Bound to the cookie-consent state.
• Cookies and similar technologies: see our Cookie Policy.

• Consent (Art. 6(1)(a) GDPR): for the newsletter, analytics cookies and outbound-click event capture.
• Legitimate interests (Art. 6(1)(f)): site security, essential cookies and aggregate non-identifying usage statistics.
• Legal obligation (Art. 6(1)(c)): replying to lawful requests from competent authorities.

Email addresses are retained for as long as you remain subscribed. You can unsubscribe at any time via the one-click link in every email we send, after which your address is removed from active lists within 30 days and from backups within 90 days. Technical and outbound-click data are retained in raw form for 30 days and aggregated indefinitely without identifiers. Sentry error data is retained for 30 days.

We use a limited number of trusted processors. We do not sell or rent personal data.

• Vercel: hosts the website and provides infrastructure logs (EU/US).
• Supabase: database hosted in eu-central-1 (Frankfurt).
• Resend: sends our confirmation and product emails.
• Cloudflare: DNS, WAF and Turnstile bot mitigation (no PII retained).
• Upstash Redis: application-level rate-limiting (hashed IPs, automatic TTL).
• PostHog: product analytics on EU region (Frankfurt), only after analytics cookies are accepted.
• Sentry: error monitoring, with PII filtered out (beforeSend).

Under GDPR you have the right to access, rectify, erase, restrict or object to the processing of your data, and to data portability. Write to [email protected] with subject line “Privacy request”. We respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

Some of our processors are located outside the European Economic Area. When that’s the case, transfers are protected by Standard Contractual Clauses or equivalent safeguards, and the data flow is documented in our processing register.

Shutterdex v1 is a public, account-free site. A future version (v3, “Pro”) may introduce optional accounts to enable a personal gear vault, price-target alerts and a buying watchlist. If and when those features ship, this policy will be updated to disclose any additional data collected, and you will be asked for explicit consent before any account-related processing begins.

We may update this policy as Shutterdex evolves. Material changes will be communicated on this page with an updated “Last updated” date and, where required, by email to subscribers.