/ Airsoft Exchange
Login
Home/Privacy Policy

/ Privacy Policy

How we collect, use, and protect your personal data

Last updated: 11 January 2026

Contents

Data Protection Enquiries

For any questions about your data, contact us at privacy@airsoftexchange.uk

Introduction

Who we are and our commitment to your privacy

Airsoft Exchange ("we", "us", "our") is operated by Ben Wortley as a sole trader based in the United Kingdom. We are committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at airsoftexchange.uk (the "Platform").

By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

Data We Collect

Information we gather when you use our Platform

Account Information

  • Name and email address - Required for account creation and communication
  • Password - Securely hashed, never stored in plain text
  • Username - Your public identifier on the Platform

Profile Information (Optional)

  • Location - General area for buyer/seller matching
  • Date of birth - Age verification for legal compliance
  • Phone number - Optional contact method
  • Bio and social links - Profile personalization
  • Profile picture - Optional avatar

Listing Data

  • Item details - Title, description, price, condition, specifications
  • Images - Photos of items you list for sale
  • Location - Area where item is available

Communication Data

  • Messages - Conversations between buyers and sellers
  • Feedback - Reviews and ratings you give or receive
  • Reports - Safety reports you submit

Payment Data

For featured listing purchases, payment is processed by Stripe. We store:

  • Stripe customer reference - To link payments to your account
  • Transaction records - Amount, date, and purpose of payment

We never see or store your full card details - these are handled securely by Stripe.

Google Sign-In Data

If you choose to sign in with Google, we receive:

  • Your Google account ID, name, email, and profile picture

How We Use Your Data

Purposes and legal bases for processing

PurposeLegal Basis
Providing our marketplace serviceContract performance
Account management and authenticationContract performance
Processing featured listing paymentsContract performance
Sending transactional emails (messages, listing updates)Contract performance
Sending newsletters and marketing emailsConsent (opt-in required)
Platform security and fraud preventionLegitimate interest
Maintaining feedback/reputation systemLegitimate interest
Age verification (airsoft legal requirements)Legal obligation
Retaining transaction recordsLegal obligation (tax compliance)

Marketing Communications

Your choices about promotional emails

We only send marketing emails (newsletters, announcements, weekly roundups, promotions) if you have explicitly opted in. This is separate from essential service emails about your account, messages, or listings.

When you opt in, you can choose which types of marketing emails to receive:

  • Newsletter - Platform news and community highlights
  • Announcements - New features and important updates
  • Weekly Roundup - Top listings and new gear
  • Marketing - Special offers and promotions

You can change your preferences or unsubscribe at any time through your account settings or by clicking the unsubscribe link in any email.

Third-Party Services

Services we use to operate the Platform

Stripe (Payment Processing)

Stripe processes payments for featured listings. Your payment card details are handled directly by Stripe and never touch our servers. Stripe is PCI-DSS compliant. See Stripe's Privacy Policy.

Google (Authentication)

If you sign in with Google, we receive basic profile information from Google. See Google's Privacy Policy.

Resend (Email Delivery)

Resend delivers our transactional and marketing emails. They process your email address to deliver messages on our behalf. See Resend's Privacy Policy.

Cloudflare Turnstile (Bot Protection)

We use Cloudflare Turnstile to protect forms from automated abuse. This may process your IP address. See Cloudflare's Privacy Policy.

Fathom Analytics (Website Analytics)

We use Fathom Analytics to understand how visitors use our Platform. Fathom is a privacy-first analytics tool that does not use cookies, does not track individuals, and does not collect personal data. All analytics are aggregated and anonymous. See Fathom's Privacy Policy.

Data Retention

How long we keep your information

Data TypeRetention Period
Active account dataUntil you delete your account
Active/draft listingsDeleted when you delete your account
Sold listing recordsRetained indefinitely (marketplace integrity)
Feedback given/receivedRetained indefinitely (trust system)
Message historyRetained (visible to other party)
Payment records6 years (legal/tax requirement)
Username (after deletion)Retained, marked as "Account Closed"

Why we retain some data: When you delete your account, we anonymize your personal information but retain certain records (sold listings, feedback, messages) to maintain marketplace integrity, protect other users, and comply with legal requirements. This is permitted under UK GDPR Article 6(1)(f) - legitimate interest.

Your Rights

Your data protection rights under UK GDPR

Under UK GDPR, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate personal data.

Right to Erasure

You can delete your account through account settings. Some data may be retained as described above.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interest.

Right to Withdraw Consent

For marketing emails, you can withdraw consent at any time via account settings or unsubscribe links.

To exercise any of these rights, contact us at privacy@airsoftexchange.uk. We will respond within one month.

Data Security

How we protect your information

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Password hashing using industry-standard algorithms
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Complaints

How to raise concerns about your data

If you have concerns about how we handle your personal data, please contact us first at privacy@airsoftexchange.uk. We will do our best to resolve your concern.

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

Changes to This Policy

How we'll notify you of updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting a notice on our Platform
  • Updating the "Last updated" date at the top of this page
  • Sending an email notification for material changes (if you've opted into announcements)

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@airsoftexchange.uk

General enquiries: Contact Form