Airsoft ExchangeUK Marketplace
Login
Home/Privacy Policy

/ Privacy Policy

How we collect, use, and protect your personal data

Last updated: 24 January 2026

Contents

Data Protection Enquiries

For any questions about your data, contact us at privacy@airsoftexchange.uk

Introduction

Who we are and our commitment to your privacy

Airsoft Exchange ("we", "us", "our") is operated by Ben Wortley as a sole trader based in the United Kingdom. We are committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at airsoftexchange.uk (the "Platform").

By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

Data We Collect

Information we gather when you use our Platform

Account Information

  • Name and email address - Required for account creation and communication
  • Password - Securely hashed, never stored in plain text
  • Username - Your public identifier on the Platform

Profile Information (Optional)

  • Location - General area for buyer/seller matching
  • Date of birth - Age verification for legal compliance
  • Phone number - Optional contact method
  • Bio and social links - Profile personalization
  • Profile picture - Optional avatar

Listing Data

  • Item details - Title, description, price, condition, specifications
  • Images - Photos of items you list for sale
  • Location - Area where item is available

Communication Data

  • Messages - Conversations between buyers and sellers
  • Feedback - Reviews and ratings you give or receive
  • Reports - Safety reports you submit

Payment Data

For featured listing purchases, payment is processed by Stripe. We store:

  • Stripe customer reference - To link payments to your account
  • Transaction records - Amount, date, and purpose of payment

We never see or store your full card details - these are handled securely by Stripe.

Identity Verification (Optional)

If you choose ID Verification, Stripe Identity collects images of your ID document and a live selfie (no photo uploads). We store:

  • Verification status and timestamps - To display your verified badge
  • Stripe verification references - Session IDs and error codes for support
  • Consent and checklist confirmations - Your acknowledgement of the ID verification requirements
  • Technical metadata - IP address and user agent for fraud prevention and audit

We do not store verified name or address details, and we do not use Stripe Identity to validate public usernames or profile locations. Stripe verifies the authenticity of the ID document and checks that the live selfie matches the ID photo. Depending on the verification flow, Stripe may also validate ID details against databases where available.

We do not store your ID document images or biometric data ourselves. Stripe processes and hosts them for verification, and authorized staff may review Stripe's verification results in rare cases of suspected fraud or legal compliance. Stripe states that biometric identifiers are retained for up to one year for fraud prevention, and ID images/extracted data are retained in the Stripe Dashboard for up to three years (longer if saved to Link), with options to delete sooner.

Google Sign-In Data

If you choose to sign in with Google, we receive:

  • Your Google account ID, name, email, and profile picture

How We Use Your Data

Purposes and legal bases for processing

PurposeLegal Basis
Providing our marketplace serviceContract performance
Account management and authenticationContract performance
Processing featured listing paymentsContract performance
Sending transactional emails (messages, listing updates)Contract performance
Sending newsletters and marketing emailsConsent (opt-in required)
Platform security and fraud preventionLegitimate interest
Maintaining feedback/reputation systemLegitimate interest
Age verification (airsoft legal requirements)Legal obligation
Retaining transaction recordsLegal obligation (tax compliance)

Marketing Communications

Your choices about promotional emails

We only send marketing emails (newsletters, announcements, weekly roundups, promotions) if you have explicitly opted in. This is separate from essential service emails about your account, messages, or listings.

When you opt in, you can choose which types of marketing emails to receive:

  • Newsletter - Platform news and community highlights
  • Announcements - New features and important updates
  • Weekly Roundup - Top listings and new gear
  • Marketing - Special offers and promotions

You can change your preferences or unsubscribe at any time through your account settings or by clicking the unsubscribe link in any email.

Third-Party Services

Services we use to operate the Platform

Stripe (Payment Processing)

Stripe processes payments for featured listings. Your payment card details are handled directly by Stripe and never touch our servers. Stripe is PCI-DSS compliant. See Stripe's Privacy Policy.

Stripe Identity (ID Verification)

If you choose ID Verification, Stripe Identity processes your ID document and live selfie, which may include biometric data. We can access verification status, reasons, and captured images in Stripe, but we do not store those images or extracted data in our database. Stripe may request separate consent to use images to improve verification. See Stripe's Privacy Policy.

Google (Authentication)

If you sign in with Google, we receive basic profile information from Google. See Google's Privacy Policy.

Resend (Email Delivery)

Resend delivers our transactional and marketing emails. They process your email address to deliver messages on our behalf. See Resend's Privacy Policy.

Cloudflare Turnstile (Bot Protection)

We use Cloudflare Turnstile to protect forms from automated abuse. This may process your IP address. See Cloudflare's Privacy Policy.

Fathom Analytics (Website Analytics)

We use Fathom Analytics to understand how visitors use our Platform. Fathom is a privacy-first analytics tool that does not use cookies, does not track individuals, and does not collect personal data. All analytics are aggregated and anonymous. See Fathom's Privacy Policy.

Data Retention

How long we keep your information

Data TypeRetention Period
Active account dataUntil you delete your account
Active/draft listingsDeleted when you delete your account
Sold listing recordsRetained indefinitely (marketplace integrity)
Feedback given/receivedRetained indefinitely (trust system)
Message historyRetained (visible to other party)
Payment records6 years (legal/tax requirement)
ID verification metadata2 years after verification or last attempt
Username (after deletion)Retained, marked as "Account Closed"

Why we retain some data: When you delete your account, we anonymize your personal information but retain certain records (sold listings, feedback, messages) to maintain marketplace integrity, protect other users, and comply with legal requirements. This is permitted under UK GDPR Article 6(1)(f) - legitimate interest.

Your Rights

Your data protection rights under UK GDPR

Under UK GDPR, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate personal data.

Right to Erasure

You can delete your account through account settings. Some data may be retained as described above.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interest.

Right to Withdraw Consent

For marketing emails, you can withdraw consent at any time via account settings or unsubscribe links.

To exercise any of these rights, contact us at privacy@airsoftexchange.uk. We will respond within one month.

Data Security

How we protect your information

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Password hashing using industry-standard algorithms
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Complaints

How to raise concerns about your data

If you have concerns about how we handle your personal data, please contact us first at privacy@airsoftexchange.uk. We will do our best to resolve your concern.

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

Changes to This Policy

How we'll notify you of updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting a notice on our Platform
  • Updating the "Last updated" date at the top of this page
  • Sending an email notification for material changes (if you've opted into announcements)

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@airsoftexchange.uk

General enquiries: Contact Form