Privacy Policy

Account Information: When you sign up, we collect your email address and display name through Supabase Authentication. Passwords are handled by Supabase and are never stored by our application.

Library Data: Disc titles, formats, barcodes, and metadata you add to your collection are stored to provide the core service.

Usage Data: We may collect anonymous usage analytics such as feature engagement and error reports to improve the service.

Device Information: Push notification tokens are stored if you opt in to notifications. We do not track device fingerprints.

eBay Credentials: DiscUs does not collect, store, or request eBay usernames or passwords at any time. All eBay data is retrieved using server-side OAuth 2.0 Client Credentials. No eBay user login is involved.

eBay Inc.: When you use Price Check, we retrieve current listing prices and publicly available sold-item data from eBay Inc. ("eBay") via their official Browse API. Should access be granted, data from the Marketplace Insights API may also be utilised. When viewing pricing results, you may be redirected to eBay's website (ebay.com.au) to view full listings. This data is subject to the following:

• Used solely to provide per-item price comparisons for your scanned disc
• Cached for no more than six (6) hours and refreshed immediately thereafter to ensure accuracy and data freshness
• Never resold, redistributed, or shared with any third parties
• Never used to derive or calculate site-wide statistics, including but not limited to Average Selling Price (ASP), Gross Merchandise Value (GMV), or aggregate pricing data for any eBay category
• Never fed into AI, machine learning, or large language models
• Never bulk-downloaded, systematically extracted, or stored beyond the cache window

Barcode Lookups: We query third-party barcode databases (UPCitemdb) to identify your disc. Only the barcode number is sent; no personal data is shared.

TMDB: Movie and TV show metadata (titles, posters, descriptions) is sourced from The Movie Database (TMDB) API. No personal data is shared with TMDB.

Cloudinary: User-uploaded images (e.g., profile photos, listing photos) are stored on Cloudinary (headquartered in the United States). Images are associated with your account ID only.

Encryption in Transit: All data is transmitted over HTTPS with TLS encryption. Our backend enforces HTTPS and our frontend uses HSTS with a 2-year max-age and preload.

Authentication: We use OAuth 2.0 via Supabase Auth. API endpoints are protected with JWT bearer tokens validated on every request.

Access Controls: Administrative functions require verified admin roles. Rate limiting protects against abuse.

Data Storage: Your data is stored in Supabase (PostgreSQL) hosted in the Sydney, Australia region. Redis caching (Upstash) is also hosted in Sydney.

Account Data: Your account and library data are retained as long as your account is active. You can request deletion at any time.

Cached Pricing Data: eBay pricing data is cached for a maximum of six (6) hours and is automatically purged after expiry. No historical pricing data is permanently stored.

Chat Messages: Messages in the Galaxy Hub are retained for community features. You can delete your own messages.

Account Deletion: When you delete your account, all associated data (library, wishlist, messages, ratings, listings) is permanently removed via cascading deletion.

eBay Data Deletion: We will promptly delete any eBay-sourced data associated with a user upon: (a) the user's request, (b) a request from eBay Inc., or (c) termination of our participation in the eBay Developers Program. Upon any such event, all cached eBay content will be purged immediately and no copies will be retained.

DiscUs Deal Score: Our application uses a proprietary algorithm ("DiscUs Deal Score") that automatically evaluates the value of a disc by comparing active listing prices against recent sold prices. This algorithm calculates a score from A (best deal) to F (overpriced) based on:

• Value Score: How a listing's price compares to the market median
• Confidence Score: Based on the number of comparable sold listings (sample size)
• Recency Score: How recently comparable items have sold

This scoring uses only publicly available eBay pricing data. No personal information from your account is used in the calculation. The Deal Score is informational only and does not make decisions on your behalf, restrict access to features, or affect your account in any way.

Collection Valuation: When you view your collection value, we calculate estimated totals by aggregating individual per-item market values. No personal information beyond your library titles and formats is used in this process.

DiscUs is operated from Australia. In the course of providing the service, your personal information or associated data may be disclosed to recipients in the following countries:

• United States: eBay Inc. (API requests for pricing data), Cloudinary (image hosting), Vercel (frontend hosting)
• Australia: Supabase (database, Sydney region), Upstash (Redis caching, Sydney region), Fly.io (API server, Sydney region)

We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the Australian Privacy Principles (APPs). Where practicable, we use services that offer data processing within Australia.

You have the right to:

• Access your personal data stored in your account
• Correct inaccurate information via your settings
• Delete your account and all associated data
• Export your library data
• Opt out of push notifications at any time

For Australian users, your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) are fully respected.

If you believe we have breached the Australian Privacy Principles (APPs) or mishandled your personal information, you may lodge a complaint using the following procedure:

1. Contact us at privacy@disc-us.com.au with a description of your concern
2. We will acknowledge your complaint within 7 business days
3. We will investigate and respond with a written outcome within 30 days
4. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

DiscUs uses browser local storage to persist your authentication session. We do not use third-party tracking cookies or advertising pixels.

If you have questions about this privacy policy or wish to exercise your data rights, please contact us:

General Enquiries: support@disc-us.com.au

Privacy Enquiries: privacy@disc-us.com.au

This privacy policy may be updated from time to time. We will notify users of material changes via the app or email.