Privacy Policy

1. Introduction

Flow Auctions, LLC, a Wyoming limited liability company ("Flow Auctions," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, process, and safeguard your information when you use our platform, including our auction house management system, marketplace website, mobile applications, dealer platforms, APIs, and all related services (collectively, the "Platform").

This Privacy Policy applies to all users, including auction houses, dealers, consignors, bidders, buyers, administrators, and visitors. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to our collection, use, and disclosure of your information as described herein.

IMPORTANT: If you do not agree with our privacy practices described in this Policy, please do not use our Platform or provide us with any personal information.

2. Information We Collect

2.1 Personal Information

We collect various categories of personal information, including:

Identity and Contact Information:

• Full name, username, email address, phone number, mailing address
• Date of birth, government-issued identification numbers
• Business name, tax identification numbers, professional licenses
• Emergency contact information
• Profile photographs and biographical information

Financial Information:

• Payment card details, bank account information, routing numbers
• Billing and shipping addresses
• Credit reports, financial statements, and creditworthiness assessments
• Tax documentation and withholding information
• Transaction history, payment records, and invoice details
• Insurance information and claims history

Auction and Business Information:

• Bidding history, purchase records, and consignment details
• Lot preferences, watch lists, and saved searches
• Auction house configurations, fee structures, and business settings
• Inventory management data and catalog information
• Customer lists, dealer networks, and business relationships
• Marketing preferences and communication settings

Verification and Security Information:

• Identity verification documents (passports, driver's licenses)
• Know Your Customer (KYC) and Anti-Money Laundering (AML) data
• Background checks and sanctions screening results
• Authentication credentials and security questions
• Biometric data for enhanced security (where permitted)

2.2 Technical Information

• IP addresses, device identifiers, and browser fingerprints
• Operating system, browser type, and device specifications
• Login timestamps, session data, and access logs
• Cookies, web beacons, and similar tracking technologies
• Geolocation data and time zone information
• Network information and connection details

2.3 Usage and Behavioral Information

• Pages visited, features used, and time spent on Platform
• Search queries, filters applied, and navigation patterns
• Interaction data with auctions, lots, and other users
• Email engagement metrics and communication responses
• Error reports, crash logs, and performance data
• A/B testing participation and feature usage analytics

2.4 Content and Communications

• Messages, comments, reviews, and feedback submitted
• Images, videos, and documents uploaded to the Platform
• Audio recordings of customer service interactions
• Social media content and public posts mentioning our Platform
• Survey responses and research participation data

3. How We Collect Information

3.1 Direct Collection

We collect information directly from you when you:

• Create an account or complete registration processes
• Update your profile, preferences, or business settings
• Participate in auctions, place bids, or make purchases
• Consign items or manage inventory
• Contact customer support or use help features
• Subscribe to newsletters or marketing communications
• Participate in surveys, contests, or promotional activities
• Attend events or engage with our sales team

3.2 Automatic Collection

We automatically collect information through:

• Cookies, web beacons, and similar tracking technologies
• Server logs and analytics tools
• Mobile app usage tracking and crash reporting
• Email tracking pixels and engagement metrics
• Security monitoring and fraud detection systems
• Performance monitoring and optimization tools

3.3 Third-Party Sources

We may receive information from:

• Payment processors and financial institutions
• Identity verification and background check services
• Credit reporting agencies and financial data providers
• Social media platforms and public databases
• Marketing partners and lead generation services
• Data brokers and analytics providers
• Auction houses, dealers, and business partners
• Government agencies and regulatory bodies

4. How We Use Your Information

4.1 Core Platform Operations

• Providing, operating, and maintaining our Platform and services
• Processing transactions, payments, and financial settlements
• Managing user accounts, authentication, and access controls
• Facilitating auctions, bidding, and marketplace transactions
• Managing consignments, inventory, and lot cataloging
• Generating invoices, receipts, and tax documentation
• Processing shipping, logistics, and delivery arrangements

4.2 Security and Compliance

• Verifying identity and preventing fraud
• Conducting KYC, AML, and sanctions screening
• Monitoring for suspicious activities and policy violations
• Ensuring compliance with applicable laws and regulations
• Protecting against unauthorized access and cyber threats
• Maintaining audit trails and regulatory reporting

4.3 Communications and Support

• Sending transactional notifications and account updates
• Providing customer support and technical assistance
• Delivering marketing communications (with consent)
• Sending newsletters, announcements, and promotional offers
• Facilitating communications between platform users

4.4 Analytics and Improvement

• Analyzing usage patterns and user behavior
• Improving Platform performance and user experience
• Developing new features and services
• Conducting market research and competitive analysis
• Personalizing content and recommendations
• Optimizing auction performance and outcomes

4.5 Legal and Business Purposes

• Enforcing our Terms of Service and other agreements
• Resolving disputes and handling legal proceedings
• Managing business relationships and partnerships
• Conducting due diligence for business transactions
• Maintaining business records and documentation

5. Legal Bases for Processing (GDPR)

For users in the European Union, we process your personal information based on:

• Contract Performance: Processing necessary to perform our Terms of Service
• Legitimate Interests: Fraud prevention, security, analytics, and business operations
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Marketing communications and optional features (withdrawable)
• Vital Interests: Protecting health, safety, and fundamental rights

6. How We Share Your Information

6.1 Service Providers and Vendors

We share information with trusted third-party service providers, including:

• Payment processors, banks, and financial institutions
• Identity verification and background check services
• Cloud hosting, data storage, and infrastructure providers
• Email marketing and communication platforms
• Analytics, monitoring, and optimization services
• Customer support and help desk platforms
• Shipping, logistics, and fulfillment partners
• Professional services (legal, accounting, consulting)

6.2 Platform Participants

• Auction houses receive bidder and buyer information for transaction completion
• Sellers receive buyer information for shipping and delivery
• Buyers receive seller information for transaction verification
• Dealers receive relevant customer and inventory information
• Platform administrators access information for management purposes

6.3 Legal and Regulatory Disclosure

We may disclose information when required or permitted by law:

• To comply with legal obligations, court orders, or government requests
• To law enforcement agencies investigating criminal activities
• To regulatory authorities for compliance monitoring
• To tax authorities for reporting and audit purposes
• In connection with legal proceedings or dispute resolution
• To protect our rights, property, and safety
• To prevent fraud, abuse, or harm to others

6.4 Business Transfers

We may transfer or assign your information in connection with a merger, acquisition, sale of assets, bankruptcy, or other business transaction. We will provide notice of any such transfer and any choices you may have regarding your information.

6.5 Aggregated and De-identified Information

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for research, analytics, marketing, or other business purposes without restriction.

7. Your Privacy Rights and Choices

7.1 Access and Portability

• Request access to your personal information
• Obtain copies of your data in a portable format
• Review how your information is being used
• Download your auction history and transaction records

7.2 Correction and Updates

• Update your account information and preferences
• Correct inaccurate or incomplete information
• Modify your communication preferences
• Update your business settings and configurations

7.3 Deletion and Erasure

• Request deletion of your personal information (subject to legal limitations)
• Close your account and remove associated data
• Withdraw consent for optional processing activities
• Note: Some information may be retained for legal, regulatory, or business purposes

7.4 Marketing and Communications

• Opt out of marketing emails and promotional communications
• Unsubscribe from newsletters and announcements
• Manage notification preferences and delivery methods
• Control automated decision-making and profiling

7.5 California Privacy Rights (CCPA)

California residents have additional rights, including:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt out of the sale of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit the use and disclosure of sensitive personal information

7.6 European Privacy Rights (GDPR)

EU residents have additional rights, including:

• Right to object to processing based on legitimate interests
• Right to restrict processing in certain circumstances
• Right to withdraw consent at any time
• Right to lodge a complaint with supervisory authorities
• Right to object to automated decision-making and profiling

7.7 Exercising Your Rights

To exercise any of these rights, contact us at privacy@flowauctions.com or use our online privacy request form. We may require verification of your identity before processing requests. Response times vary by jurisdiction but generally within 30-45 days.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for Platform functionality and security
• Performance Cookies: Help us understand usage and improve performance
• Functional Cookies: Remember your preferences and personalize experience
• Marketing Cookies: Used for advertising and promotional activities

8.2 Managing Cookies

You can control cookies through your browser settings, but disabling certain cookies may affect Platform functionality. We provide a cookie consent manager that allows you to customize your preferences for non-essential cookies.

8.3 Do Not Track

Our Platform does not currently respond to "Do Not Track" browser signals, but you can manage tracking preferences through our privacy settings and browser controls.

9. Data Security and Protection

9.1 Security Measures

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Regular security audits and penetration testing
• SOC 2 Type II compliance and security certifications
• Employee security training and background checks
• Incident response and breach notification procedures
• Data backup and disaster recovery systems

9.2 Data Breach Response

In the event of a data breach, we will notify affected users and relevant authorities within the timeframes required by applicable law (typically 72 hours for authorities and without undue delay for individuals).

9.3 Your Security Responsibilities

• Maintain strong, unique passwords for your account
• Enable two-factor authentication when available
• Keep your contact information current for security notifications
• Report suspicious activities immediately
• Log out of shared or public devices

10. Data Retention and Deletion

10.1 Retention Periods

We retain your information for different periods based on:

• Account Information: While your account is active plus 7 years
• Transaction Records: 10 years for tax and regulatory compliance
• Financial Information: 7 years or as required by law
• Identity Verification: 5 years from account closure
• Marketing Data: Until you opt out or request deletion
• Technical Logs: 12-24 months for security and performance
• Legal Hold Data: Until legal matters are resolved

10.2 Deletion Process

When retention periods expire or upon valid deletion requests, we securely delete or anonymize your information using industry-standard methods. Some information may be retained in backup systems for additional periods as part of our data protection measures.

11. International Data Transfers

Flow Auctions operates primarily in the United States, with data processing occurring in the US and other countries where our service providers operate. When we transfer personal information from the EU/UK, we use appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for transfers to countries with adequate protection
• Binding Corporate Rules and certification mechanisms
• Explicit consent for transfers where legally required

By using our Platform, you acknowledge and consent to these international transfers of your personal information.

12. Children's Privacy

Our Platform is not intended for individuals under 18 years of age, and we do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18 without parental consent, we will promptly delete that information.

Parents and guardians who believe their child has provided personal information to us should contact us immediately at privacy@flowauctions.com.

13. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Flow Auctions. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you visit.

We may also integrate with third-party services (such as social media platforms, payment processors, or analytics providers) that have their own privacy policies and data collection practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Post the updated Policy on our Platform with a new "Last Updated" date
• Notify you by email if you have provided an email address
• Provide prominent notice on our Platform
• Obtain additional consent where required by law

Your continued use of our Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, please discontinue use of our Platform.

15. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Response Time: We will respond to privacy inquiries within 30 days (or sooner as required by applicable law). For urgent privacy matters, please mark your communication as "URGENT - Privacy Matter."