Skip to main content
    Menu
    Join Discord
    Why UsFeaturesStart FreeAI AssistantGuidesSuccessPricingFAQ
    Log In

    Privacy Policy

    Effective as of 8 March 2026

    UK GDPR & Data Protection Act 2018 Compliant

    Introduction

    This Privacy Policy ("Policy") describes how Resell Reserve ("we," "us," "our," or "Company") handles, processes, stores, and safeguards personal data and information when you interact with our digital ecosystem, which includes our Discord community platform, web-based application, official website, and all associated tools, features, and services (collectively, the "Service").

    Your privacy is important to us. This Policy explains what information we gather, why we collect it, how we use it, who we share it with (if anyone), and what rights you have regarding your personal data under UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    By accessing, registering for, or using any component of our Service, you acknowledge that you have read this Policy and consent to our data practices as described herein. If you do not agree with any aspect of this Policy, you should not use our Service.

    1. Categories of Personal Information We Collect

    1.1 Identity and Account Information

    To provide and manage your access to our Service, we collect and store:

    • • Your Discord user identifier (snowflake ID) and display username, which are essential for authentication, role assignment, and feature access control
    • • Email address, which may be provided during account linking processes, subscription management, or when you contact our support team
    • • Payment and billing metadata, including transaction identifiers, subscription status, and payment history, which are processed and stored by our payment processor (Stripe) in accordance with their privacy practices

    1.2 Service Usage and Subscription Data

    To deliver and improve our Service, we maintain records of:

    • • Your active subscription tier (Beginner, Advanced, or Ultimate), subscription status, activation dates, renewal dates, and billing cycle information
    • • Data you voluntarily input into our web application (Advanced and Ultimate tiers only — Beginner has no web app access), such as inventory listings, expense records, financial goals, task lists, booking appointments, and any other business management information you choose to store
    • • Interaction logs showing which Discord commands you use, which features you access, and general usage patterns to help us understand how our tools are being utilized
    • • Booking and scheduling information, including appointment preferences, session history, and related communications

    1.3 Technical and System Information

    For operational and security purposes, our systems automatically capture:

    • • Transient IP addresses that appear in server access logs (these are not stored as separate, searchable records and are typically purged during log rotation)
    • • Browser and device information, including browser type, version, and basic device characteristics, to ensure compatibility and optimize user experience
    • • Error reports, crash logs, and diagnostic information that help us identify and resolve technical issues affecting the Service

    Information We Do NOT Collect: We do not intentionally collect or store special category data (sensitive personal data such as health information, biometric data, political opinions, etc.), precise geolocation data, or information from third-party analytics or tracking services. We do not maintain separate databases of IP addresses for tracking purposes.

    2. Purposes and Methods of Data Processing

    We process your personal information for the following specific purposes:

    • Service Provision and Access Control: Authenticating your identity, managing your account, assigning appropriate Discord roles based on your subscription tier, and enabling access to the tools, features, and resources you have subscribed to
    • Payment and Subscription Administration: Processing subscription payments, managing billing cycles, handling renewals, generating invoices, and maintaining financial records through our payment processor, Stripe
    • Customer Support and Communication: Responding to your inquiries, providing technical assistance, resolving issues, processing support tickets, and communicating important service updates or policy changes
    • Security and Fraud Prevention: Detecting, preventing, and investigating fraudulent activity, unauthorized access attempts, abuse of our Service, violations of our Terms, and other security threats to protect both our platform and legitimate users
    • Legal and Regulatory Compliance: Maintaining records required for accounting purposes, tax compliance, legal obligations, and responding to lawful requests from regulatory authorities or courts
    • Service Improvement: Analyzing usage patterns, identifying technical issues, understanding feature utilization, and making data-driven decisions to enhance functionality, performance, and user experience

    Our Commitment to Data Privacy

    We do not sell, rent, lease, or otherwise monetize your personal information. We do not share your data with third parties for their marketing purposes. Your information is used exclusively to operate, deliver, and improve our Service and to fulfill our legal obligations.

    4. Data Storage Infrastructure and Security Safeguards

    4.1 Data Storage and Hosting

    Your personal data and account information are stored in secure, encrypted databases hosted on Railway's cloud infrastructure. All data transfers between your device and our servers, as well as between our servers and database systems, are protected using industry-standard encryption protocols (HTTPS/TLS). Data stored in our databases is encrypted at rest to prevent unauthorized access even if physical storage media is compromised.

    4.2 Security Measures and Protections

    We implement multiple layers of security to protect your information:

    • Encryption: All sensitive data is encrypted both in transit (using TLS/SSL) and at rest (using database-level encryption) to protect against interception and unauthorized access
    • Access Controls: We employ role-based access control systems and multi-factor authentication to ensure only authorized personnel can access user data, and only to the extent necessary for their job functions
    • Payment Security: All payment card information is processed exclusively through Stripe, a PCI DSS Level 1 certified payment processor. We never store, process, or have access to your complete payment card numbers, CVV codes, or other sensitive payment authentication data
    • Authentication Security: Discord OAuth tokens are stored securely and scoped to the minimum permissions required for Service functionality. We do not request or store unnecessary Discord permissions
    • Personnel Restrictions: Access to user data is restricted to employees, contractors, or service providers who require such access to perform their duties, and all such individuals are bound by confidentiality obligations
    • Security Monitoring: We continuously monitor our systems for security threats, unauthorized access attempts, and suspicious activity, and we respond promptly to any detected security incidents
    • Regular Updates: We maintain our software, systems, and security measures with regular updates, patches, and security improvements to address emerging threats and vulnerabilities

    5. Third-Party Service Providers and Data Sharing

    Our Service integrates with and relies upon certain third-party platforms and service providers to deliver functionality. We share limited data with these providers as necessary:

    Stripe (Payment Processing)

    Stripe serves as our payment processor and operates as an independent data controller for payment-related data under their own GDPR-compliant privacy policy. We share your email address and subscription information with Stripe to process payments and manage subscriptions. Stripe handles all payment card data directly and we never receive, store, or have access to your complete card numbers or sensitive payment authentication information.

    Discord (Authentication and Community Platform)

    Discord provides OAuth authentication services and hosts our community platform. Discord operates as an independent data controller for authentication and account data. We receive your Discord user ID and username through OAuth to authenticate you and manage your account access. Discord's use of your data is governed by their privacy policy.

    Railway (Infrastructure and Hosting)

    Railway provides cloud hosting and database infrastructure services for our web application and backend. Your data is stored on Railway's servers, but Railway does not have access to the contents of encrypted databases. Railway acts as a data processor under our instructions and is bound by appropriate data processing agreements and security standards.

    Google (Analytics)

    When you accept our cookie consent banner, we use Google Analytics 4 to collect anonymised usage data (e.g. page views, referral sources) on our marketing website. Google processes this data according to their privacy policy. Analytics are only loaded after you consent; we do not load them if you decline.

    Vercel (Website Hosting)

    Our marketing website is hosted on Vercel. Vercel may process transient request data (e.g. IP addresses in server logs) in the course of delivering our website. Vercel acts as a data processor and is bound by appropriate data processing agreements.

    Upstash (Redis / Chat & Feedback)

    We use Upstash Redis for chat sessions and feedback storage on our website. Data stored there is processed in accordance with our instructions. Upstash acts as a data processor.

    Each third-party service provider maintains its own privacy policy and security standards. When data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR requirements.

    No Sale or Unauthorized Sharing

    We do not sell, rent, or share your personal information with third parties for their marketing or advertising purposes. We only share data with the service providers listed above to the extent necessary to deliver our Service to you.

    6. Your Data Protection Rights Under UK GDPR

    As a data subject under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

    Right of Access (Article 15)

    You can request a copy of all personal data we hold about you, including information about how it is processed

    Right to Rectification (Article 16)

    You can request correction of any inaccurate or incomplete personal data we hold about you

    Right to Erasure (Article 17)

    You can request deletion of your personal data in certain circumstances, subject to legal retention requirements

    Right to Restrict Processing (Article 18)

    You can request that we limit how we process your data in specific situations

    Right to Data Portability (Article 20)

    You can request that we provide your data in a structured, commonly used, machine-readable format that you can transfer to another service

    Right to Object (Article 21)

    You can object to certain types of processing, particularly processing based on legitimate interests or for direct marketing purposes

    Rights Related to Automated Decision-Making (Article 22)

    You have rights regarding automated decision-making and profiling, though we do not currently engage in such activities

    Right to Lodge a Complaint (Article 77)

    You can file a complaint with the UK's Information Commissioner's Office (ICO) if you believe we have violated your data protection rights

    To exercise any of these rights, please open a support ticket in our official Discord server (discord.gg/A6dEtkSgyu). We will respond to your request within one month (30 days) as required by UK GDPR, though we may extend this period by an additional two months for complex requests, in which case we will inform you of the extension and the reasons for it.

    7. Data Retention Periods and Deletion Practices

    Financial and Billing Records

    We retain account information, subscription records, billing data, and transaction metadata for a period of up to 6 years from your last transaction or account activity. This retention period is necessary to comply with UK tax law, accounting regulations, and potential legal or regulatory requirements. Financial records may be retained longer if required by law or if there are ongoing legal proceedings.

    Web Application and Business Data

    Data you enter into our web application (Advanced and Ultimate tiers only — Beginner has no web app access; inventory items, expenses, goals, tasks, bookings, etc.) is not automatically deleted when you cancel your subscription. This data remains stored in our systems unless you specifically request its deletion. We retain this data to allow you to reactivate your subscription and regain access to your information, and to provide continuity of service. You can request deletion of this data at any time.

    Account Deletion Requests

    When you request complete account deletion, we will delete or anonymize your personal data within 30 days of receiving your request, except where we are legally required to retain certain information (such as financial records for tax and accounting purposes, or data subject to legal holds). Deleted data cannot be recovered, so please ensure you have exported any information you wish to keep before requesting deletion.

    Discord and Authentication Data

    Discord user identifiers and authentication tokens are retained while your account is active and for a reasonable period after account closure to prevent fraud and abuse. This data may be retained longer if required for legal or security purposes.

    8. Cookies, Tracking Technologies, and Website Analytics

    Our website employs a minimal set of cookies and similar technologies:

    • Strictly Necessary Cookies: These cookies are essential for the website to function properly and cannot be disabled. They maintain your authentication session after you log in, allowing you to remain logged in as you navigate between pages
    • Preference Cookies: These cookies remember your interface preferences and settings (such as theme preferences or display options) to provide a consistent experience across visits
    • Analytics Cookies (with your consent): If you accept our cookie banner, we use Google Analytics 4 to understand how visitors use our website (e.g. page views, navigation patterns). This helps us improve the site. Analytics only load after you click "Accept" on our cookie consent banner; you can decline and we will not load them

    Cookie Consent and Control

    We use a cookie consent banner so you can choose whether to accept analytics cookies. We do not use advertising networks or share cookie data with third parties for advertising or marketing purposes. You can control or disable non-essential cookies through your browser settings, though doing so may affect certain website functionality.

    9. Protection of Minors and Children's Privacy

    Our Service is available to users of all ages, and we do not intentionally collect age information or restrict access based on age. We only collect the minimal personal data necessary for Service functionality, and we do not knowingly collect sensitive personal information from minors. We encourage parents and guardians to supervise the online activities of children under 18 and to educate them about safe internet practices. If you are a parent or guardian and believe that we have unintentionally collected personal information from a child under 13 (or under 16 in the UK) without appropriate parental consent, please open a support ticket in our Discord server (discord.gg/A6dEtkSgyu), and we will promptly investigate and delete such information if verified.

    10. Updates and Modifications to This Privacy Policy

    We may periodically update, revise, or modify this Privacy Policy to reflect changes in our data practices, legal requirements, technological developments, business operations, or other factors. When we make material changes to this Policy, we will notify users through one or more of the following methods: posting a prominent notice on our website, sending email notifications to registered email addresses, making announcements in our Discord server, or displaying in-app notifications. The "Effective Date" at the top of this Policy indicates when the most recent version became effective. Your continued use of our Service after any modifications to this Policy constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should discontinue use of the Service and may cancel your subscription in accordance with our Terms of Service.

    11. Contact Information and Data Protection Inquiries

    If you have questions, concerns, requests, or complaints regarding this Privacy Policy, our data practices, or your personal information, please contact us through the following channels:

    Resell Reserve

    Contact: Open a support ticket in our official Discord server — discord.gg/A6dEtkSgyu

    We are committed to addressing your privacy concerns promptly and transparently. We aim to respond to all data protection inquiries within 30 days as required by UK GDPR, though we may contact you sooner if we need additional information to process your request.