Data Deletion Policy

Data Deletion Policy

At Goods-A-Lot, we respect your privacy and are committed to giving you control over your personal data. This Data Deletion Policy outlines how and when your data is deleted from our systems, in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Types of Data Collected and Stored

Upon account creation, we collect and store the following user data:

• Full name
• Username
• Email address
• Location (for matching and listings)
• Profile picture

Accounts can be created using social login (e.g., Google, Facebook) or traditional email/password registration.

2. How to Delete Your Account

You can initiate account deletion at any time by following these steps:

1. Log in to your Goods-A-Lot account
2. Navigate to the "More" tab
3. Select "Account"
4. Tap "Delete Account" and confirm when prompted

3. Retention of Exchange and Giveaway Records

For transparency, platform safety, and compliance with legal obligations, we retain data related to completed exchanges or giveaways for one (1) year from the date of the transaction. This includes messages, records, and content tied to those interactions.

We retain this data under the GDPR’s lawful basis of legitimate interest (Article 6) to:

• Prevent fraud and abuse
• Comply with applicable financial or consumer protection laws
• Resolve disputes or respond to legal claims

During this retention period:

• Your account is marked as deleted and is no longer accessible or visible to others
• Other users involved in the transaction will retain access to shared records until the retention period expires

All items or data not involved in transactions will be deleted immediately. After the 12-month retention period ends, any remaining data will be permanently deleted from our systems within 30 days.

4. Data Deletion Workflow

• Non-transactional data (e.g., email, profile picture) is deleted immediately upon account deletion
• Transaction-related data is flagged as “pending deletion” and automatically erased 30 days after the 1-year retention period ends

5. Data Security During Retention

All personal data — whether active, archived, or pending deletion — is encrypted in transit and at rest. We use authentication tokens, role-based access controls, and other technical safeguards to ensure your information remains secure during the retention and deletion process.

6. User Notifications

Once you initiate account deletion, you will receive an email confirming your request. After the 1-year retention period has passed and all associated data has been fully deleted, a final confirmation email will be sent.

7. Your Rights Under Privacy Laws

California residents may have additional rights under the CCPA, including the right to access, delete, or opt out of the sale of personal information. We do not sell your personal data. We will never discriminate against you for exercising your privacy rights.

EU users have the right under the GDPR to request data access, correction, restriction, or erasure. For more information on how we protect your privacy and your rights, please refer to our Privacy Policy.

8. Changes to This Policy

We may update this Data Deletion Policy to reflect changes in our legal obligations or data practices. We will notify you of significant updates via email or in-app notifications.

Last Updated: June 15, 2025