Privacy Policy
Last updated: 14 March 2026
UK GDPR & Data Protection Act 2018 Compliant
Introduction
This Privacy Policy explains how Resell Reserve handles your personal data when you use our Service — which covers our Discord, web app, website, and all related tools.
It tells you what we collect, why we collect it, who we share it with (if anyone), and what rights you have under UK data protection law — specifically the UK GDPR and the Data Protection Act 2018.
Using our Service means you've read and accepted this Policy. If you disagree with any part of it, don't use our Service.
Data Controller: Resell Reserve is an unregistered trading name based in the United Kingdom. For data protection purposes, we act as the data controller in respect of all personal data collected through the Service. Our contact details for data protection matters are set out in Section 11.
1. What we collect
1.1 Identity and Account Information
To manage your access to the Service, we collect:
- • Your Discord user ID and display username — needed for authentication and access
- • Email address — provided when you link your account, manage your subscription, or contact support
- • Payment and billing metadata (transaction IDs, subscription status, payment history) — processed and stored by Stripe
1.2 Service Usage and Subscription Data
To run and improve the Service, we store:
- • Your active subscription tier (Beginner, Advanced, or Ultimate), subscription status, activation dates, renewal dates, and billing cycle information
- • Data you voluntarily input into our web application (Advanced and Ultimate tiers only — Beginner has no web app access), such as inventory listings, expense records, financial goals, task lists, booking appointments, and any other business management information you choose to store
- • Interaction logs showing which Discord commands and features you use, to help us understand how the tools are being used
- • Booking and scheduling information, including appointment preferences, session history, and related communications
1.3 Technical and System Information
Our systems automatically capture:
- • IP addresses in server logs (not stored as separate records — purged during log rotation)
- • Browser type and basic device info, to check compatibility
- • Crash logs and error reports to fix technical issues
Information We Do NOT Collect: We do not intentionally collect or store special category data (sensitive personal data such as health information, biometric data, political opinions, etc.), precise geolocation data, or information from third-party analytics or tracking services. We do not maintain separate databases of IP addresses for tracking purposes.
2. How we use your data
We use your data for:
- •Service provision: Authenticating you, managing your account, assigning Discord roles, and giving you access to what you've subscribed to
- •Payments: Processing subscription charges, managing billing, and keeping financial records via Stripe
- •Support: Responding to questions, fixing issues, and sending important service updates
- •Security: Detecting and preventing fraud, unauthorized access, and abuse
- •Legal compliance: Meeting tax, accounting, and other legal obligations, and responding to lawful requests from authorities
- •Improvement: Analysing usage patterns and technical issues to make the Service better
We don't sell your data
We don't sell, rent, or share your data for anyone else's marketing. Your information is only used to run the Service and meet our legal obligations.
3. Lawful Basis for Processing Under UK GDPR
In accordance with UK GDPR Article 6, we process your personal data based on the following lawful grounds:
Performance of Contract (Article 6(1)(b))
We process your data to fulfill our contractual obligations to you, including: delivering the subscription services you have purchased, providing access to tools and features, managing your account, processing payments, and maintaining your subscription status.
Legitimate Interests (Article 6(1)(f))
We process data based on our legitimate business interests, which include: protecting the security and integrity of our Service, preventing fraud and abuse, improving our tools and features, providing customer support, and ensuring the proper functioning of our platform. We balance these interests against your privacy rights and only process data where necessary.
Legal Obligation (Article 6(1)(c))
We retain and process certain data to comply with legal obligations under UK law, including: maintaining financial and accounting records for tax purposes, responding to lawful requests from authorities, and fulfilling record-keeping requirements mandated by applicable regulations.
Consent (Article 6(1)(a))
Where you have actively opted in via our cookie consent banner, we process analytics data (via Google Analytics 4) on the basis of your consent. You may withdraw your consent at any time by declining or clearing cookies in your browser settings. Withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal.
4. Storage and security
4.1 Data Storage and Hosting
Your personal data and account information are stored in secure, encrypted databases hosted on Railway's cloud infrastructure. All data transfers between your device and our servers, as well as between our servers and database systems, are protected using industry-standard encryption protocols (HTTPS/TLS). Data stored in our databases is encrypted at rest to prevent unauthorized access even if physical storage media is compromised.
4.2 Security Measures and Protections
Our security includes:
- •Encryption: All sensitive data is encrypted both in transit (using TLS/SSL) and at rest (using database-level encryption) to protect against interception and unauthorized access
- •Access Controls: We employ role-based access control systems and multi-factor authentication to ensure only authorized personnel can access user data, and only to the extent necessary for their job functions
- •Payment security: All card data goes through Stripe (PCI DSS Level 1). We never see your full card numbers or CVV
- •Auth tokens: Discord OAuth tokens are stored securely with minimal permissions. We don't request anything we don't need
- •Access restrictions: Only people who need your data to do their job can access it, and they're bound by confidentiality
- •Monitoring: We monitor for threats and suspicious activity and respond quickly to incidents
- •Updates: We keep our systems patched and up to date
5. Third-party services and data sharing
We use a handful of third-party services to run the platform. We share data with them only as needed:
Stripe (Payment Processing)
Stripe handles all payment processing and is an independent data controller under their own privacy policy. We share your email and subscription info with them. Stripe deals with card data directly — we never see your full card numbers.
Discord (Authentication and Community Platform)
Discord handles authentication and hosts our community. They're an independent data controller. We receive your Discord user ID and username via OAuth to manage your account. What Discord does with your data is covered by their privacy policy.
Railway (Infrastructure and Hosting)
Railway provides cloud hosting and database infrastructure services for our web application and backend. Your data is stored on Railway's servers, but Railway does not have access to the contents of encrypted databases. Railway acts as a data processor under our instructions and is bound by appropriate data processing agreements and security standards.
Google (Analytics)
When you accept our cookie consent banner, we use Google Analytics 4 to collect anonymised usage data (e.g. page views, referral sources) on our marketing website. Google processes this data according to their privacy policy. Analytics are only loaded after you consent; we do not load them if you decline.
Vercel (Website Hosting)
Our marketing website is hosted on Vercel. Vercel may process transient request data (e.g. IP addresses in server logs) in the course of delivering our website. Vercel acts as a data processor and is bound by appropriate data processing agreements.
Upstash (Redis / Chat & Feedback)
We use Upstash Redis for chat sessions and feedback storage on our website. Data stored there is processed in accordance with our instructions. Upstash acts as a data processor.
Each third-party service provider maintains its own privacy policy and security standards. When data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR requirements.
No Sale or Unauthorized Sharing
We do not sell, rent, or share your personal information with third parties for their marketing or advertising purposes. We only share data with the service providers listed above to the extent necessary to deliver our Service to you.
6. Your rights
Under UK GDPR, you have the following rights over your personal data:
Right of Access (Article 15)
You can request a copy of all personal data we hold about you, including information about how it is processed
Right to Rectification (Article 16)
You can request correction of any inaccurate or incomplete personal data we hold about you
Right to Erasure (Article 17)
You can request deletion of your personal data in certain circumstances, subject to legal retention requirements
Right to Restrict Processing (Article 18)
You can request that we limit how we process your data in specific situations
Right to Data Portability (Article 20)
You can request that we provide your data in a structured, commonly used, machine-readable format that you can transfer to another service
Right to Object (Article 21)
You can object to certain types of processing, particularly processing based on legitimate interests or for direct marketing purposes
Rights Related to Automated Decision-Making (Article 22)
We operate automated tools (AutoBuy and AutoCop) that execute purchasing actions on your behalf based on your configured preferences. These tools act on instructions you define and do not make decisions that produce legal or similarly significant effects about you as an individual. However, you have the right to request human review of any automated action taken through our Service. To do so, contact us at support@resellreserve.co.uk.
Right to Lodge a Complaint (Article 77)
You have the right to lodge a complaint with the UK supervisory authority for data protection if you believe we have violated your data protection rights
To use any of these rights, email us at support@resellreserve.co.uk or open a ticket in our Discord server. We'll respond within 30 days as required by UK GDPR. For complex requests we may take up to 3 months — we'll let you know if that's the case. We don't charge a fee unless a request is clearly excessive or unfounded.
7. How long we keep your data
Financial and Billing Records
We keep account, subscription, and billing records for up to 6 years from your last transaction. This is required by UK tax law. We may hold records longer if there are ongoing legal proceedings.
Web Application and Business Data
Data you enter into our web application (Advanced and Ultimate tiers only — Beginner has no web app access; inventory items, expenses, goals, tasks, bookings, etc.) is not automatically deleted when you cancel your subscription. This data remains stored in our systems unless you specifically request its deletion. We retain this data to allow you to reactivate your subscription and regain access to your information, and to provide continuity of service. You can request deletion of this data at any time.
Account Deletion Requests
When you request complete account deletion, we will delete or anonymize your personal data within 30 days of receiving your request, except where we are legally required to retain certain information (such as financial records for tax and accounting purposes, or data subject to legal holds). Deleted data cannot be recovered, so please ensure you have exported any information you wish to keep before requesting deletion.
Discord and Authentication Data
Discord user identifiers and authentication tokens are retained while your account is active and for a reasonable period after account closure to prevent fraud and abuse. This data may be retained longer if required for legal or security purposes.
9. Children's privacy
Our Service is for users aged 13 and over, in line with Discord's minimum age. We don't knowingly collect data from under-13s. If you're 13–17, make sure you have parental permission.
If you're a parent or guardian and think we've collected data from a child under 13, contact us at support@resellreserve.co.uk or via our Discord server and we'll investigate and delete it promptly.
10. Updates to this policy
We may update this Policy from time to time. If we make material changes, we'll let you know — via Discord, email, or a notice on the site. The date at the top shows when the current version took effect. Continuing to use the Service after changes means you accept the updated Policy. If you disagree, you can cancel your subscription and stop using the Service.
11. Contact us
Questions about this Policy or how we handle your data? Get in touch:
Resell Reserve
Operating as an unregistered trading name based in the United Kingdom.
Email: support@resellreserve.co.uk
Discord: Open a support ticket in our official server — our Discord server
Supervisory Authority: If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK supervisory authority for data protection. We would appreciate the opportunity to address your concerns first, so please contact us at support@resellreserve.co.uk before taking that step.
We are committed to addressing your privacy concerns promptly and transparently. We aim to respond to all data protection inquiries within 30 days as required by UK GDPR, though we may contact you sooner if we need additional information to process your request.