Privacy Policy

BidWut ("we," "us," or "our") operates the BidWut online auction platform located at bidwut.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

Account Information

• Name, email address, and username (required for registration)
• Phone number (optional, for SMS notifications and account verification)
• Mailing address (for shipping and pickup coordination)
• Profile photo (optional)

Payment Information

• Credit/debit card details are collected and stored securely by our payment processor, Braintree (a PayPal service). We store only the card brand, last four digits, and expiration date for display purposes.
• We never store full card numbers, CVVs, or PINs on our servers.

Auction Activity

• Bid history, watchlist, and private notes
• Order and payment history
• Notification preferences

Automatically Collected

• Browser type, device information, IP address
• Pages visited, time spent, and interaction data
• Cookies and similar tracking technologies

• To create and manage your account
• To process bids, orders, payments, and refunds
• To send transactional communications (order confirmations, payment receipts, shipping notifications, refund notifications)
• To send opted-in notifications via email and/or SMS (outbid alerts, auction start alerts, lot ending reminders, keyword match notifications)
• To coordinate pickup scheduling and send pickup reminders
• To verify your identity (email verification, phone verification)
• To prevent fraud and enforce our Terms of Service
• To improve the Service and develop new features

We use Twilio to deliver SMS notifications. SMS messaging is entirely opt-in. Users must:

1. Voluntarily add and verify their phone number
2. Explicitly enable the "Text" notification channel in their account preferences

Message types include: outbid alerts, auction start notifications, lot ending reminders (1 day, 1 hour, 30 min, 15 min, 5 min), and keyword match notifications. Message frequency depends on user activity and preferences (typically 0–10 messages per auction).

Standard message and data rates may apply. Users can opt out at any time by disabling the text channel in their notification preferences, removing their phone number, or contacting [email protected].

For full details, see our SMS Consent & Opt-In Policy.

We use SendGrid to deliver email communications. We send:

• Transactional emails (required): email verification, order confirmations, payment receipts, refund notifications, shipping notifications, pickup reminders. These cannot be disabled as they relate to your account and transactions.
• Notification emails (opt-in): outbid alerts, auction start alerts, lot ending reminders, keyword match alerts. These can be individually enabled or disabled in your notification preferences.

We do not sell your personal information. We share information only in these circumstances:

• Sellers: When you win an auction, the seller receives your username and email address to coordinate fulfillment. Sellers do not receive your phone number, payment details, or mailing address unless required for shipping.
• Payment processor: Braintree (PayPal) processes and stores your payment card information.
• Service providers: Twilio (SMS), SendGrid (email), and our cloud hosting provider (DigitalOcean) process data on our behalf under strict data processing agreements.
• Legal requirements: We may disclose information if required by law, subpoena, or government request.

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Bcrypt password hashing
• JWT-based authentication with short-lived access tokens (15 minutes) and refresh token rotation
• PCI-compliant payment processing via Braintree (card data never touches our servers)
• Phone verification codes are hashed before storage and expire after 10 minutes

• Account data is retained as long as your account is active
• Bid history and order records are retained for legal and accounting purposes
• Notification deduplication records are retained to prevent duplicate sends
• Verification tokens expire and are deleted after use or expiration
• You may request deletion of your account and personal data by contacting [email protected]

We use cookies and local storage for:

• Authentication (session tokens)
• User preferences (dark mode setting)

We do not use third-party advertising cookies.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data
• Opt out of SMS and email notifications
• Export your data in a portable format

To exercise these rights, contact [email protected].

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices:

Email: [email protected]