PRIVACY POLICY

Last updated April 26, 2026

This Privacy Notice for Pcific Marketplaces Limited (doing business as PCIFIC) ("PCIFIC", "we", "us", or "our") explains how and why we collect, use, store, disclose, and otherwise process personal information when you use our services ("Services"), including when you:

visit https://pcific.co.uk or any website of ours that links to this Privacy Notice; create an account, buy, sell, list, search for, save, watch, or interact with items on the PCIFIC marketplace; use PCIFIC support, shipping, payment, AI, verification, analytics, map, mobile, or newsletter features; or contact us or interact with us in other related ways, including sales, marketing, or events. PCIFIC is a UK-based online marketplace focused on sustainability, repair, reuse, and the resale of electronics, parts, and related products.

Questions or concerns? Reading this Privacy Notice will help you understand your rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions, you can contact us at support@pcific.co.uk.

SUMMARY OF KEY POINTS

This summary provides a short overview of our Privacy Notice. You can find more detail under the full sections below.

What personal information do we process? We process personal information you give us directly, information generated through your use of the marketplace, and limited information from third parties you choose to use with us, such as social login, payment, shipping, support, and verification providers.

Do we process sensitive personal information? We do not intentionally require special category personal data for normal use of the marketplace. However, support messages, attachments, screenshots, disputes, or verification materials may contain sensitive information if you choose to provide it, so please only submit what is necessary.

Do we receive information from third parties? Yes. In some situations we receive information from third parties, such as Google or Facebook when you use social sign-in, Stripe for payments, shipping and carrier providers for fulfilment/tracking events, SendGrid/Twilio email infrastructure when handling support replies, map providers, and serial/IMEI verification providers if you use those tools.

How do we process your information? We process your information to provide and operate the marketplace, create and manage accounts, process payments and shipping, respond to support requests, prevent fraud and misuse, provide AI-powered features, send service communications, send marketing where permitted, and comply with legal obligations.

When and with whom do we share personal information? We share personal information with service providers and platform providers that help us run PCIFIC, such as Sharetribe, Stripe, OpenRouter, shipping and carrier providers, SendGrid/Twilio email infrastructure, MailerLite, Mapbox, Google Analytics, and social login providers where relevant.

Do we use AI? Yes. We use AI-powered marketplace features. We do not use ordinary user AI conversations to train PCIFIC AI models. If an AI interaction becomes a support case or dispute, we may keep relevant messages, summaries, attachments, and case records so we can help you.

Do we use cookies and similar technologies? Yes. We use cookies, local storage, session storage, service-worker/Cache Storage, scripts, mobile device-secure storage, and similar technologies for security, account/session management, marketplace features, analytics where permitted, and user preferences.

How do we keep your information safe? We use technical and organisational measures intended to protect personal information. However, no online service or transmission is completely secure.

What are your rights? Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port your personal information, and to withdraw consent where we rely on consent.

How do you exercise your rights? You can contact us at support@pcific.co.uk. If applicable law gives you the right to complain to a regulator, UK users can complain to the Information Commissioner's Office (ICO).

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. HOW DO WE USE AI FEATURES?
5. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
6. DO WE USE COOKIES, ANALYTICS, AND SIMILAR TECHNOLOGIES?
7. HOW DO WE HANDLE SOCIAL LOGINS?
8. HOW DO WE HANDLE PAYMENTS, SHIPPING, SUPPORT, AND VERIFICATION?
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. DO WE TRANSFER PERSONAL INFORMATION INTERNATIONALLY?
12. DO WE COLLECT INFORMATION FROM MINORS?
13. WHAT ARE YOUR PRIVACY RIGHTS?
14. CONTROLS FOR DO-NOT-TRACK FEATURES
15. DO WE MAKE UPDATES TO THIS NOTICE?
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register for an account, create or manage listings, buy or sell through the marketplace, contact support, join our newsletter, use optional verification or social login features, or otherwise communicate with us.

Depending on how you use the Services, this information may include:

name and display name; email address; phone number; postal address, billing address, and shipping address; account credentials and authentication information; profile information, bio, public profile details, private profile details, preferences, saved searches, favourites, price watches, and saved sellers; listing content, listing images, device details, item condition, pricing, availability, and marketplace messages; support requests, messages, screenshots, attachments, and other materials you send us; dispute, fraud-report, and report-listing information; newsletter, waitlist, and important-update signup details; seller onboarding, payout, or verification information handled through our payment providers; and serial or IMEI information if you use device verification tools we make available; AI prompts, uploads, and related context you submit to AI-enabled features; and shipping, returns, service-point, parcel, and tracking information needed to fulfil marketplace orders.

Please make sure that any personal information you provide is accurate and up to date, and let us know if it changes.

Account, authentication, and mobile data

We process information needed to create, authenticate, secure, and manage accounts. On the web, this includes cookies and session-related data. During some social-login flows, we may temporarily use sign-in preview information such as email, name, identity-provider ID, and login/signup state to complete account creation. On mobile, access tokens may be stored using device-secure storage such as Keychain and sent as bearer tokens to authenticate API requests.

Payment data

When you make purchases or use seller payout/onboarding features, payment-related information is processed by Stripe. We do not store full payment card numbers on our own systems. Stripe may process payment instrument details, identity/onboarding details, transaction information, billing name, billing email, billing phone, billing address, connected-account information, payout data, and related account information in accordance with its own privacy documentation.

Support and case-management data

If you contact support or if an issue is escalated into a support ticket, we may process:

your name, email, and account identifier; your support message content; any screenshots, photos, or other attachments you send us; internal summaries used to help our support team triage or respond to the issue; related listing, seller, or transaction references; and email reply content and email metadata when you reply to support messages by email.

Support, dispute, fraud, and report flows may include AI-generated summaries, conversation snapshots, case packets, seller-thread copies, and attachments where needed to investigate or resolve the matter.

Information automatically collected

In Short: We automatically collect some information when you use our Services, such as IP address, device/browser data, usage data, and technical diagnostics.

We automatically collect certain information when you visit, use, or navigate our Services. This may include:

IP address; browser type and version; operating system and device information; referring URLs; page/activity timestamps; technical logs and diagnostics; security, fraud-prevention, rate-limit, and abuse-prevention information; and information about how and when you use marketplace features.

We use this information to operate the Services, maintain security, prevent fraud and misuse, troubleshoot issues, understand service performance, and improve the user experience.

Listing view and engagement data

When you view listings or use related marketplace features, we may use a session identifier, IP address, account ID, or similar technical identifier to count listing views, prevent abuse, calculate view/trending statistics, support wishlist/live-viewer features, and improve marketplace relevance.

Cookies, browser storage, service workers, and local device storage

We use cookies and similar technologies, including localStorage, sessionStorage, service-worker Cache Storage, scripts, and comparable browser-side technologies. These may be used to remember consent choices, maintain sessions, support cart/search/recently viewed features, keep AI or UI preferences, store unread or sound preferences, count listing engagement, and improve security. In the mobile app, authentication tokens may be stored using device-secure storage.

Location data

If you use location-based features, we may process location-related information such as search locations, address-autocomplete queries, map/geocoding requests, map bounds, coordinates, service-point locations, and, where you choose to enable it, your current device location. You can usually control precise location permissions through your device or browser settings.

Information we receive from third parties

In some circumstances, we receive personal information from third parties, including:

Google or Facebook when you use social sign-in; Stripe in connection with payment, payout, or onboarding status; shipping, logistics, returns, carrier, service-point, label, and tracking providers in connection with delivery, returns, service points, labels, and tracking; support email providers when we receive or process support emails and attachments; map/address providers when you use map, address search, or location features; analytics providers when analytics is enabled with your choices and applicable law; and serial/IMEI verification providers if you use device-checking features.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to operate, secure, support, and improve the marketplace and related services.

We process personal information for purposes including:

creating and managing user accounts; authenticating users and social sign-in; publishing and managing listings; processing purchases, payments, payouts, refunds, and related transactions; arranging shipping, returns, service points, and tracking; responding to support requests, disputes, and fraud or safety reports; providing optional AI-powered search, listing, support, and marketplace-assistance features; communicating with you about your account, transactions, listings, support cases, and policy changes; sending newsletters or marketing communications where permitted by law and consistent with your choices; sending important marketplace, account, safety, or service updates; saving marketplace preferences such as saved searches, price watches, favourites, saved sellers, cart state, and AI guidance preferences; counting listing views, improving search/recommendations, and protecting the marketplace from manipulation or abuse; monitoring service reliability, diagnosing errors, and protecting the Services from abuse, fraud, and security incidents; and complying with legal obligations and enforcing our terms.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process personal information when we have a valid legal basis to do so.

Where UK GDPR, EU GDPR, or similar laws apply, we rely on one or more of the following legal bases:

Performance of a contract: where processing is necessary to provide the marketplace, complete transactions, manage accounts, or provide services you request. Legitimate interests: where processing is necessary for marketplace operations, fraud prevention, product improvement, support management, shipping coordination, network security, and service monitoring, provided those interests are not overridden by your rights and freedoms. Consent: where we rely on consent for certain optional cookies, storage/access technologies, newsletters, or similar features. Legal obligation: where we must process information to comply with tax, accounting, law-enforcement, regulatory, or other legal requirements. Vital interests: in limited circumstances where processing is necessary to protect someone from serious harm.

4. HOW DO WE USE AI FEATURES?

In Short: We offer AI-powered features and may send relevant prompts, context, and uploads to AI infrastructure to generate responses or support marketplace workflows.

PCIFIC offers AI-powered features such as search, listing assistance, support assistance, product comparison, and marketplace guidance. When you use those features, we may process:

the text you submit; relevant marketplace context you choose to provide; listing, transaction, or account context needed for the requested feature; images or files you upload to AI-enabled features; and AI-generated output, tool results, and action data needed to return the result.

We currently route AI requests through OpenRouter. PCIFIC does not currently enforce OpenRouter ZDR routing or provider-side data-collection denial in code. OpenRouter's current documentation says OpenRouter itself does not store prompts or responses unless prompt logging is enabled, but it does store request metadata such as token counts and latency, and third-party provider logging, retention, or data-use policies may vary.

We do not use ordinary user AI conversations to train PCIFIC AI models. However, if an AI interaction is escalated into a support ticket, dispute, fraud report, or other case-management flow, we may store the relevant conversation content, internal summaries, attachments, case packets, seller-thread copies, and follow-up messages so our team can investigate and assist you.

AI features may also use safety controls such as rate limiting, abuse detection, suspicious-query logging, and operational diagnostics. Please do not submit unnecessary sensitive information into AI features.

5. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information with service providers and partners that help us operate PCIFIC, and in certain legal or business situations.

We may share personal information with the following categories of recipients, depending on how you use the Services:

Marketplace infrastructure providers, including Sharetribe. Payment processors and payment-related providers, including Stripe. AI service providers, including OpenRouter for AI request routing and model access. Shipping, logistics, returns, carrier, service-point, label, and tracking providers we use from time to time. Support email and communication providers, including SendGrid/Twilio email infrastructure for inbound/outbound support email handling. Newsletter, waitlist, and email-update providers, including MailerLite. Map, address-autocomplete, and geocoding providers, including Mapbox and, where enabled, Google Maps services. Analytics providers, including Google Analytics where analytics is enabled with your choices and applicable law. Social login providers, such as Google and Facebook, when you choose to use them. Verification providers, such as serial or IMEI checking providers, when you choose to use those tools.

We may also disclose information:

if required by law, regulation, court order, or legal process; to detect, investigate, or prevent fraud, abuse, or security incidents; to enforce our terms and protect our rights, users, or the public; or in connection with a merger, sale of assets, financing, or acquisition.

6. DO WE USE COOKIES, ANALYTICS, AND SIMILAR TECHNOLOGIES?

In Short: Yes. We use cookies and similar technologies, including browser storage, service workers, scripts, and mobile secure storage, for security, account/session management, marketplace functionality, analytics where permitted, and certain optional features.

We use cookies and similar technologies such as localStorage, sessionStorage, service-worker Cache Storage, scripts, and comparable browser-side technologies to:

keep you signed in and maintain sessions; remember your cookie/privacy choices; support core marketplace features such as saved cart or search-history convenience features where enabled; protect the Services against misuse and fraud; count engagement such as listing views and similar technical usage events; store interface preferences such as AI overview mode, unread state, sound settings, and similar convenience choices; support Google Analytics where analytics is permitted by your consent and applicable law; and support map/address functionality, service-worker caching, and other technical features.

Some of these technologies are strictly necessary for the Services to work. Others may be optional and used only where permitted by law and consistent with your choices.

Google Analytics is used to understand how people use PCIFIC and improve the Services. The current implementation loads GA4 only after the full-consent choice is recorded. If analytics, marketing, or similar optional technologies are added or changed, more detail may also be provided in a separate Cookie Notice or preferences interface.

7. HOW DO WE HANDLE SOCIAL LOGINS?

In Short: If you choose to register or log in through Google or Facebook, we may receive certain information from those providers.

If you choose to use a social login, we may receive profile or authentication information from the provider, such as your name, email address, and other information made available by that provider for sign-in purposes.

We use that information to authenticate you, create or connect your PCIFIC account, and support account management. We do not control how those third-party providers handle your information on their own services, so you should review their privacy notices directly.

8. HOW DO WE HANDLE PAYMENTS, SHIPPING, SUPPORT, AND VERIFICATION?

In Short: Marketplace transactions require specialist providers for payments, shipping, support email, and device verification.

Payments and payouts are handled through Stripe. Stripe may process payment method, billing, transaction, identity, onboarding, connected-account, and payout information. We do not store full payment card numbers on our own systems.

Shipping, returns, labels, service points, and tracking may be handled through shipping, logistics, returns, carrier, service-point, label, and tracking providers we use from time to time. This can involve buyer and seller names, addresses, phone numbers, email addresses, parcel information, shipping options, tracking numbers, label URLs, and shipment status updates.

Support messages and replies may be handled through support email infrastructure, including SendGrid/Twilio email services. Inbound replies and attachments may be parsed, linked to a support ticket, and stored so we can respond and maintain a case history.

If you use serial or IMEI verification tools, device identifiers and related device information may be sent to verification providers such as IMEI.org. Results may include information such as device model, storage, colour, carrier, blacklist status, warranty or activation information, and related verification metadata. We may keep verification results, hashed identifiers, listing references, and user references to support anti-fraud and marketplace safety.

9. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep personal information only for as long as reasonably necessary for the purposes described in this Notice, unless a longer retention period is required by law.

Retention periods vary depending on the type of information and why we collected it. For example:

account and marketplace data may be kept while your account remains active and for a reasonable period after closure where required for disputes, fraud prevention, compliance, or legal claims; transaction, billing, tax, and accounting records may be kept for longer where required by law; support records may be kept for as long as necessary to manage the case, improve support quality, defend legal claims, and comply with legal obligations; fraud, safety, device-verification, and abuse-prevention records may be kept where needed to protect the marketplace and users; device/browser storage identifiers and technical logs may be kept for shorter operational or security periods; and if we no longer need information, we will delete, anonymise, or securely isolate it where feasible.

Account deletion may be delayed or limited where there are ongoing transactions, disputes, fraud concerns, legal obligations, accounting requirements, or records held by third-party providers. Where deletion is available, we may need to coordinate across PCIFIC systems and service providers.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We use technical and organisational security measures designed to protect personal information.

We take steps designed to protect personal information against accidental loss, unauthorised access, misuse, alteration, and disclosure. Depending on the service, this may include access controls, signed webhooks, security monitoring, rate limiting, and other operational safeguards.

However, no online service, email transmission, storage system, or internet-connected environment can be guaranteed to be completely secure. You should use the Services only in a secure environment and avoid sending unnecessary sensitive information.

11. DO WE TRANSFER PERSONAL INFORMATION INTERNATIONALLY?

In Short: Yes, some providers and infrastructure may process personal information outside the United Kingdom.

PCIFIC is based in the United Kingdom, but the service providers we use may process information in the UK, EEA, United States, or other countries. Where required, we rely on appropriate safeguards for international transfers, such as adequacy regulations, standard contractual clauses, data processing agreements, or other transfer mechanisms recognised by applicable law.

12. DO WE COLLECT INFORMATION FROM MINORS?

In Short: PCIFIC is not intended for children, and we do not knowingly collect personal information from children in violation of applicable law.

PCIFIC is intended for users who are old enough to use the marketplace lawfully and enter into the relevant marketplace arrangements. We do not knowingly collect personal information from children where doing so would violate applicable law. If you believe a child has provided personal information to us improperly, please contact us so we can investigate and take appropriate action.

13. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on where you live, you may have rights over your personal information.

Depending on applicable law, your rights may include:

the right to access your personal information; the right to correct inaccurate information; the right to request deletion; the right to restrict or object to certain processing; the right to data portability in certain cases; the right to withdraw consent where we rely on consent; and the right not to be subject to certain solely automated decisions, where applicable.

To exercise your rights, contact us at support@pcific.co.uk.

If you are in the UK and believe we have processed your personal information unlawfully, you can complain to the Information Commissioner's Office (ICO). If you are in the EEA or Switzerland, you may also have the right to complain to your local supervisory authority.

14. CONTROLS FOR DO-NOT-TRACK FEATURES

Most browsers include a Do-Not-Track ("DNT") setting. Because there is not currently a consistent industry standard for recognising and honouring DNT signals across websites and services, we do not currently respond to DNT signals in a standardised way.

If we adopt a standard in the future that we are required to follow, we will update this Notice.

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes. We may update this Privacy Notice from time to time.

We may revise this Privacy Notice to reflect changes in our Services, legal obligations, or privacy practices. The updated version will be identified by the "Last updated" date at the top of this Notice. Where required, we will also provide additional notice of material changes.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this Privacy Notice, you can contact us at:

Pcific Marketplaces Limited 71-75 Shelton Street London WC2H 9JQ United Kingdom support@pcific.co.uk

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You may request access to, correction of, or deletion of the personal information we hold about you, subject to applicable law and any lawful exemptions. You may also request that we restrict processing or provide a copy of certain data.

To make a privacy request, please contact us at support@pcific.co.uk. We may need to verify your identity before completing your request.

Please note that deleting a marketplace account may not immediately remove all records where retention is required for ongoing transactions, legal compliance, fraud prevention, or dispute handling. We may also need to coordinate deletion across third-party providers that processed data on our behalf.

If we make material changes to these Terms that adversely affect your rights or obligations, we will provide reasonable advance notice where required or appropriate. Continued use of PCIFIC after the updated Terms take effect means you accept the updated Terms. If you do not agree, you should stop using the Services before the changes take effect.