Data Safety

Use this summary while completing the Google Play data safety questionnaire.

Biddy.shop collects the minimum data required to connect buyers and merchants, deliver bids quickly, and issue secure digital tickets. The table below outlines the data types, their intended use, and whether they are shared with third parties.

Personal Information

  • Account data: Name, email address, phone number (required to create and verify your account).
  • Profile preferences: City, language, and optional business details to improve local matching.

Use: Account creation, authentication, and personalisation of buyer or merchant experiences.

Sharing: Not sold. Shared only with the merchants linked to the relevant request.

App Activity

  • Buyer requests: Category, specifications, budget, and timing.
  • Offers & tickets: Submitted price, availability, digital ticket status, redemption history.

Use: Core matchmaking workflow, auditing, dispute resolution, and analytics.

Sharing: Visible to counterparties involved in the same transaction. Stored securely on our servers.

Financial Data

  • In-app payments: Ticket amounts, fees, timestamps. Full card data is handled by payment processors.

Use: Billing, revenue sharing with merchants, accounting, and tax compliance.

Sharing: Shared with payment providers or authorities when legally required.

Photos & Media

  • Product images: Optional photos uploaded by buyers or merchants to illustrate requests or offers.

Use: Improving offer clarity and post-purchase verification if disputes arise.

Sharing: Visible only to the parties linked to the same request or offer.

Diagnostics & Analytics

  • Usage logs: App events, crash reports, device information (model, OS version).

Use: Detecting issues, measuring performance, and prioritising product improvements.

Sharing: Aggregated or pseudonymised before sharing with analytics providers.

Security Practices

  • TLS encryption for all network traffic between the app and our backend APIs.
  • Role-based access controls for employees and merchants, reviewed quarterly.
  • Passwords stored using salted hashing algorithms that meet current industry standards.
  • User ability to request account deletion and data export through support channels.
  • 24/7 monitoring and periodic independent penetration testing of critical systems.

Questions about privacy or security? Reach out to security@biddy.shop.