This policy covers the Slabbist iOS app and slabbist.com. We wrote it to be short and readable. The defined terms (Controller, Processor, etc.) have the same meaning as in the GDPR. The long version of any section is available on request.
1. Who we are
Slabbist Inc. ("Slabbist", "we") is a Delaware corporation based in the Pacific Northwest, USA. For privacy questions write to privacy@slabbist.com.
2. What we collect
When you join the waitlist
- Email address
- Audience (store or collector)
- Approximate timestamp and IP address (used for abuse prevention, discarded after 30 days)
When you create a Slabbist account
- Name, email, and password (hashed with Argon2id)
- Store or role metadata (owner vs. associate)
- Scans, cert numbers, pricing, margin rules, offer sheets, and any other data you enter into the app
- Device type and OS version for crash diagnostics
When you use the collector marketplace (future)
- Government ID and selfie for identity verification (processed by our vendor, Persona)
- Payment method details (processed by Stripe — we never see the card number)
- Shipping address for buys
3. What we do not collect
- We do not sell personal data. Ever.
- We do not fingerprint your device or sync advertising IDs.
- We do not share your buy history with other stores or vendors.
4. Why we collect it
To run the service you asked us to run: reading certs, resolving comps, syncing your lot across devices, and producing offer sheets. To spot abuse and fix bugs. To bill for the 1% buyer fee on marketplace transactions (when that ships).
5. Who we share it with
We share personal data with service providers who help us run Slabbist — listed in full on request. At the time of writing: Supabase (hosting, Postgres, auth), Stripe (payments, future), Persona (ID verification, future), Resend (email), Sentry (crash reports, with PII redaction). None of them may use your data for their own purposes.
We disclose data to law enforcement only when we are legally compelled. We will give you notice first when we are permitted to.
6. Retention
- Waitlist signups: until launch, then moved into your account record if you create one, or deleted if you do not.
- Scans and lots: retained for the life of your account; deleted 30 days after account closure.
- Financial records: retained for 7 years where tax law requires it.
- Backups: purged within 90 days.
7. Your rights
Depending on where you live, you have the right to access, correct, delete, port, or object to the processing of your personal data. To exercise any of these, email privacy@slabbist.com. We respond within 30 days.
California residents: we do not sell or share personal information under the CCPA definitions. You still have the right to know, delete, correct, and request limited use of sensitive personal information.
8. International transfers
Slabbist is hosted in the United States. If you access the service from the European Economic Area or the United Kingdom, your data is transferred under Standard Contractual Clauses or equivalent safeguards.
9. Children
Slabbist is not for anyone under 13. If you believe a child has given us personal data, email privacy@slabbist.com and we will delete it.
10. Changes to this policy
If we change anything material, we will email you and post a dated notice on this page at least 30 days before the change takes effect.