xchngbl

Privacy Policy

Last Updated: April 4, 2026

xchngbl (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at xchngbl.app and xchngbl.com.

1. Information We Collect

1.1 Google User Data

When you sign in with Google, we access the following information from your Google account:

  • Email address: Used to create and identify your account
  • Profile name: Displayed on your user profile
  • Profile picture: Displayed on your user profile and listings
  • Google User ID: Used for authentication purposes

We only request the minimum scopes necessary to provide our service (email, profile, and openid).

1.2 Information You Provide

When you use xchngbl, you may provide:

  • Items you list for trade (descriptions, photos, categories)
  • Trades and messages
  • Profile information you choose to add
  • Feedback and support requests

1.3 Automatically Collected Information

We automatically collect:

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used)
  • IP address and location (city/region level only)
  • Analytics data (pages visited, features used, button clicks, anonymized usage patterns)
  • Error and performance data (JavaScript errors, page load times, app performance metrics)

2. How We Use Your Information

2.1 Google User Data Usage

We use your Google account information to:

  • Create and authenticate your account: Your email and Google User ID allow you to sign in securely
  • Display your profile: Your name and profile picture are shown to other users when you list items or propose trades. You can change your profile name and picture at any time on xchngbl
  • Communicate with you: We may send account-related emails to your Google email address
  • Improve our service: We analyze usage patterns to enhance the platform

2.2 Other Data Usage

We use the information you provide to:

  • Enable trading between users
  • Display your items and listings to other users
  • Facilitate trades and messaging
  • Provide customer support
  • Prevent fraud and abuse
  • Comply with legal obligations
  • Analyze usage patterns and feature adoption to improve the platform

3. How We Share Your Information

3.1 Public Information

The following information is visible to other xchngbl users:

  • Your profile name and picture (from Google)
  • Items you list for trade
  • Public listings and trade history

3.2 Third-Party Services

We use the following third-party services that may access your data:

  • Google OAuth: For secure authentication (Google's Privacy Policy applies)
  • Supabase: For secure data storage and authentication (Supabase Privacy Policy applies)
  • Vercel: For hosting our platform (Vercel Privacy Policy applies)
  • PostHog: For anonymized product analytics and usage tracking. We do not send personal information such as names, emails, or phone numbers to PostHog. Users are identified only by an internal account identifier. PostHog uses cookies to maintain session continuity across xchngbl.com and xchngbl.app. (PostHog Privacy Policy applies)
  • Sentry: For error tracking and performance monitoring to maintain platform reliability. Sentry captures technical error data and may record anonymized session replays when errors occur. (Sentry Privacy Policy applies)

We do not sell your personal information to third parties.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored securely using:

  • Supabase (PostgreSQL database): Encrypted at rest and in transit
  • Google Cloud Platform: For authentication services
  • Vercel: For application hosting
  • PostHog (US-hosted): For anonymized analytics data
  • Sentry: For error and performance data

All data is stored in secure, encrypted databases in the United States.

4.2 Security Measures

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication via Google OAuth
  • Regular security updates and monitoring
  • Access controls and authentication requirements

4.3 Data Protection

Your Google user data is:

  • Stored securely in our database
  • Never shared with other users without your consent
  • Accessed only when necessary to provide service
  • Protected by Supabase's enterprise-grade security

5. Data Retention and Deletion

5.1 How Long We Keep Data

  • Account data: Retained while your account is active
  • Google user data: Retained as long as you use our service
  • Trade history: Retained for 2 years after trade completion
  • Messages: Retained for 1 year after sending
  • Deleted content: Removed from our servers within 30 days

5.2 Your Right to Delete Data

You can request deletion of your data at any time:

To delete your account and all associated data:

  1. Email us at xchngbl@xchngbl.com with subject “Account Deletion Request”
  2. We will delete your account and all personal data within 30 days
  3. Some data may be retained for legal compliance (e.g., fraud prevention)

To revoke Google access:

  1. Visit your Google Account permissions page
  2. Remove xchngbl from connected apps
  3. Email us at xchngbl@xchngbl.com to request data deletion

5.3 Data Portability

You can request a copy of your data by emailing xchngbl@xchngbl.com. We will provide your data in a machine-readable format (JSON) within 30 days.

6. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and data
  • Export your data
  • Opt-out of non-essential emails
  • Revoke Google OAuth access
  • Opt-out of analytics tracking: You can block analytics by using browser privacy features or extensions that block third-party scripts. Our analytics use cookies for session continuity but do not track personal information

To exercise these rights, contact us at xchngbl@xchngbl.com.

7. Children's Privacy

xchngbl is not intended for users under 18. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the “Last Updated” date
  • Sending an email to your registered address (for material changes)

Your continued use of xchngbl after changes constitutes acceptance of the updated policy.

9. Compliance with Google Policies

This privacy policy complies with:

Google User Data Handling

We adhere to Google's requirements:

  • Limited Use: We only use Google user data to provide and improve our service
  • No Sale: We never sell Google user data to third parties
  • User Control: Users can revoke access via Google Account settings
  • Transparency: We clearly disclose what data we access and why
  • Security: We use industry-standard security practices

10. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: xchngbl@xchngbl.com

Website: https://xchngbl.com

For Google OAuth-specific concerns, you can also review:

By using xchngbl, you agree to this Privacy Policy.