1. Who We Are

BidLens is an AI-powered bid assistant tool for live auctions and bidding platforms, operated by Antoan Bachev trading as BidLens ("we", "us", "our").

Website: bidlens.co.uk

Contact: privacy@bidlens.co.uk

2. What Data We Collect

We collect the following categories of personal data:

• Email address
• Password (stored as a secure hash — we never see your actual password)
• Subscription tier and billing status

• Items you analyse — item name, estimated value, condition selected, confidence score
• Number of lookups used per billing period
• Timestamps of each lookup
• Platform you were browsing (e.g. Whatnot, eBay)

• Items you log — item name, price paid, sold price, profit/loss
• eBay listing image URL used to represent the item in your dashboard
• Date and time of each logged bid

• When you click Analyse, a screenshot of your active browser tab is captured temporarily. This screenshot is sent directly to Anthropic's API for item identification and is never stored on our servers. We instruct the AI model to ignore any faces, usernames, or people visible in the screenshot and focus solely on the item being identified.

• Payments are handled entirely by Stripe. We do not store card numbers, bank details, or any financial credentials. Stripe provides us with a subscription status and customer reference only.

• Browser type and version (collected by Google Analytics)
• Approximate location (country/city level, collected by Google Analytics)
• Pages visited on bidlens.co.uk and time spent
• Extension version number

3. How We Use Your Data

We use your data for the following purposes:

• Service delivery: To provide the BidLens service — identifying items, returning price estimates, and displaying your bid tracker dashboard
• Account management: To manage your account, subscription, and usage limits
• Billing: To process payments and manage your subscription through Stripe
• Analytics: To understand how the product is used and improve it over time
• Communications: To send you important service updates, billing notifications, and security alerts. We do not send marketing emails unless you opt in.
• Legal compliance: To comply with our legal obligations under UK law

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract — Article 6(1)(b): Processing your account data, usage data, and bid tracker data to provide the service you have signed up for
• Legitimate interests — Article 6(1)(f): Processing analytics data to improve the product
• Consent — Article 6(1)(a): Processing data where you have given explicit consent (e.g. marketing emails if you opt in)
• Legal obligation — Article 6(1)(c): Processing data to meet our obligations under UK law, including tax and financial records

5. Third Parties We Share Data With

We share your data only with the following trusted third parties, each of whom processes data on our behalf under their own data processing agreements:

• Anthropic: Anthropic (anthropic.com) — receives screenshots temporarily for AI item identification. Anthropic is based in the USA. Data is transferred under Anthropic's standard contractual clauses. Screenshots are not stored after processing.
• eBay: eBay — we query eBay's API to retrieve sold listing prices. We send item search terms only, not personal data.
• Stripe: Stripe (stripe.com) — processes all payments and subscription management. Stripe is PCI-DSS compliant. We do not share card data with Stripe — your browser communicates directly with Stripe.
• Google Analytics: Google Analytics — collects anonymised usage data about how you interact with the BidLens website. You can opt out via your browser settings or a Google Analytics opt-out tool.
• Hosting provider (Railway): Railway (railway.app) — our Node.js server and SQLite database are hosted on Railway's servers in the United States. Railway is SOC 2 compliant. Data transferred between the UK and Railway's servers is protected under standard contractual clauses.

We do not sell your data to any third party. We do not share your data with advertisers.

6. How Long We Keep Your Data

• Account data: Kept for as long as your account is active. Deleted within 30 days of account deletion.
• Usage logs: Kept for 12 months on a rolling basis, then automatically deleted.
• Bid tracker data: Kept for as long as your account is active. You can delete individual entries at any time from your dashboard.
• Screenshots: Not stored — processed in memory only and discarded immediately after the AI returns a result.
• Billing records: Kept for 7 years to comply with HMRC requirements.

7. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

• Right of access: Request a copy of all personal data we hold about you
• Right to rectification: Ask us to correct any inaccurate data we hold
• Right to erasure: Ask us to delete your account and all associated personal data
• Right to restrict processing: Ask us to stop processing your data in certain circumstances
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at privacy@bidlens.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

8. Cookies

We use the following cookies on bidlens.co.uk:

• Authentication cookie (essential): Session cookie to keep you logged in while you use the dashboard. This cookie is essential and cannot be disabled.
• Analytics cookies (Google Analytics): Used by Google Analytics to understand how visitors use our website. No personally identifiable information is collected. You can opt out via your browser settings.
• Payment cookies (Stripe): Used by Stripe during the checkout process. Essential for payment processing.

We do not use advertising cookies or tracking cookies for marketing purposes.

9. Data Security

We take reasonable technical and organisational measures to protect your data, including:

• All data in transit is encrypted using HTTPS/TLS
• Passwords are hashed using bcrypt and never stored in plain text
• Screenshots are processed in memory only and never written to disk
• Access to production data is restricted to authorised personnel only
• API keys and credentials are stored in environment variables, never in code

No system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.

10. Children

BidLens is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@bidlens.co.uk and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of BidLens after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• Email: privacy@bidlens.co.uk
• Website: bidlens.co.uk

BidLens is operated by Antoan Bachev as a sole trader. Registered with the UK Information Commissioner's Office (ICO).