snkrvalue← Legal

Privacy Policy

Last updated: 2026-04-14

This Privacy Policy describes how snkrvalue (operated by Daniel Kopanev, “we”, “us”) processes personal data when you use our website snkrvalue.online and our services (collectively, the “Service”).

1. Controller

Daniel Kopanev
Ansbacher Straße 8
10787 Berlin
Germany
Email: snkrvalue.online@gmail.com

2. Data we process

2.1 Anonymous scan and IP-based rate limiting

We allow a limited anonymous scan feature without account registration. To enforce the limit of one anonymous scan per IP address within 24 hours and to protect the Service against abuse, we process:

  • IP address
  • user agent
  • uploaded sneaker image
  • scan result data
  • timestamp

Purpose: abuse prevention, enforcement of the anonymous free-scan limit, service security, technical integrity.

Legal basis: Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interests: preventing misuse of the anonymous scan feature, ensuring fair access, protecting system stability, defending against abusive automated or repeated use.

2.2 Registered user accounts

For registered users we process:

  • email address
  • user identifier
  • authentication tokens (essential cookies / session data)
  • uploaded sneaker images and derived metadata
  • scan history (brand, model, colorway, SKU, size, condition, user-entered purchase price, fair value, verdict, fake-risk flag, platform breakdown)
  • referral code and referral attribution data
  • subscription status and Stripe customer identifier
  • purchase records
  • timestamps and usage metrics

Legal bases: Art. 6(1)(b) GDPR (contract performance); Art. 6(1)(c) GDPR for statutory retention; Art. 6(1)(f) GDPR for service security and fraud prevention.

2.3 Waitlist

If you join the Chrome extension waitlist, we store your email address under Art. 6(1)(a) GDPR (consent) for as long as you remain on the waitlist.

2.4 Hosting and security logs

Hosting, uptime, debugging, abuse prevention, and aggregate performance measurement. Data: request metadata, truncated IP, log data, browser/device information, performance metrics. Legal basis: Art. 6(1)(f) GDPR; where required, Art. 6(1)(a) GDPR.

3. OpenAI (AI image analysis and listing generation)

To provide sneaker identification, SKU and colorway recognition, and AI-assisted listing text, we use OpenAI as a processor.

  • Provider: OpenAI Ireland Ltd. / OpenAI group companies
  • Purpose: sneaker image analysis, model/SKU identification, structured result generation, listing copy generation
  • Categories of data processed: uploaded sneaker images, sneaker-related metadata, prompts, model outputs
  • Legal basis: Art. 6(1)(b) GDPR for registered users where processing is necessary to provide the requested service; Art. 6(1)(f) GDPR for abuse prevention, service security, and technical reliability; where applicable, Art. 6(1)(a) GDPR for optional consent-based processing.
  • Third-country transfer: In the course of processing, personal data may be transferred to recipients in countries outside the European Economic Area, including the United States. Where such transfers occur, they are based on the transfer mechanisms provided for under applicable data protection law, such as adequacy decisions and/or the European Commission's Standard Contractual Clauses, as applicable under our contractual setup with the provider.

We use OpenAI's business/API services. According to OpenAI's business/API privacy documentation, customer data is not used for training by default.

If you do not want your uploaded sneaker image to be processed by OpenAI, please do not use the scan feature.

4. Service providers / processors

We use the following service providers to operate snkrvalue:

  • Supabase — Auth, database, storage. Data: account data, scan records, uploaded images. Region: EU (Frankfurt). Safeguards: Data Processing Addendum.
  • Vercel — Hosting, serverless functions, analytics/performance. Data: request metadata, logs, performance data. Region: EU/global depending on service configuration. Safeguards: Data Processing Addendum / contractual safeguards.
  • Stripe — Payments, subscriptions, billing portal. Data: email, billing data, transaction data, payment-related metadata. Region: EU / international as configured by Stripe. Safeguards: Data Processing Addendum / contractual safeguards.
  • OpenAI — Sneaker image analysis, listing generation. Data: uploaded sneaker images, prompts, sneaker metadata, AI outputs. Region: may involve transfers outside the EEA, including the US. Safeguards: Data Processing Addendum and applicable transfer safeguards.
  • KicksDB — Aggregated sneaker market pricing. Data: sneaker model/title/SKU query only, no direct user identifiers intentionally shared. Region: US.
  • eBay Browse API (optional) — Sold-listing comparison. Data: sneaker search query only, no direct user identifiers intentionally shared. Region: global.
  • Sentry (if enabled) — Error tracking. Data: stack traces, error context, session metadata. Region: provider-configured. Safeguards: Data Processing Addendum.

5. Cookies and similar technologies

We use essential cookies and similar technologies required for authentication, security, and core site functionality.

We also use optional technologies only with your consent, including:

  • referral storage (snkr_ref) to remember a referral code for sign-up attribution (set only after “Accept all”)
  • analytics features where enabled

You can choose between:

  • Essentials only: only strictly necessary technologies are used
  • Accept all: optional technologies such as referral storage may also be used

You can change your choice at any time by clearing your browser storage and revisiting the site.

5.1 Vercel Analytics and performance monitoring

We use Vercel-hosted analytics and performance monitoring features to understand overall site usage, reliability, and performance.

According to Vercel's documentation, Vercel Web Analytics does not use third-party cookies and works with privacy-focused measurement methods. Depending on our configuration and your consent choices, analytics-related data may include truncated or derived request information, page views, referrers, device/browser information, and performance metrics.

Where legally required, we only enable optional analytics processing based on your consent.

6. Retention periods

Unless a longer statutory retention obligation applies, we retain personal data only for as long as necessary for the respective purposes.

Anonymous scan data

  • IP address: up to 48 hours
  • user agent: up to 48 hours
  • uploaded anonymous scan image: up to 7 days
  • anonymous scan result record: up to 7 days

Registered user account data

  • account email and profile data: until account deletion, unless longer retention is legally required
  • uploaded scan images and scan history: until account deletion or earlier user-initiated deletion
  • transaction and billing-related records: retained for the period required by applicable tax, accounting, and commercial law (typically 10 years under German law)
  • subscription status records: for the duration of the subscription and thereafter as needed for legal compliance and dispute handling
  • referral records: while needed to administer the referral program and resolve related disputes
  • waitlist email addresses: until removal from the waitlist, withdrawal of consent, or discontinuation of the waitlist purpose

Technical and security logs

Retained only as long as necessary for security, debugging, abuse prevention, and system integrity.

7. Your rights

You have the following rights under the GDPR:

  • Access (Art. 15): request a copy of your personal data
  • Rectification (Art. 16): correction of inaccurate data
  • Erasure (Art. 17): deletion of your data (you can delete your account directly via /account)
  • Restriction (Art. 18): limit processing in certain situations
  • Data portability (Art. 20): receive your data in a structured, machine-readable format
  • Objection (Art. 21): object to processing based on legitimate interests
  • Withdrawal of consent (Art. 7): withdraw consent at any time without affecting prior lawful processing
  • Complaint (Art. 77): lodge a complaint with a supervisory authority. In Germany, contact your state data protection authority.

To exercise any of these rights, email snkrvalue.online@gmail.com.

8. Children

Our Service is not directed to children. By creating an account, you confirm that you are at least 16 years old, or that you have obtained any consent required by applicable law.

9. Security

We implement appropriate technical and organisational measures, including HTTPS transport encryption, row-level security on our database, role-based access control, signed URLs for stored images, least-privilege service keys, and restricted administrative access.

10. Changes to this policy

We may update this policy. The “Last updated” date above reflects the most recent revision. For material changes we will notify registered users by email.

11. Contact

Questions or requests: snkrvalue.online@gmail.com