Privacy Policy
Last updated: July 11, 2026
In short
- Your collection is private – other users cannot see it, and neither do we, the operators of the app, look into it. Only what you publish yourself is public (a marketplace listing, a shared link).
- We do not sell your data to anyone and we do not run ads against it.
- You can download everything at any time and delete your account together with all your data whenever you want.
Who processes your data
The data controller is Mincmistr s.r.o., company ID (IČO) 240 06 921, registered office at no. 115, 431 51 Okounov, Czech Republic, entered in the Commercial Register at the Regional Court in Ústí nad Labem, file no. C 54971. Contact: info@outofdark.com.
What we store
- Account: e-mail, password (stored only in an encrypted, unreadable form), registration date, language and currency preference.
- Your catalog: coins, photos, categories, descriptions, values, purchase date, seller.
- Marketplace listings: what you publish on the OutOfDark marketplace or through external integrations (eBay, Aukro) – title, photos, price, description.
- Billing details (Premium only): name or company, billing address, VAT ID (optional), IP address at the time of payment. Used to issue a tax invoice and calculate VAT.
- Activity log: who performed key actions and when (sign-in, password change, marketplace publishing, AI calls). For your security and ours.
- Operational records: IP address (truncated so it cannot be traced to a specific person), time of access and browser type – for troubleshooting and defence against attacks.
- Newsletter and early-access prospects: when you sign up for news in the site footer (or earlier via the early-access form), we store your e-mail, language and the IP address you signed up from (for abuse protection). You do not need an account for this.
- Web analytics: anonymized information about visits to the marketing website via Google Analytics 4 – pages visited, traffic source, approximate location and device type. Used to measure website traffic, not to identify a specific person. You can find the details in Cookies.
- Anonymous usage analytics: to improve the app, we measure anonymized, cookieless usage patterns of the website and the app (which screens are used, where people get stuck) via PostHog. Your collection content and any data that could identify you are not collected, and no cookies are stored. We honour the browser's "Do Not Track" signal.
Why we process the data
We process the data only for specific purposes:
- creating and maintaining your account,
- providing the app and storing your catalog,
- processing payments and invoicing,
- securing the service and preventing abuse,
- customer support,
- sending necessary account e-mails,
- measuring traffic to the marketing website,
- AI features, if you use them yourself.
Legal basis for processing
We process your account, catalog and the operation of the app to perform our contract. We keep billing details to perform the contract and to comply with legal obligations. We process security and operational logs and anonymized web analytics on the basis of our legitimate interest in protecting and improving the service. AI features process data only when you use them yourself.
| Purpose | Legal basis |
|---|---|
| Account, catalog, sign-in | Performance of contract |
| Payments and invoices | Performance of contract and legal obligation |
| Accounting | Legal obligation |
| Security and operational logs | Legitimate interest |
| Customer support | Performance of contract or legitimate interest |
| Transactional e-mails | Performance of contract |
| Newsletter and early-access prospects | Consent |
| Web analytics (Google Analytics) | Legitimate interest (anonymized measurement) |
| App usage analytics (PostHog, cookieless) | Legitimate interest (anonymized measurement) |
| AI features | Performance of contract (you trigger them yourself) |
Who has access
- You: primarily. No one else can reach your catalog through the website (per-user isolation at the database level).
- Anyone you send a share link to: a public link shows the coin for viewing only, with no ability to change anything. The link stops working after 7 days, or when you revoke it manually.
- Buyers on the marketplace: the photos and description of your listing are public once published. If someone clicks "I'm interested", you receive their contact by e-mail and they receive yours.
- The operator (Mincmistr s.r.o.): has technical access for support, incident response and maintenance. It does not read your catalog without a reason, and every access leaves a record.
Sharing with third parties
To run the app we pass certain data to the following providers, always for a specific purpose. Some providers may process data outside the EU/EEA, in particular in the USA. In that case we use the available legal safeguards, for example standard contractual clauses or transfers under the EU–US Data Privacy Framework, where the provider is certified:
- Hetzner Online GmbH (DE) – hosting of the app and the database. All data goes here primarily.
- Cloudflare, Inc. (US, servers also in the EU) – website acceleration and delivery, domain management, defence against attacks. It sees IP addresses and web requests (with an anonymized IP). On web forms (for example registration) we also use Cloudflare Turnstile for bot protection. Through Cloudflare Email Routing we also receive the bank's notification e-mail about a transfer payment, which we forward for processing; its raw content is not stored after matching – we keep only the variable symbol, amount and technical metadata.
- Cloudflare R2 – encrypted backups. The contents of the backups are protected and access to them is under our control.
- Resend, Inc. (US) – sending transactional e-mails (account confirmation, password reset, marketplace notifications). It receives your e-mail and the body of the message.
- Anthropic, PBC (US) – AI coin identification, AI chat companion. The coin photo + descriptive data go to the Anthropic API. Anthropic is contractually bound not to use your data to train its model. You can turn AI features off at any time in settings.
- Numista (FR) – searching for similar coins in their catalog (optional). Coin photo + identification query.
- eBay Inc. (US) – when you connect your eBay account and publish a listing, eBay receives the photos + description + price. eBay is the controller of data on its platform; we are only an intermediary.
- Aukro s.r.o. (CZ) – analogously for the Aukro integration.
- Stripe Payments Europe, Limited (Dublin, IE) – payments for the Premium plan. Stripe receives your e-mail, name or company, billing address, VAT ID (optional) and payment card details. Stripe issues the invoice and automatically calculates VAT. Stripe is in the EU (Ireland) and the processing is governed by its privacy policy.
- Air Bank a.s. (Czech Republic) – the bank account into which we receive Premium payments made by bank transfer. From the bank's notification of a received payment we process the variable symbol and the amount to match the payment to your order.
- Sentry (US) – error tracking. When an error occurs in the app, a technical description of the error and minimal request context are sent (anonymized IP, a user identifier without the e-mail, sanitized form data). Retained for 30 days.
- Have I Been Pwned – when you choose or change a password, we check whether it has appeared in known data breaches. Only a short hash of the password is sent (the first few characters of the encrypted hash), never the full password. This protects you from passwords that have already leaked.
- Google Ireland Limited (IE) – Google Analytics 4 to measure website traffic. Through the cookies
_gait collects anonymized information about the visit (pages visited, traffic source, approximate location, device type). It concerns the marketing website, not the data in your catalog. You can find the details in Cookies. - PostHog (EU Cloud) – anonymous, cookieless measurement of website and app usage (which screens are used, where people get stuck). It does not collect your collection content or any data that could identify you; it stores no cookies and the data is hosted in the EU. Used to improve the product.
What is public
- Coin share link: only if you deliberately activate it. Whoever you give the link to can see the coin. It can be revoked at any time.
- Marketplace listing: everything you publish to the marketplace is public (photos, description, price). Photos in an eBay/Aukro listing remain accessible through a stable URL even after the listing is taken down – for immediate invalidation the token has to be rotated manually (see support).
- Your e-mail on the marketplace: when someone expresses interest in your listing, they receive your e-mail in the notification message (and you receive theirs). This is a deliberate sharing of contact details so that the details of the sale can be arranged.
Marketing e-mails
From time to time we may send you a marketing e-mail – news, usage tips or information about new features. We send them only when we have your consent or another legal basis for doing so, and each such e-mail can be unsubscribed from with a single click. Necessary account e-mails (account confirmation, password reset, marketplace notifications) are always sent.
If you subscribe to news in the site footer without an account, we store your e-mail and the IP address you signed up from. We anonymize (delete) the IP address after 90 days and keep the e-mail until you unsubscribe – you can unsubscribe from any newsletter with a single click. Sending is handled by Resend (see below).
Cookies
Besides technically necessary cookies (sign-in, language, form protection), we use Google Analytics 4 for anonymized measurement of traffic to the marketing website, and advertising and retargeting cookies to display relevant ads. We do not sell data from your catalog to third parties. You can find the complete overview in Cookies.
How long we keep data
- Your catalog and account: until you delete your account yourself. Deleting the account is irreversible and erases all your data (coins, photos, marketplace history).
- Invoices (Stripe Premium): 10 years as required by law (Section 35 of the VAT Act + Section 31 of the Accounting Act). You can find them in the app under Subscription as long as your account is active. After deleting your account, write to info@outofdark.com and we will send you a link to the invoice.
- Activity log and security events: we keep them first in the live system and then in an archive, for a total of at most 18 months (for security and incident response).
- Newsletter and early-access prospects: we keep the e-mail until you unsubscribe (then we drop it from the mailing list). We anonymize – delete – the IP address (and, for early access, the browser type) after 90 days.
- AI calls: a preview of the input and output for only 24 hours (cost control), after which it is deleted. Basic metadata (model, token count, cost) for 6 months.
- E-mail delivery records: for each e-mail sent we keep the recipient address and delivery status for at most 12 months, then delete them. On permanent account deletion the address is removed from these records immediately.
- Technical payment records: we keep them for a limited time so that we can resolve billing errors and technical incidents.
- Sentry error events: 30 days.
- Backups in R2: 5 days rolling daily, encrypted with a key held outside R2.
What happens when you delete your account
After clicking Settings → Backup → Delete account, a 30-day protective period runs (the account is deactivated and the data waits for permanent deletion in case of a mistake). After 30 days the catalog, photos, marketplace history, AI calls and e-mail delivery records (including your address) are completely erased. If you have an active Premium subscription at the time of deletion, we set it so that Stripe cancels itself at the end of the current paid period – no further billing.
Exceptions due to legal obligations:
- Customer record and invoices in Stripe: these remain with Stripe for at least 10 years (Czech accounting rules). After deleting your OutOfDark account you no longer have self-service access to the Stripe portal (sign-in is disabled). If you need a copy of an invoice, write to info@outofdark.com and we will send you a link. If you want us to anonymize your customer record in Stripe (the name to "Deleted user"), write to the same e-mail.
- Activity log: the actions remain for 18 months without identifying the person (the user identifier is replaced with an empty value and the e-mail disappears).
Your rights
- The right of access to your data
- The right to rectification or completion
- The right to erasure (the right to be forgotten)
- The right to restriction of processing
- The right to object
- The right to withdraw consent – where some processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
- The right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ, the Czech data protection authority)
To exercise a right, write to info@outofdark.com. We will respond within 30 days. In addition, you can download your data yourself at any time directly in the app – a complete backup of your collection as well as a portfolio export.
Changes
We may update this document. We will notify registered users by e-mail of any material changes.