Brickerzclub
Home

Privacy Policy

Effective May 4, 2026·Version 1

Last updated: May 4, 2026

This Privacy Policy explains what personal information Brickerzclub collects, how we use it, and how you can control it. By using brickerzclub.com (the "Services") you agree to the practices described here.

1. What We Collect

  • Account information: name, email address, phone number, and communication preferences. We use one-time passcodes (OTP) sent to your email or phone for sign-in instead of storing passwords.
  • Payment information: billing address and a Stripe customer reference. We do not store card numbers, CVCs, or bank account details on our servers — those are tokenized and held by Stripe.
  • Subscription & rental history: active and past rentals, reservations, returns, missing-parts charges, store credit, party bookings, and waitlist positions.
  • Trade-in records: when you trade a set in, we collect a photo of your government-issued photo ID and your full name solely to comply with anti-fraud and second-hand-goods regulations. ID images are stored encrypted and purged after two (2) years.
  • In-store pickup data: the staff member who handed your order to you, plus any pickup photo evidence.
  • Device and usage data: IP address, browser user-agent, pages viewed, and timestamps.

2. How We Use It

  • Provide, operate, and improve the Services.
  • Process reservations, rentals, payments, and customer support inquiries.
  • Send transactional messages (reservation confirmations, return reminders, receipts).
  • Send marketing communications — only with your consent, with an easy opt-out.
  • Detect fraud, abuse, and enforce our Terms.

3. Cookies and Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, and measure how the site is used. You can disable cookies in your browser settings, though some features may stop working.

4. Third-Party Services

We share limited data with service providers who help us deliver the Services. Each provider handles your data under its own privacy terms and only for the function we contract:

  • Stripe (USA) — payment processing, subscription billing, refunds, and tax calculation.
  • Resend (USA) — transactional email delivery.
  • Twilio Verify (USA) — SMS one-time-passcode delivery.
  • Cloudflare R2 (USA) — object storage for set images, trade-in ID photos, and missing-parts evidence photos.
  • Cloudflare — CDN, DNS, and bot mitigation; processes IP addresses.
  • Vercel (USA) — frontend hosting.
  • Hostinger (EU) — backend hosting.
  • Brickset, Rebrickable, BrickLink, Keepa — third-party LEGO catalog data sources we query only for product data. These providers do not receive any of your personal information.
  • Meilisearch (self-hosted) — product search index. Stores product metadata only, no customer data.

We do not sell, rent, or trade your personal information to advertisers or data brokers.

5. Data Retention

  • Account & subscription data — kept for as long as your account is active, plus seven (7) years after closure to comply with US tax-record requirements.
  • Trade-in ID photos & full names — purged automatically after two (2) years, the minimum retention required by Texas second-hand-goods regulations.
  • OTP codes — auto-expire after 10 minutes and are purged hourly.
  • Pickup-counter audit logs — retained for two (2) years to resolve disputes about order collection.
  • Marketing email lists — retained until you unsubscribe; unsubscribes are honored within 24 hours.
  • Aggregated, de-identified analytics — may be retained indefinitely for product improvement.

6. Your Rights

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and data.
  • Export your data in a portable format.
  • Withdraw consent for marketing at any time.

Contact us at info@brickerzclub.com to exercise these rights.

7. GDPR and CCPA

If you reside in the European Economic Area (EEA) or the United Kingdom, the GDPR grants you additional rights, including the right to lodge a complaint with your local data-protection authority.

If you are a California resident, the CCPA/CPRA grants you the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell your personal information.

8. Children's Privacy

Brickerzclub is intended for parents, guardians, and adult LEGO enthusiasts. We do not knowingly collect personal information from children under 13, in compliance with COPPA. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Security Measures

We use industry-standard safeguards: TLS encryption in transit, encrypted storage, hashed passwords, access controls, and regular audits. No system is perfectly secure, but we work hard to protect your data.

10. Changes to Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or prominently on the site. Continued use after changes take effect constitutes acceptance.

11. LEGO Trademarks and Independence

LEGO® is a trademark of the LEGO Group of companies which does not sponsor, authorize or endorse this site. Brickerzclub is an independent retail and rental business and is not affiliated with the LEGO Group.

Set names, theme names, character names, model numbers, images, and instructions referenced on this site are owned by the LEGO Group and are used solely to identify and describe the products we sell, rent, and buy back. We do not use the official LEGO logo on this site.

12. Contact Us

For privacy questions or requests, email info@brickerzclub.com or visit our contact page.