Privacy Policy

This policy explains what personal data justBLT handles, why, and the choices you have. We have kept it plain on purpose. If anything here is unclear, email us and we will explain it.

1. Who runs justBLT

justBLT is run and operated by GCW Digital LLC, a company registered in the United States, at 680 N. Lake Shore Drive 110-1685, Chicago, IL 60611 (the "controller" of your data). We operate the service from Poland. You can reach us at [email protected].

We have not appointed a data protection officer, because our activity is small-scale and does not involve large-scale monitoring of people or large-scale handling of sensitive data. You can raise any privacy matter with us directly using the contact details above.

2. What we collect

When you create an account

You sign in with Google. From your Google account we receive your name, email address, Google account ID, and profile photo. We need this to create your account, so you cannot create one without it.

When you list a product

The details you submit: product name, category, description, images, the web address your product lives at, your contact details, and any video links you add. We also take an automatic screenshot of the site your listing points to, and run safety checks on the address and images.

When you use the site

If you accept analytics, we collect basic information about how pages are used. Our hosting provider also processes technical data such as your IP address and security logs to deliver the site and keep it safe. See Cookies and analytics.

When you contact us

The message you send and the address you send it from, so we can reply.

3. Why we use it, and what allows us to

Data protection law requires us to have a valid legal basis for each use. Here is ours, in plain terms.

4. Google sign-in data

We use Google sign-in only to identify you and create your account. We ask Google for the narrowest information needed for that: your basic profile and email. We do not use it for anything else, and we do not sell it.

justBLT's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. If we ever want to use Google sign-in data in a new way, we will tell you and ask again first.

5. Cookies and analytics

Cookies are small files a site stores on your device. Some are needed to make the site work. Others, like analytics, are optional and are blocked until you accept them in the banner. You can change or withdraw your choice at any time from the banner.

Our banner lets you accept or reject by category, with rejecting as easy as accepting, and nothing is pre-ticked. Until you accept, our analytics stay switched off (this is handled by Google Consent Mode, which keeps analytics storage denied by default).

What we use

A detailed list of individual cookies, with names and how long each lasts, is available in the banner settings.

6. Who else handles your data

We use a small set of trusted providers to run justBLT. They handle data only on our instructions, under a data processing agreement, and not for their own purposes. We do not sell your data to anyone.

7. Where your data goes

Some of our providers are based outside the European Economic Area, mainly in the United States. Where that happens, the transfer is covered by a recognised safeguard so your data keeps its protection.

You can ask us for more detail on any of these safeguards using the contact details above.

8. How long we keep it

We keep your account data for as long as your account is open, and delete it when you close the account or ask us to. Listing data stays up while the listing is live. Analytics data is kept for 14 months. Security logs are kept only as long as needed to keep the site safe. If we are legally required to keep something longer, we keep it only for that period.

9. How we protect it

We protect your data with appropriate technical and organisational measures. Traffic to the site is encrypted, access to records is limited to the operator, and we rely on established providers with their own security controls. No system is perfectly secure, but we take reasonable steps to guard your data and will act quickly if anything goes wrong.

10. Your rights

Under data protection law you can ask us to:

Where we rely on your consent, such as analytics, you can withdraw it at any time, and that does not affect anything we did before you withdrew it.

To make any of these requests, email [email protected]. If you think we have handled your data wrongly, you can complain to the Polish supervisory authority: Prezes Urzedu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl.

11. How to reach us

For any privacy question or request, email [email protected].

12. Changes to this policy

If we change this policy we will update the date at the top, and tell you directly if the change is significant.