Second Turn

Privacy Policy

Last updated: 16 March 2026

1. Who we are

Second Turn Games (“STG”) operates a peer-to-peer board game marketplace for the Baltic region. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

2. Data we collect

  • Account data: email address, display name, country, phone number (optional)
  • Listing data: game details, condition, photos, pricing
  • Order data: purchase history, shipping addresses (parcel locker selections), order status
  • Payment data: processed securely by EveryPay (Swedbank) — we do not store card details
  • Usage data: pages visited, browser type, IP address (for security and analytics)

3. How we use your data

  • To provide and operate the marketplace
  • To process transactions and generate shipping labels
  • To send transactional emails (order confirmations, shipping updates)
  • To prevent fraud and enforce our terms of service
  • To improve our platform based on usage patterns

4. Data storage and security

Your data is stored securely using Supabase (cloud database) with row-level security policies. Our servers are hosted in the EU (Helsinki, Finland). All data transmission is encrypted via TLS. Photos are stored in Supabase Storage with access controls.

5. Data sharing

We share your data only with:

  • EveryPay (Swedbank): payment processing
  • Unisend: parcel locker shipping and label generation
  • Resend: transactional email delivery

We do not sell your personal data to third parties.

6. Cookies

We use essential cookies for authentication and session management. These are necessary for the platform to function and cannot be disabled. We do not use advertising or tracking cookies.

7. Your rights under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Port your data to another service
  • Object to processing of your data
  • Restrict processing in certain circumstances

To access, export, or delete your data, visit your account settings. For other requests, please contact us via our contact page.

8. Data retention

We retain your account data for as long as your account is active. Order data is retained for 7 years for tax and legal compliance. You may request deletion of your account at any time, subject to legal retention requirements.

9. Changes to this policy

We may update this policy from time to time. We will notify registered users of significant changes via email.

See also our Terms of Service.