Who we are
JTC Gems operates an online business-to-business marketplace for coloured gemstones at www.jtcgems.com(the “Service”). This policy explains what personal data we collect, how we use it, and the choices you have.
Information we collect
- Account details.When you sign up or sign in (by email & password, or Google), we receive your name, email address, and basic profile information.
- Contact details you add. Phone, WhatsApp, Telegram, LINE, Instagram, address — only if you choose to provide them.
- Business content. For suppliers: stock listings, photos, videos and stock files you upload. For buyers: favourites, inquiries, captured stones, and messages you send.
- Transactions. Subscription and order records. Card payments are processed by Stripe — we do not store your full card number.
- Usage data. Pages visited, actions taken, device/browser information, and cookies, used to run and improve the Service.
How we use your information
- To provide, operate and secure the Service and your account.
- To connect buyers and suppliers (e.g. revealing supplier contact details to subscribed members, delivering messages and inquiries).
- To process subscriptions and orders.
- To send service emails (sign-in links, invitations, inquiry and follow-up notifications, stock reminders).
- To analyse usage and improve features and performance.
- To comply with legal obligations and prevent abuse.
Sharing & service providers
We share data only as needed to run the Service, with processors that handle it on our behalf:
- Supabase — authentication and database hosting.
- Vercel — application hosting, file/image storage, and analytics.
- Stripe— subscription & payment processing.
- Resend — transactional email delivery.
- PostHog — product analytics.
- Google — optional sign-in. We receive only your basic profile and email; we never receive your Google password.
When you contact a supplier (or a supplier contacts you), the details needed to communicate are shared between you. We do not sell your personal data.
Google user data
If you sign in with Google, we use the basic profile scopes (name, email, profile picture) solely to create and authenticate your account. Our use of information received from Google APIs adheres to the
Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising or transfer it except as needed to provide the Service.
Connected sales channels (Etsy)
If you connect your own Etsy shop, you authorise us via Etsy's OAuth to access only your ownshop data (your listings and orders) so you can manage it here. We never access other Etsy members' data, and you can disconnect at any time from your supplier portal, which removes the stored access tokens. The term “Etsy” is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.
Cookies
We use cookies for authentication sessions and for analytics. You can control cookies in your browser; disabling them may stop you from signing in.
Data retention
We keep your data while your account is active. When you delete your account, we remove your personal data and associated content, except where we must retain records for legal, accounting, or fraud-prevention reasons.
Your rights
You can view and update your details in
Account settings, and delete your account at any time. Depending on your location, you may also have rights to access, correct, export, or restrict processing of your data. To exercise these, contact us at
support@jtcgems.com.
Security
We use industry-standard measures (encryption in transit, access controls, row-level database security) to protect your data. No system is perfectly secure, but we work to keep your information safe.
Children
The Service is for businesses and is not directed to anyone under 18.
Changes
We may update this policy from time to time. We will post the new version here and update the date above.