⚠️ This site is currently only open to authorised users — thank you for your patience!
Privacy Policy

Last updated: 31 May 2026

1. Who We Are

New 2 You Airsoft (“we”, “us”, “our”) operates the website at new2youairsoft.com — a classifieds marketplace for buying and selling airsoft equipment in the United Kingdom.

We are the data controller for the personal information collected through this website. If you have any questions about how we handle your data, please contact us at support@new2youairsoft.com.

2. What Data We Collect

a) Account Information

  • Username, email address, and hashed password when you register.
  • Profile picture (if uploaded).
  • Preferred contact method and any public profile details you choose to add (e.g. artist/technician bio, service tags).
  • A security verification code, generated automatically for your account.

b) Listings & Uploads

  • Ad content you post: title, description, price, category, condition, and any images you upload.
  • Extended firearm specifications you provide (e.g. FPS, RPS, modifications) for gun listings.
  • Approximate location (latitude & longitude) if you choose to display a map on your profile or listing.

c) Payments & Orders

  • Order details (items purchased, amounts, dates) stored in our system.
  • Payment card details are never stored by us — all payments are handled directly by Stripe and subject to their privacy policy.
  • Stripe may share a payment reference and transaction status with us to confirm your order.

d) Prize Draws

  • Raffle ticket entries linked to your account, including whether tickets were earned by purchase or claimed as a free monthly entry.
  • Winner information (username) recorded against a draw when a winner is selected.
  • Delivery details (name, address, contact number, and UKARA number where applicable) collected via email when you claim a prize — used solely for fulfilment.

e) Technical & Usage Data

  • IP address and session data for security and authentication purposes.
  • Ad view counts.
  • Password reset tokens (stored as secure hashes, automatically expired after use or 1 hour).

3. How We Use Your Data

  • To provide our service — creating and managing your account, publishing your listings, and processing orders.
  • To run prize draws — issuing tickets, selecting winners at random, and delivering prizes.
  • To communicate with you — sending transactional emails such as email verification, password resets, order confirmations, subscription updates, and prize winner notifications.
  • To process payments — passing your basket details to Stripe to create a secure checkout session.
  • To protect our platform — detecting fraud, preventing abuse, and enforcing our terms of service.
  • To improve the site — understanding how features are used so we can fix issues and develop new ones.

4. Legal Basis for Processing (UK GDPR)

  • Contract — processing necessary to provide the service you signed up for (account management, ad posting, order fulfilment).
  • Legitimate interests — security monitoring, fraud prevention, and improving the platform, where these do not override your rights.
  • Legal obligation — verifying UKARA status before dispatching replica firearms, as required under the Violent Crime Reduction Act 2006.
  • Consent — where you have explicitly opted in, for example by choosing to display your location on a profile map.

5. Who We Share Data With

  • Stripe — our payment processor. When you make a purchase, your basket details and order total are sent to Stripe to generate a hosted checkout session. Stripe’s privacy policy is available at stripe.com/gb/privacy.
  • Email service provider (SMTP) — transactional emails are delivered via our configured SMTP provider. Your email address and the content of the relevant email (e.g. verification link, order summary) are transmitted for delivery purposes only.
  • No other third parties — we do not sell, rent, or share your personal data with advertisers or other third parties for marketing.

6. How Long We Keep Your Data

  • Account data — retained for as long as your account is active. If you request deletion, your account and associated data will be removed within 30 days, except where we are required to retain records by law.
  • Ad listings — kept until you delete them from your account, or until your account is closed.
  • Order records — retained for 7 years for accounting and legal compliance purposes.
  • Prize draw records — winner information is kept indefinitely as part of the draw record for transparency. Delivery details collected for fulfilment are deleted once the prize has been dispatched.
  • Password reset tokens — expire after 1 hour and are purged automatically.
  • Server logs — retained for up to 90 days for security and debugging purposes.

7. Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at support@new2youairsoft.com. We will respond within 30 days.

8. Cookies & Session Data

  • We use a single session cookie to keep you logged in while you browse. This cookie is essential for the site to function and expires when you close your browser.
  • We do not use advertising cookies or third-party tracking cookies.
  • Stripe may set cookies during the checkout process, governed by their own cookie policy.
  • We use Microsoft Clarity to understand how visitors use the site through session recordings and heatmaps. This data is used solely to improve the site experience and is not shared or used for advertising. Input fields (including passwords) are masked and never recorded. You can learn more at clarity.microsoft.com/privacy.
  • We use Google Analytics 4 to collect anonymised data about how visitors find and use the site (e.g. page views, traffic sources, session duration). No personally identifiable information is collected. You can learn more at policies.google.com/privacy.

9. Data Security

  • All connections to our website are encrypted using HTTPS / TLS.
  • Passwords are stored as bcrypt hashes — we never store plain-text passwords.
  • Database queries use prepared statements to prevent SQL injection.
  • Sensitive configuration (database credentials, API keys) is stored outside the web root and never committed to version control.
  • While we take reasonable measures to protect your data, no system is completely secure. Please use a strong, unique password for your account.

10. Children

Our service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has registered on our platform, please contact us and we will delete the account promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of the site after an update constitutes acceptance of the revised policy.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

We would, however, appreciate the opportunity to address your concerns before you contact the ICO — please reach out to us first at support@new2youairsoft.com.

Questions? Email us at support@new2youairsoft.com.