Last updated: 2026-07-08
This Privacy Policy describes what personal information Hammerwerks (“we,” “us”) collects, how we use and share it, and the choices you have. It applies to the Hammerwerks web application at app.hammerwerks.com, the marketing site at hammerwerks.com, and the Hammerwerks API.
When Hammerwerks processes information about bidders or consignors on behalf of an auctioneer, we act as a service provider (data processor) to that auctioneer. The auctioneer is the primary controller of their bidder and consignor data.
| Category | Examples | Source |
|---|---|---|
| Account & contact | Name, email, business name, phone, mailing address | You provide during signup / registration |
| Authentication | Password hash, session tokens, MFA status | Managed by AWS Cognito |
| Payment | Card last-4, brand, billing ZIP, Stripe customer/subscription IDs | Managed by Stripe — we do not store full card numbers |
| Auction activity | Lots you consigned, bids you placed, invoices, hammer prices | Generated by using the Service |
| Photos & descriptions | Lot photos, titles, descriptions, condition notes | Uploaded by you or the auctioneer |
| Identity verification | Government ID, selfie (Stripe Identity) | Managed by Stripe Identity for KYC on bidders |
| Communications | Emails we send you, your replies, in-product feedback | Amazon SES + our feedback widget |
| Technical | IP address, browser type, device type, pages visited, error logs | Automatic when you use the Service |
We do not sell personal information to third parties. We do not use your data to train third-party AI models beyond what is necessary to serve your own queries.
The Hammerwerks Service is built on the following subprocessors. Each has its own privacy commitments and DPA:
You may request earlier deletion at any time; some records may be preserved where required by law.
Depending on your jurisdiction (California CCPA, EU/UK GDPR, or other applicable law) you may have the right to:
To exercise these rights, email privacy@hammerwerks.com. We respond within 30 days. We do not sell personal information, so no opt-out of sale is required.
We use only the cookies we need to keep you signed in and to remember your preferences. We do not use third-party advertising or cross-site tracking cookies. If Sentry is enabled, it sets a session cookie for error correlation only.
The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email privacy@hammerwerks.com and we will delete it.
Hammerwerks is operated from the United States and all data is stored in AWS us-east-1. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. Where required, we rely on Standard Contractual Clauses with our subprocessors for cross-border transfers.
We use industry-standard measures to protect your data: TLS in transit, encryption at rest, least-privilege IAM roles, multi-factor authentication for administrative access, automated backups, and regular access audits. Details are on the security page. No system is perfect — if you find a vulnerability, please report it to security@hammerwerks.com.
We will post updates at this URL and update the “Last updated” date. For material changes, we will notify account holders by email at least 14 days before the changes take effect.
Michael Weber d/b/a Hammerwerks
Email: privacy@hammerwerks.com
General: hello@hammerwerks.com