Privacy Policy
1 Introduction
Charketplace ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use the Charketplace platform, including our website, services, and associated features.
By using Charketplace, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our platform.
2 Information We Collect
Account Information
When you create an account, we collect:
- Email address and display name (username)
- Profile picture (if provided or imported via Google Sign-In)
- Account creation date and last login timestamp
Google Sign-In
If you authenticate using Google, we receive from Google only:
- Your Google account email address
- Your display name
- Your profile picture URL
We do not receive your Google password or access to your Google account beyond what is listed above.
Seller Information
If you register as a seller, we additionally collect:
- Stripe Connect account ID and payout/verification status
- Product listings including titles, descriptions, pricing, tags, and uploaded files
- Sales history, transaction records, and earnings data
- Submission history and admin approval/rejection decisions
Transaction Data
When a purchase is made, we record:
- Product purchased, price paid, and timestamp
- Buyer and seller user IDs (not payment card details)
- Stripe payment intent or session reference ID
Automatically Collected Data
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud detection, and abuse prevention |
| Browser & device info | Compatibility and error diagnostics |
| Pages visited & clicks | Platform performance and feature improvement |
| Login timestamps | Account security and session management |
| Cart & preference data | Stored in browser localStorage — not transmitted to our servers |
3 How We Use Your Information
We use the data we collect strictly to:
- Operate the platform: Process purchases, manage accounts, deliver products, and route payouts to sellers
- Communicate with you: Send order confirmations, product rejection notices, support responses, and important account updates
- Ensure security: Detect and prevent fraud, abuse, account compromises, and policy violations
- Improve our service: Analyze how users interact with the platform to identify bugs and improve the experience
- Comply with law: Meet legal and regulatory obligations and respond to lawful requests from authorities
We do not use your data for advertising, behavioral profiling, or selling to third parties.
4 Data Storage
- Firebase
- Account data, product listings, orders, and seller information are stored in Firebase Firestore (Google Cloud). Product files and media are stored in Firebase Storage.
- Stripe
- All payment data — including credit card numbers, bank details, and financial information — is processed and stored exclusively by Stripe. Charketplace never stores this data on its own servers.
- Local Storage
- Your browser's local storage is used to cache your cart contents, theme preference, and Stripe connection status. This data stays on your device and is not transmitted to our servers.
- Vercel
- Our platform and serverless API functions are hosted on Vercel. Request logs may be temporarily retained by Vercel for operational purposes.
5 Information Sharing
We share data only in the following limited circumstances:
Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing & seller payouts | Email, Stripe account IDs, transaction references |
| Firebase (Google) | Database, file storage, and authentication | Account data, listings, files |
| Vercel | Platform hosting | Request logs (temporary) |
| Resend | Transactional email (e.g. rejection notices) | Email address and message content |
Legal Disclosures
We may disclose your information if required to do so by law or in good faith belief that such action is necessary to:
- Comply with a legal obligation, court order, or government request
- Protect the rights, property, or safety of Charketplace, our users, or the public
- Detect, prevent, or address fraud or security issues
Business Transfers
If Charketplace is acquired, merged with, or has its assets transferred to another company, your information may be transferred as part of that transaction. You will be notified via email or a prominent platform notice before your data becomes subject to a different privacy policy.
6 Data Retention
We retain your personal data for as long as your account is active or as long as necessary to fulfill the purposes for which it was collected, including:
- Active accounts: Data is retained for the lifetime of the account
- Closed accounts: Core account data and transaction records are retained for up to 3 years for legal and financial compliance
- Product files: Removed from storage within 90 days of account closure or listing removal
- Server logs: Retained by our hosting provider for up to 30 days
To request deletion of your data, contact us through the Help page. Some data may be retained longer if required by law.
7 Your Rights
You have the following rights regarding your personal data:
To exercise any of these rights, contact us through the Help page. We will respond within 30 days.
8 Security
We implement reasonable technical and organizational measures to protect your data, including:
- HTTPS/TLS encryption for all data in transit
- Firebase Security Rules to restrict unauthorized database access
- Secure authentication via Google OAuth and Firebase Auth
- Passwords are hashed by Firebase — never stored in plaintext on our servers
- Stripe's PCI DSS-compliant infrastructure for all payment data
Despite these measures, no system is completely secure. We cannot guarantee absolute security and your use of the platform is at your own risk. If you believe your account has been compromised, contact us immediately through the Help page.
9 Cookies & Tracking
Charketplace uses a minimal set of cookies and browser storage technologies:
- Session cookies: Set by Firebase Auth to maintain your login session across page loads
- Theme preference: Stored in localStorage to remember your light/dark mode setting
- Cart data: Stored in localStorage to persist your shopping cart between visits
- Stripe status cache: Stored in localStorage to avoid redundant API calls on page load
We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral analytics tools. You can clear cookies and local storage at any time through your browser settings, though doing so will log you out and reset your preferences.
10 Third-Party Links
The Charketplace platform may contain links to third-party websites or services (such as Stripe's onboarding portal or external product documentation). We are not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
11 Children's Privacy
Charketplace is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a user under 18 has created an account, we will take steps to delete their information and close the account promptly.
If you believe a minor has registered on our platform, please contact us through the Help page.
12 International Users
Charketplace operates globally. Your information may be stored and processed in countries other than where you reside — including the United States (Firebase/Google, Stripe, Vercel infrastructure). These countries may have different data protection laws than your own.
By using Charketplace, you consent to the transfer of your information to these countries. We take steps to ensure that your data receives an adequate level of protection wherever it is processed.
13 California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out: Opt out of the sale of your personal information — we do not sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights
To submit a CCPA request, contact us through the Help page. We will respond within 45 days.
14 European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including:
- The right to access, rectify, or erase your personal data
- The right to restrict or object to processing
- The right to data portability
- The right to withdraw consent at any time (where processing is based on consent)
- The right to lodge a complaint with your local data protection supervisory authority
Our lawful basis for processing your data is primarily contract performance (to provide the services you signed up for) and legitimate interests (to maintain platform security and improve our service).
To exercise your GDPR rights, contact us through the Help page.
15 Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Post an in-platform notice for material changes
- Send an email notification for changes that significantly affect your rights
We encourage you to review this policy periodically. Your continued use of Charketplace after changes are posted constitutes your acceptance of the updated policy.
16 Contact
For privacy-related questions, data requests, or to exercise any of your rights, please contact us through our Help page. We aim to respond to all privacy-related requests within 30 days.
For urgent security concerns (e.g., suspected data breach or unauthorized access), please indicate "Security" in your subject line for priority handling.