Privacy Policy

Last updated: April 2026 — Pending legal review before launch.

Draft notice: This Privacy Policy is a placeholder pending review by legal counsel. It is not legally binding and will be replaced prior to public launch.

1. What We Collect

Account info - email address, display name, avatar, bio.
Purchase data - order details, shipping addresses, payment method tokens (stored by Stripe).
Usage data - pages visited, search queries, click events (server-side logs only; no analytics JS).
Communications - messages you send to us, reports you file.

2. How We Use It

To operate the marketplace and process orders.
To send transactional emails (order confirmation, shipping updates).
To send optional email digests (unsubscribe any time in your account settings).
To moderate content and enforce our Terms of Service.
To improve the platform using aggregated, anonymised analytics.

3. How We Share It

Sellers receive your shipping address and order details to fulfil your order.
Stripe processes payments. Your card data goes directly to Stripe and never touches our servers.
Shippo receives sender/recipient addresses to generate shipping labels.
We do not sell your data to advertisers or data brokers.

4. Cookies

We use a session cookie to keep you signed in and a cart cookie for guest carts. No third-party tracking cookies are set.

5. Data Retention

Account data is retained until you close your account. Order records are retained for 7 years for tax/legal compliance.

6. Your Rights

You may request a copy of your personal data, correction of inaccuracies, or deletion of your account by emailing privacy@smallrun.net. Certain data may be retained for legal obligations even after account deletion.

7. Security

All traffic is encrypted via TLS. Passwords are hashed with a modern algorithm (PBKDF2). Payment data is handled entirely by Stripe's PCI-DSS-compliant infrastructure.

8. Contact

For privacy questions, email privacy@smallrun.net.