What we collect
- Email (for sign-in via magic link)
- Display name (you choose at sign-up; defaults to the local part of your email)
- Listing photos and descriptions you upload
- Transaction records (amount, date, listing id, parties)
- Limited technical metadata: IP address and user agent on session creation, used for security audits and abuse detection
- Payment data is collected and processed by Stripe; we never store card numbers
How we use it
- Operate the marketplace (matching buyers and sellers)
- Authenticate sign-ins (magic-link tokens are stored hashed)
- Send transactional emails (sign-in, purchase, dispute, payout)
- Send the weekly deal-feed newsletter (opt-in, unsubscribe in one click)
- Detect and respond to fraud, abuse, and policy violations
Who we share it with
Service providers who power the platform: Stripe (payments), AWS (hosting + email), Shippo or EasyPost (shipping labels). We do not sell your data. We do not run third-party advertising networks.
Your rights
Email privacy@paddlescity.com to access, export, or delete your data. We honor requests promptly subject to legal-retention requirements (we keep transaction records as required by tax/accounting law).
Cookies
We set a single first-party cookie (paddlescity_session) to keep you signed in. We do not use third-party tracking cookies. Stripe Checkout sets its own cookies in the Stripe domain when you proceed to payment.