Privacy Policy | Disc.Market

01

Overview

Disc.Market ("Disc.Market," "we," "us") operates an online marketplace where independent third-party Pro Shops list disc golf listings for sale. We don't manufacture, warehouse, or ship the listings listed on the platform ourselves. We do process payments, handle shipping logistics, and provide the software that connects buyers and sellers.

This Privacy Policy explains what personal information we collect when you use disc.market, our mobile apps, and our related services (together, the "Services"); how we use it; who we share it with; and the choices and rights you have regarding that information.

By creating an account, posting a listing, making a purchase, or otherwise using the Services, you consent to the practices described in this policy. If you don't agree, please don't use the Services.

02

Information We Collect

1. Information you provide directly

When you create a buyer account

Email address. Stored in Supabase Auth and mirrored to our users.email column. Used for login, transactional email, and account recovery.
Password. Hashed and stored exclusively by Supabase Auth. We never see or store your password in plaintext.
Display name. Required at signup. Used on reviews, messages, and public Pro Shop pages.
Username. 5–15 characters, letters/digits/underscore. Public — appears in URLs, reviews, and Pro Shop pages. Word-filter validated.
Profile photo (avatar). Optional. Uploaded directly from your browser to Cloudflare Images; only the image ID is stored in our database.

When you check out as a guest (no account)

Email address. Used to send order confirmation and tracking emails.
Shipping address. Name, street, city, state, ZIP, country. Snapshot stored on the order record.

When you make a purchase

Shipping address. Stored as a snapshot on the order. Optionally saved to your address book for future checkouts.
Saved addresses. Name, line 1, line 2, city, state, ZIP, country. User-managed; you can delete them at any time from Account → Addresses.
Order history. Items, prices, taxes, shipping, totals — all stored as integer cents to avoid floating-point error. Retained indefinitely as a financial record.
Payment method. Card number, CVC, and expiry are submitted directly from your browser to Stripe via Stripe Elements. We never see, store, or log them. We store only the resulting Stripe PaymentIntent ID against the order.

When you apply to be a Pro Shop

Legal first and last name, email, phone, country, state.
Pro Shop name and description.
Business background. Prior selling experience, monthly listing volume (a range), links to existing storefronts (Facebook, eBay, other).
Identity verification (KYC). Handled entirely by Stripe Connect Express. Stripe collects your SSN/EIN, date of birth, bank account or debit card, and (when their risk review demands it) a government ID. None of that data ever touches our servers or database — we only persist the resulting Stripe account ID.
Ship-from address. Used for shipping-label origin and address verification. Registered with EasyPost as your "EndShipper" record; a SHA-256 hash is cached so we only re-verify on change.
Electronic signature on the Pro Shop Agreement. A base64 PNG produced by an in-browser signature pad, plus your IP address and timestamp at signing. Persisted on the Pro Shop setup-progress row as a legal audit trail.

When you communicate with us or other users

Buyer ↔ Pro Shop messages. Body (up to 5,000 characters), optional photo attachment, read/unread state, and timestamps. Rate-limited at 20 messages per hour per IP.
Support tickets. Body up to 10,000 characters per message, plus any photos you attach.
Live chat. Pre-chat form (optional name + email), transcript bodies (up to 5,000 characters per message), optional photo attachments, and the IP address of the visitor — captured for abuse detection and session attribution.
Live-chat contact form. Name, email, category, and message — used to spin up a support ticket.
Listing Q&A. Public question/answer threads on each listing. Your display name is shown alongside.
Reviews. Rating 1–5, optional body (up to 5,000 characters), optional photos (up to 4 per review), and optional Pro Shop reply (up to 2,000 characters).
Disputes. Reason, description, and up to 5 evidence photos. Visible to our admin team and the opposing party in the dispute thread.

Push notifications (mobile app)

If you enable notifications in the Disc.Market mobile app, Firebase Cloud Messaging issues a device-specific token. We store the token, platform (Android/iOS/web), and an internal device ID so we can deliver push notifications. Unregister at any time — the row is removed.

2. Information we collect automatically

IP addresses. Used transiently for rate limiting (login, mutation, webhook, messaging, livechat, upload tiers). Persisted on (a) every live-chat session row, and (b) the moment you e-sign the Pro Shop Agreement. Additionally, our hosting provider (Vercel) and DNS provider (Cloudflare) log source IPs for every request in their platform logs.
Device and browser info. Browser type, operating system, screen size, approximate geographic region derived from IP — collected by analytics and error-monitoring tools (subject to your cookie consent).
Approximate city for our live-visitor admin view. When you load a public page, our hosting provider (Vercel) supplies an approximate city/region/country and a city-level latitude/longitude derived from your IP at the network edge. We store this — without your IP — for at most 5 minutes against a short-lived anonymous cookie so administrators can see an aggregate live-visitor map. Pages under /admin and /pro-shop are excluded, and the coordinates are snapped to ~3 decimal places (city-block precision) before storage.
Usage data. Pages viewed, listings clicked, search terms, filter selections, button clicks tagged with data-gtm attributes, and Web Vitals timings. Subject to the Analytics toggle in our cookie banner.
Log data. Request URLs, timestamps, response codes — surfaced in our server logs and our error-monitoring tool (Sentry) for debugging and abuse detection.

3. Information we generate about you

Pro Shop performance metrics. Rating average, on-time-ship rate, total shipments, late shipments — all derived from your order and review history.
Order, shipment, and payout status history. A full timeline of every state transition (paid, shipped, delivered, refunded, payout-released).
Moderation flags. If your account is banned, an item is hidden, or a report is filed/resolved — those rows are kept for audit.
Sales-tax nexus totals. Per-state totals of orders shipped, used to track when we cross an economic-nexus threshold in a new state.
AI usage logs. If a Pro Shop uses AI Listing Auto-Fill, or an admin uses the AI Support Reply drafter, we log token counts, model, whether the suggestion was applied, and a rating — used for cost tracking and quality improvement.

4. What we do not collect

Precise device geolocation. We do not call navigator.geolocation, do not subscribe to a paid IP-geolocation service, do not integrate Google Places or any other location API, and the mobile app does not request location permission. The approximate city derived from your IP by our hosting provider (Vercel edge) — described in section 2 — is the only location signal we ever see, and it never leaves our hosting + database environment. State/ZIP for orders comes from forms you fill in, not from your device.
Biometric data. No fingerprint, face, voice, retina, or other biometric identifiers are collected.
Device fingerprints (by us). No fingerprinting library is loaded by Disc.Market. Note: Stripe Elements and Stripe Radar fingerprint your device for fraud detection on the checkout page — that data flows directly from your browser to Stripe and never passes through us.
Phone numbers from buyers. Buyer accounts do not have a phone-number field. Pro Shops provide a phone number on the Pro Shop application; buyers never do.
SSN, EIN, bank account, or government ID. Pro Shop KYC is collected by Stripe directly. We don't see it.

03

How We Use Your Information

We use the information we collect to:

Operate and provide the marketplace

Create and authenticate your account
Enable buyer ↔ Pro Shop transactions, messaging, reviews, and listing Q&A
Process payments, calculate sales tax, and facilitate Pro Shop payouts through our escrow flow
Generate shipping labels, get calculated carrier rates, and confirm deliveries via tracker webhooks
Send transactional email and push notifications — order confirmations, shipping updates, dispute notifications, payout receipts, password resets, Pro Shop Agreement receipts, staff invites, and more

Keep the marketplace safe and fair

Detect and prevent fraud, unauthorized access, abuse, and harassment
Enforce our Terms of Service, our Pro Shop Agreement, and our word-filter content rules
Apply automated and human content moderation (prohibited terms, restricted items, suspicious patterns)
Track sales-tax nexus across all 50 U.S. states so we register and remit in new states when economic thresholds are crossed

Improve and personalize the experience

Analyze usage patterns to fix bugs, prioritize features, and improve search and discovery
Personalize listing recommendations and the recently-viewed list (stored in your browser's local storage)
Power AI-assisted features for Pro Shops (Listing Auto-Fill) and admins (Support Reply drafts)

Communicate with you

Respond to support requests submitted via ticket, live chat, or the Contact page
Send you information about your account, your orders, your Pro Shop performance, your payouts, and your disputes
Send marketing or promotional messages only if you opt in via the newsletter sign-up footer. Every newsletter has a one-click unsubscribe link in the footer.

Comply with legal obligations

Retain order, tax, and payout records as required by law
Respond to lawful subpoenas, court orders, and government requests
Issue 1099-K tax forms to Pro Shops who exceed IRS reporting thresholds (handled by Stripe)

04

Automated Processing

We use limited automated processing on user content to keep the marketplace safe. Automated systems do not make decisions that legally or significantly affect you without a human in the loop.

Automated content moderation (word filter)

We screen listing titles, descriptions, reviews, messages, and Q&A content for prohibited content across 12 categories (hate speech, scam patterns, contact info that attempts to circumvent the platform, etc.). Most matches result in a flag for human review, not an automatic account action. A small set of permanent-ban categories (slurs, explicit hate speech) blocks submission at the form level so the content is never published.

Fraud and security signals

We use automated signals to detect suspicious activity — unusual login patterns, rapid-fire account creation, payment-fraud heuristics, and similar. These signals may trigger additional verification or temporarily restrict account actions. Significant actions (suspending an account, reversing a payout) are reviewed by a human before taking effect.

AI-assisted features

Two features use OpenAI's API. AI Listing Auto-Fill sends a hosted photo of a Pro Shop's listing plus the Pro Shop's typed context to GPT-4o vision and suggests fields (title, brand, plastic, color, weight, condition). The Pro Shop reviews and edits the suggestion before saving — nothing is auto-published. AI Support Reply sends a customer-service ticket or live-chat transcript to GPT-4.1 Mini and suggests a reply draft to our admin team; the admin edits and approves before anything is sent to you. Both flows log token usage, applied flag, and rating internally; OpenAI is configured to not retain the inputs for training (zero-data-retention API key).

05

How We Share Your Information

We do not sell your personal information, and we do not rent or trade it for advertising. We share it only with the people and services we need to run the marketplace.

With the Pro Shop you buy from

When you place an order, the Pro Shop fulfilling that order receives: your display name, shipping address, the items ordered, the order number, and (once you message them) any messages you send. Pro Shops do not receive your email address or payment details directly — communication flows through our messaging system, and Stripe collects payment details independently of the Pro Shop.

With third-party service providers (sub-processors)

The following processors help us deliver the Services. Each has its own privacy policy linked below:

Provider	What they receive	Purpose
Supabase	All database rows (Supabase IS our database), authentication identities, hashed passwords, OAuth identities when used	Authentication and Postgres database hosting (AWS-backed)
Stripe	Buyer card details (collected directly by Stripe), buyer email/name/shipping address (PaymentIntent metadata), Pro Shop bank account / Tax ID / government ID via Connect Express onboarding, Pro Shop email + Pro Shop name on account creation	Process buyer payments, hold funds in escrow, and pay out to Pro Shops
Resend	Recipient email, subject line, and the full rendered HTML body of each transactional or marketing email (which may contain order details, names, message excerpts, and tracking links)	Deliver email; receive delivery, open, click, bounce, and complaint events back via webhook
EasyPost	Buyer destination address (rate lookup, label purchase, address verification), Pro Shop ship-from address (EndShipper registration), parcel dimensions and weight, tracking codes	Get calculated shipping rates, purchase labels, and receive tracking webhooks (delivered, exception, return-to-sender)
Cloudflare Images	Every photo you upload — avatars, Pro Shop logos/banners, listing images, review photos, dispute evidence, live-chat attachments, and message attachments. Bytes flow browser → Cloudflare directly	Image storage, transformation, and delivery via a global CDN
Cloudflare (DNS / CDN)	Every HTTP request — source IP, user agent, request URL	DNS resolution and edge caching/proxying for disc.market
OpenAI	(a) Pro Shop listing images and typed listing context for AI Listing Auto-Fill (GPT-4o vision); (b) Support-ticket and live-chat bodies plus admin context for AI Reply Drafts (GPT-4.1 Mini). Configured for zero data retention — inputs are not retained beyond request processing and are not used for model training	Power AI-assisted listings and admin support replies
Firebase Cloud Messaging (Google)	Device push tokens, notification title/body/data payload	Deliver mobile push notifications
Google Calendar / Google Meet	Your email, name, scheduled time, duration, and optional note when an admin schedules a call with you from a support ticket or live-chat session. Google emails the calendar invite directly to you	Schedule and host customer calls
Google Tag Manager / Analytics	Page views, route changes, e-commerce events, button clicks tagged with `data-gtm`	Platform analytics — subject to the Analytics toggle in our cookie banner
Vercel	Every HTTP request (URL, headers, source IP) appears in Vercel platform logs. Anonymous page views and Core Web Vitals via Vercel Analytics and Speed Insights	Hosting, cron execution, performance monitoring
Sentry	Error stack traces, request URLs, optional user ID attached to error events	Application error monitoring
DiscIt API	No personal data. A nightly cron pulls public disc-catalog data from DiscIt into our database; nothing flows out.	Disc-mold and plastic catalog sync
Namecheap	Domain registrar relationship only; no per-user data	Domain registration

For legal reasons

We may disclose information if required by law (subpoena, court order, government request) or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or violations of our Terms.

In a business transfer

If Disc.Market is acquired, merged, or reorganized, your information may transfer to the successor organization, subject to the protections of this policy (or we'll notify you and offer a choice to delete your data before the transfer closes).

06

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Card numbers, CVC codes, and bank account details never touch Disc.Market's servers — they go directly to Stripe via their client-side SDK over TLS.

Our marketplace operates on an escrow model. When you place an order, Stripe charges your card and the funds land in Disc.Market's platform account — not the Pro Shop's. The Pro Shop is not paid immediately. Once delivery is confirmed (via carrier tracking webhook) and a 3-day dispute window passes, we instruct Stripe to transfer the Pro Shop's share to their connected Stripe account, minus our 10% platform fee on the item subtotal + shipping. Sales tax is never part of the commission base. Stripe's processing fees (~2.9% + 30¢) are absorbed by Disc.Market, not deducted from the Pro Shop's payout.

This escrow design protects you: if something goes wrong before delivery, we can refund you directly from the funds on file, without needing to recover them from the Pro Shop. On a full refund or lost chargeback, we automatically revive the sold listing back to "live" status so other buyers can find it again.

Every Stripe webhook event is logged with its event ID before any side effects run, so replays are safe and no payment is processed twice.

07

Cookies, Local Storage, and Similar Technologies

Cookies we set

Supabase Auth cookies (HTTP-only). Names follow Supabase's sb-<project>-auth-token convention. These maintain your login session and are refreshed on every request by our middleware. Strictly necessary — disabling them prevents you from signing in.
Vercel platform cookies. The Vercel runtime may set its own cookies (e.g. __vercel_live_token on preview deploys). Strictly necessary for hosting.
Google Analytics / GTM cookies (_ga, _ga_*, _gid). Set by our Google Tag Manager container. Subject to the Analytics toggle in our cookie banner.

Cookie banner — four categories

Necessary (always on) — login, cart, CSRF, and similar.
Functional — recently-viewed listings, install prompts, and other UI preferences.
Analytics — Google Analytics and Vercel Analytics. Defaults to off in regions where consent is required; you can toggle it any time.
Marketing — reserved for future use. Currently not wired to any ad network. No retargeting pixels are loaded today.

Your preferences are stored in your browser under the dm-cookie-prefs and dm-cookie-consent local-storage keys, not as cookies.

What we store in your browser's local storage

dm-cookie-prefs, dm-cookie-consent — your cookie-consent choices.
dm_recently_viewed — the last 30 listings you viewed, so the homepage can resurface them. Functional tier.
Cart state. Your in-progress cart is persisted in local storage before checkout — listing IDs, titles, prices, image IDs, Pro Shop names, condition, brand, and basic specs — so you don't lose your cart on refresh.
Live-chat widget state. Open/closed state, current session hash, and any name/email you typed into the pre-chat form. Persisted so the widget remembers you across page navigations.
Theme, app-install dismissal, transient form drafts.

Global Privacy Control

We honor the Global Privacy Control (GPC) signal. If your browser sends GPC, we treat it as an opt-out of analytics and a "do not sell or share" signal under CCPA/CPRA. We do not respond to the legacy "Do Not Track" header, which was never standardized.

What we don't use

We do not use cross-site advertising cookies, retargeting pixels, or share data with ad networks. No Facebook Pixel, no Google Ads conversion pixels, no DoubleClick.

08

Mobile App Permissions

Our mobile app is a thin Capacitor shell that loads disc.market inside a WebView. It uses these native APIs on top of the web app:

Push notifications — registers a Firebase Cloud Messaging token so we can deliver alerts (new orders, shipping updates, payouts, messages). You can disable notifications in your device's system settings or unsubscribe from individual categories in Account → Notifications.
Camera and photo library — used by the Pro Shop listing form so you can shoot a photo of a disc and upload it directly. The image goes to Cloudflare Images; no photo is uploaded without your action.
Share sheet — used when you tap "Share" on a listing or Pro Shop. Hands off to your device's native share menu.
Haptics — small vibrations on certain UI events. Purely cosmetic.
App preferences — a small on-device key/value store for native settings (separate from the WebView's local storage).
Network status — detects offline state so we can show a graceful fallback page.
Status bar / splash screen — chrome only. No data collection.
Crashlytics — Firebase Crashlytics captures uncaught native crashes (stack trace, device model, OS version). No personally identifying info is intentionally attached.
In-app review prompt — uses Google Play's native review API to occasionally invite you to rate the app.

The mobile app does NOT request access to your location, contacts, microphone, calendar, or Bluetooth. No location permission is declared in the Android manifest or iOS plist.

09

Data Retention

We retain different categories of information for different periods, driven by a set of scheduled cleanup jobs and a few intentional "forever" tables. The high-level shape:

Kept indefinitely (financial / audit / safety)

Order records. Orders, order items, shipments, status history, payouts, refunds, and disputes are kept indefinitely for tax reporting, dispute resolution, and regulatory compliance (some state sales-tax audits look back 7+ years).
Reviews, listing Q&A, conversations, support tickets. Persisted indefinitely. If a review or listing is removed by moderation, the row is soft-hidden rather than deleted (the audit trail stays).
Stripe and EasyPost webhook event logs. Required for webhook idempotency.
Email log. Sends, deliveries, opens, clicks, bounces, and complaint events.
Pro Shop applications, Pro Shop setup progress, e-signature blob and signing IP. Legal audit trail for the Pro Shop Agreement.
Sales-tax nexus totals. Per-state running totals needed for tax compliance.
AI usage logs and training feedback. Anonymized to operator/admin and not joined to buyer data.
Newsletter subscribers. Until you click the one-click unsubscribe link in any newsletter email — the row stays marked "unsubscribed" thereafter so we don't accidentally re-add you.

Auto-deleted on a schedule

Abandoned checkouts. Unpaid checkout sessions older than 30 minutes — with the linked Stripe PaymentIntent in a non-active state — are deleted by a cleanup job that runs every 15 minutes.
Live-chat sessions. Inactive sessions auto-close after the configured timeout (default 30 minutes). Closed sessions auto-archive after the configured retention (default 30 days). Image attachments on archived sessions are deleted from Cloudflare after the configured image-retention window (default 90 days); the transcript text stays.
Orphaned images. A daily cron compares every Cloudflare Image asset against every database reference and deletes any unreferenced image more than 24 hours old.
Unused shipping labels. EasyPost labels purchased more than 28 days ago with no carrier scan are voided and refunded daily (most carriers stop refunding past 28 days).
Temporary bans. If your account was temporarily banned, the ban expires on schedule and the flag is cleared.

Push tokens, cart, favorites, addresses

Push tokens. Until you explicitly unregister, or your account is deleted (FK cascade).
Saved addresses. Until you delete them from Account → Addresses.
Cart items, favorites. Until you remove them or the listing is hard-deleted.

Third-party retention

Server logs, error reports. Vercel and Sentry retain logs and error events per their own policies (typically 30–90 days).
Analytics. Google Analytics retains per its default (currently 14 months).
Backups. Encrypted database backups follow Supabase's backup policy.

When you delete your account

We anonymize your email, username, and display name, delete your cart, favorites, push tokens, and saved addresses, and remove your active profile from public surfaces. Order history, financial records, dispute records, and the e-signature audit trail are retained as required by law. See the Your Rights section below for how to request deletion.

10

Your Rights

You have the following rights regardless of where you live:

Access / export. Download a machine-readable JSON archive of everything we hold about you — profile, addresses, orders, reviews, favorites, conversations, support tickets, push tokens, Pro Shop records (if applicable). Go to Account → Data & privacy and click "Export my data," or call GET /api/account/export while signed in.
Correction. Edit your display name, username, avatar, addresses, Pro Shop profile, and notification preferences at any time from your account settings.
Deletion. Delete your account from Account → Data & privacy (this calls POST /api/account/delete). We anonymize your personally identifying information and delete optional records. Order, payout, dispute, and e-signature records are retained as required by law and tax authority audits.
Unsubscribe from marketing. Every newsletter has a one-click unsubscribe link in the footer. You can also toggle the newsletter off from your account settings. Transactional emails (order confirmations, dispute notifications, payout receipts, etc.) continue — these are not marketing.
Turn off analytics. Toggle the Analytics category off in our cookie banner, send a Global Privacy Control signal from your browser, or use a privacy extension. We honor GPC platform-wide.
Turn off push notifications. Disable in your device settings, or unregister specific tokens through the mobile app, or toggle individual categories at Account → Notifications.

California residents (CCPA / CPRA)

If you're a California resident, you have the right to:

Know what categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it (covered in Information We Collect and How We Share above).
Access a portable copy of the specific pieces of personal information we hold about you (use the "Export my data" button in account settings).
Delete your personal information, subject to the exceptions in CCPA § 1798.105 (we retain order history, tax records, and fraud-prevention records as required by law).
Correct inaccurate personal information.
Limit use of sensitive personal information — we don't use sensitive PI for any purpose other than what's strictly necessary to provide the Services, so this right is automatically honored.
Opt out of "sale" or "sharing" of your personal information. We do not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of — but you can confirm this by contacting us.
Non-discrimination for exercising any of these rights. We will not deny service, charge different prices, or provide a different level of service.

To exercise these rights, use the Contact page. We may need to verify your identity (typically by confirming the email address on your account) before processing the request. You may also designate an authorized agent to act on your behalf; we'll require written proof of the authorization.

Other state residents (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others)

Several other US states have enacted comprehensive privacy laws giving residents substantially similar rights to California's: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and others as they take effect. If you are a resident of one of these states, you have the right to access, correct, delete, and obtain a copy of your personal information, and to opt out of the sale of personal data and targeted advertising. We extend these rights to residents of any US state with a comprehensive privacy law, regardless of whether we technically meet the law's threshold for applicability — it's simpler to honor them universally.

To exercise these rights, use the Contact page with the subject "Privacy Rights Request." If we deny your request and your state law provides for an appeal, you may appeal by submitting a follow-up message marked "Appeal" within 60 days.

EU / UK / EEA residents (GDPR / UK GDPR)

If you're in the EU, UK, or EEA, you have the additional rights to: restrict processing, object to processing based on legitimate interests, data portability, and to lodge a complaint with your local supervisory authority. Our legal basis for processing is: contract (to operate the marketplace), legitimate interests (fraud prevention, security, service improvement), consent (marketing emails, optional analytics), and legal obligation (tax, records retention).

International data transfers rely on standard contractual clauses where required. The Services are operated from the United States.

How long it takes us to respond

We aim to respond to all rights requests within 30 days, which is the shortest deadline across the US state privacy laws. If we need more time we'll let you know within that window with an estimated completion date and the reason for the extension. Requests that require additional verification (e.g., for sensitive deletion requests) may take longer; we'll keep you posted.

11

Children's Privacy

Disc.Market is intended for adults age 18 and older. The Services are not directed to children, and we do not knowingly collect personal information from anyone under 18. If we become aware that we have received personal information from a person under 18 without verifiable parental consent, we will promptly delete it.

Parents and guardians: if you believe a child has provided us with personal information, please reach us via the Contact page with the subject "Children's Privacy" and we'll take prompt action — typically deleting the account and any associated data within 7 days.

We comply with the Children's Online Privacy Protection Act (COPPA) for users under 13 and apply the same protections to anyone we identify as under 18. We do not target ads to minors, and we do not display interest-based ads to anyone — minor or adult — on the Services.

12

Security

We take reasonable and appropriate measures to protect your information, including:

TLS (HTTPS) encryption for all traffic between your browser and our servers
Password hashing handled by Supabase Auth (never stored in plaintext)
Row-level authorization enforced in our application layer for every authenticated request
Strict Zod whitelist validation on every state-changing API endpoint, so a malicious request can't overwrite fields it shouldn't (Pro Shop PATCH routes, for example, can't be tricked into reassigning ownership)
Tiered rate limiting on authentication, mutation, webhook, messaging, livechat, and upload endpoints
Idempotent handling of every Stripe and EasyPost webhook event (event ID logged before any side effects)
HTTP-only auth cookies; passwords + session tokens never accessible to JavaScript
HTML sanitization on every piece of user-authored content rendered to other users (no script injection, no inline event handlers, no data-URI exfiltration)
Regular dependency scans and security updates
Encrypted database backups via our infrastructure provider (Supabase / AWS)

Despite these measures, no online service is 100% secure. In the event of a security incident that affects your personal information, we will notify you and any required regulators without undue delay and in accordance with applicable law.

13

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business. When we do, we'll revise the "Last updated" date at the top of this page. If changes are material, we'll also post a notice on the homepage and email users with active accounts at least 7 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

14

Contact Us

For privacy-specific questions, data-rights requests, or complaints, please use the Contact page and select the topic that fits your inquiry. The contact form routes directly to our team and is the fastest way to reach us.

We aim to respond to all privacy inquiries within 10 business days and to data-rights requests within 30 days (or sooner if required by law). If we need more time, we'll let you know within that window with an estimated completion date and the reason.

Disc.Market LLC is the controller of your personal information.