01
The short version
We collect only the data required to run the house — your account details, order history, uploads and interactions on the platform. We do not sell your data. We do not run behavioural ad networks. You may request an export or deletion at any time via the Contact page.
02
What we collect
Account: your email, chosen display name, avatar and role. Commerce: shipping address, order history and payment references (never full card numbers — those live with our payments processor). Uploads: images and files you attach to applications, community posts and brand assets. Telemetry: standard server logs (IP, user agent, path) retained for security.
03
How we use it
To render the platform, deliver your orders, keep your account secure, notify you about bids and drops you opted into, and improve the product. Aggregated, non-identifying analytics inform editorial decisions — never advertising resale.
04
Who we share with
Sub-processors we rely on to operate the house: our cloud backend and storage provider, our payments processor, our email/SMS delivery provider and — for brand orders — the fulfilling brand. Each is contractually bound to protect your data.
05
Cookies & storage
We use first-party cookies and browser storage to keep you signed in and to remember your cart. No third-party advertising cookies are set by the house. You may clear these at any time in your browser settings.
06
Your rights
You may access, correct, export or delete your personal data at any time — write to the Contact page and we will respond within 30 days. You may unsubscribe from newsletter and marketing notifications from any email footer or your account preferences.
07
Retention
Account and order data are retained for as long as your account is active plus the periods required by tax and consumer-protection law. Uploaded media are removed within 30 days of account deletion, except where the material has been published as part of an editorial artefact.
08
International transfers
Our infrastructure operates globally. Data may be processed in jurisdictions outside your own. Standard contractual clauses are used where required.
09
Security
Row-level security, encrypted transport and least-privilege service accounts are enforced across the backend. Access to production data is limited to a small, audited group of engineers. Suspected breaches will be disclosed to affected members within 72 hours.
10
Contact
Data subject requests and privacy questions should be sent via the Contact page marked "Privacy".