Bazaar Beta

Last updated: December 15, 2025

Privacy Policy

This Privacy Policy explains how Bazaar (“we”, “us”, “our”) collects, uses, and protects your information when you use our website, marketplace, gear management tools, and related services.

Introduction

Bazaar lets you manage gear, list items for sale, message other users, and subscribe to paid plans. By using Bazaar, you agree to the practices described here.

Who We Are

Bazaar operates at https://bazaar.rocks. Our API runs at https://api.bazaar.rocks.

Data We Collect

  • Account data: Email, username, password (hashed), first/last name, display name.
  • Profile data: Bio, avatar URL/image, notification preferences, subscription tier, suspension status, report count.
  • Address & location (optional): Street/city/state/ZIP, latitude/longitude (geocoded via OpenCage), marketplace item location.
  • Marketplace & gear data: Titles, descriptions, categories, filters, prices, status, maintenance history, images (stored via Django storage/S3/R2 or local in dev).
  • Media: Uploaded images/files for items, bulletins, avatars (public URLs after upload).
  • Messages & threads: Chat threads and message content between users.
  • Reports: Report reason and description about users/items/bulletins.
  • Billing data (via Stripe): Stripe customer/session IDs, price IDs, subscription status. Card details stay with Stripe.
  • Logs & device data: IP (via server logs), timestamps, user-agent, referrers (typical web logs).
  • Cookies: Sessionid, csrftoken, and related auth/CSRF cookies; SameSite/secure vary by environment.

How We Use Data

  • To provide core features: accounts, gear management, marketplace listings, messaging, favorites, maintenance logs.
  • To process subscriptions and payments via Stripe.
  • To geocode optional addresses for item location (OpenCage).
  • To send transactional emails (login, notifications, reports, verification, favorite-item updates).
  • To enforce limits by subscription tier (gear/listing caps), drafts, and suspension rules.
  • To maintain security, debug, and prevent fraud/abuse.

Cookies & Tracking

We use session and CSRF cookies for authentication and request protection. No third-party ads tracking is used. In production, cookies are Secure/SameSite=None; in development they may be Lax.

Sharing & Transfers

  • Stripe: For payments and subscription management.
  • OpenCage Geocoding: To translate addresses/ZIPs to lat/long when provided.
  • Storage (S3/R2 or local dev): To store and serve uploaded images/files.
  • Email (SMTP/Gmail): To send transactional emails.
  • Legal/safety: If required by law or to protect users and the service.

We do not sell personal information.

Payments (Stripe)

Subscriptions are processed by Stripe. Stripe receives your payment information, billing details, and may place cookies/trackers per their policy. We store Stripe customer/session/price IDs and subscription status, but not your full card details.

Storage & Security

  • Data is stored in our databases and object storage (S3-compatible) or local storage in development.
  • Passwords are hashed. CSRF protection is enabled. HTTPS is enforced in production.
  • Access to production resources is restricted to authorized personnel.

Data Retention

  • Account data is retained while your account is active; you can request deletion.
  • Listings may be scheduled for deletion after being sold (non-gear) per business rules.
  • Logs and backups are kept for a limited time per operational needs.

Your Rights & Choices

  • Access and update your profile info.
  • Manage notifications and favorites.
  • Delete items/listings you own; request account deletion.
  • Opt out of marketing (we currently send only transactional messages).

Children

Bazaar is not intended for children under 13. If you believe a child has provided data, contact us to remove it.

Changes to this Policy

We may update this policy. We will revise the “Last updated” date and, where appropriate, provide notice in the app.

Contact

If you have questions or requests about this policy, contact: bazaar.notifications@gmail.com