Privacy Policy

Last updated: May 6, 2026 · Effective immediately

1. Information We Collect

When you use MarketNest, we collect:

• Account information: Name, email address, and password (hashed, never stored in plain text)
• Transaction data: Orders placed, items purchased, payment amounts
• Seller information: Shop name, description, product listings, payout details
• Session data: Browser cookies for authentication and cart persistence
• Usage data: Page views and browsing behavior via anonymous analytics

2. How We Use Your Information

We use collected information to:

• Process transactions and facilitate marketplace activity
• Authenticate users and maintain secure sessions
• Send order confirmations and fulfillment updates
• Detect and prevent fraud and policy violations
• Improve platform features and user experience
• Calculate and collect platform fees

3. Payment Information

Payment processing is handled by Stripe. MarketNest does not store your full credit card numbers. Stripe's privacy policy governs how payment data is handled. We store only the Stripe session ID and transaction amounts necessary to track orders and calculate fees.

4. Data Sharing

We share your information with:

• Sellers: When you place an order, the seller receives your name, email, and shipping address to fulfill the order
• Stripe: For payment processing
• Cloudflare R2: For storing product images uploaded by sellers

We do not sell your personal information to third parties.

5. Cookies

MarketNest uses cookies for:

• Session authentication (required for logged-in features)
• Guest cart persistence (anonymous shopping cart)
• Anonymous analytics (page view counting)

6. Data Retention

Account data is retained as long as your account is active. Order records are retained for 7 years for financial compliance. You may request deletion of your personal data by contacting us — we will delete account data while retaining transaction records as required by law.

7. Security

We protect your data with:

• Bcrypt password hashing
• HTTPS-only communication in production
• Parameterized database queries (SQL injection prevention)
• HttpOnly session cookies
• Rate limiting on authentication endpoints

8. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us through your account dashboard or the platform's support channel.

9. Changes to This Policy

We may update this privacy policy as the platform evolves. Significant changes will be communicated via email or a notice on the platform.