Privacy Policy

Last updated: March 27, 2026

[LEGAL REVIEW REQUIRED: Full privacy policy before launch] — This document is a placeholder template that outlines our intended data practices. It has not been reviewed by qualified legal counsel and does not constitute legal compliance with GDPR, CCPA, or other applicable privacy regulations. A licensed attorney must review and approve this policy before the Platform is made available to the public.

1. Information We Collect

We collect information that you provide directly and information generated automatically through your use of the Platform:

  • Account information — email address and display name provided at registration (via email/password or OAuth with Google or GitHub).
  • Payment information — Stripe handles all payment processing. We store only Stripe customer IDs and payout account references; we do not store raw card numbers, bank account numbers, or other sensitive financial data on our servers.
  • Listing metadata — dataset titles, descriptions, schema definitions, pricing, category, and other information you provide when creating a listing.
  • Transaction records — records of purchases, bids, auction outcomes, payouts, and disputes involving your account.
  • API logs — when you or your Agent accesses the Platform via API or MCP server, we log request metadata including timestamps, endpoints accessed, API key identifiers (not the key itself), and response codes for security and abuse detection.
  • Usage data — standard web analytics such as pages visited, referrer, browser type, and IP address (collected through our analytics provider).

2. How We Use Your Information

We use the information we collect to:

  • Operate the marketplace — create and manage your account, facilitate listings, purchases, bids, and payouts between Sellers and Buyers.
  • Process payments — pass transaction data to Stripe for payment processing and fraud prevention.
  • Send transactional emails — confirmations, receipts, payout notifications, auction status updates, and security alerts via our email provider (Resend). We do not send marketing emails without explicit opt-in consent.
  • Detect and prevent abuse — monitor API logs, bid patterns, and listing content to enforce our Acceptable Use Policy and protect users.
  • Improve the Platform — analyze aggregate, anonymized usage patterns to improve product features and performance.

We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.

3. Data Retention

We retain your data for the following periods:

  • Account data — retained while your account is active and for two (2) years after account deletion, to support dispute resolution and regulatory obligations.
  • Transaction records — retained for seven (7) years following the transaction date to comply with tax and financial reporting requirements.
  • API logs — retained for 90 days under standard operation, and up to two years where a security incident is under investigation.

You may request deletion of your account at any time. We will honor deletion requests subject to the retention requirements above and any legal obligations that require us to retain certain records.

4. Contact

For privacy-related questions, requests to access or delete your data, or to report a potential privacy concern, please contact our privacy team:

Email: privacy@databazaar.com

We aim to respond to all privacy inquiries within 30 days.

See also: Terms of Service · DMCA Policy