Privacy Policy

How we handle your information

Last updated: October 15, 2025

This Privacy Policy explains how BuyMap ("we", "us") handles your information when you use our website and app at buymap.app. By using BuyMap, you agree to the collection and use of information in accordance with this policy.

1) What we collect

  • Account: email and basic profile (through Clerk)
  • Connections: eBay OAuth tokens and consent timestamps (encrypted)
  • Usage: searches, product views, daily request counts for rate‑limiting
  • Payments: Stripe customer ID, subscription status (we don't store full card details)
  • Device & logs: IP address, browser/OS, performance/uptime data
  • Local‑only (your browser): filters, ZIP code for shipping estimates, theme, hidden listings

We do not sell personal information.

2) How we use it

  • Provide and secure your account (sign‑in, sessions)
  • Fetch and show eBay results you request
  • Enforce plan limits and prevent abuse
  • Improve performance and fix issues
  • Manage billing and transactional emails
  • Comply with legal and platform requirements (e.g., eBay policies)

3) Who processes your data (service providers)

We use trusted providers to run BuyMap. They process data only to deliver their services to us:

  • Clerk – authentication and account management
  • Stripe – payment processing and subscriptions
  • eBay – catalog/listing data and OAuth access you authorize
  • Vercel – hosting, performance, and privacy‑friendly analytics

Links to each provider's privacy terms are available on their websites.

4) Cookies & tracking

  • Essential cookies: sign‑in/session security, load balancing
  • Analytics: high‑level usage and performance metrics
  • Local storage (not sent to us): filters, ZIP code, theme, hidden listings
  • Affiliate tracking: links to eBay include parameters; eBay may set its own cookies when you visit their site

5) Data retention & deletion

  • Account and subscription data: kept while your account is active
  • eBay tokens: expire per eBay policy and are rotated/removed as needed
  • Rate‑limit and log data: typically ~30 days
  • Billing records: retained as required by tax/accounting laws
  • You can request deletion of your account and associated data (some legal exceptions may apply)

6) Security

  • HTTPS in transit; sensitive tokens encrypted at rest
  • Access controls and least‑privilege practices
  • Monitoring and regular updates
  • No method of transmission or storage is 100% secure

7) Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data and to object or restrict certain processing. We'll honor applicable laws (e.g., GDPR/CCPA).

How to exercise your rights: submit a request at buymap.app/contact. We aim to respond within 30 days.

8) Age requirement

BuyMap is intended for users 18 and older.

9) Changes

We may update this Policy. We'll change the "Last updated" date and, for material changes, provide additional notice.

10) Contact

Questions or requests: buymap.app/contact.

This Privacy Policy is effective as of October 15, 2025. For questions or concerns, please contact us.