Privacy
Plain-language summary. A formal policy will be published before general-availability launch.
- 24-hour retention. Pickup links are hard-deleted from the database 24 hours after creation. Nothing older than that lives in our system.
- Address encryption. Seller addresses and coordinates are encrypted at rest with AES-256-GCM. The encryption key is stored separately from the database. The item name and any seller note you add are not encrypted — they're stored in plain text and visible to anyone who has the link, even before it unlocks. Don't put address details in them.
- Buyer locations are never stored. When a buyer taps “check my distance,” their coordinates are used in memory to compute the distance and then discarded. Not written to disk, not logged, not sent to analytics.
- No accounts. We don't ask for emails, phone numbers, or names.
- No cross-site tracking. No Facebook Pixel, no Google Analytics, no third-party ad trackers.