safeloc

Privacy

Plain-language summary. A formal policy will be published before general-availability launch.

  • 24-hour retention. Pickup links are hard-deleted from the database 24 hours after creation. Nothing older than that lives in our system.
  • Address encryption. Seller addresses and coordinates are encrypted at rest with AES-256-GCM. The encryption key is stored separately from the database. The item name and any seller note you add are not encrypted — they're stored in plain text and visible to anyone who has the link, even before it unlocks. Don't put address details in them.
  • Buyer locations are never stored. When a buyer taps “check my distance,” their coordinates are used in memory to compute the distance and then discarded. Not written to disk, not logged, not sent to analytics.
  • No accounts. We don't ask for emails, phone numbers, or names.
  • No cross-site tracking. No Facebook Pixel, no Google Analytics, no third-party ad trackers.