Privacy Policy

What we collect

• Account information: Name, email address, and password (stored as a bcrypt hash — we never see your plaintext password).
• Location data: Optional ZIP code, city, and state you provide. We do not automatically capture precise GPS coordinates without your explicit action.
• Post content: Titles, descriptions, and photos you upload.
• Log data: IP addresses and timestamps for rate limiting, fraud prevention, and security.
• Messages: Private messages between users, stored to deliver them to recipients.

How we use it

• To provide and improve the Service.
• To send transactional emails (verification, password reset, expiry warnings). We do not send marketing emails.
• To enforce our Terms of Service and detect abuse.
• To display your public profile information (name, location area, bio) to other users.

What we don't do

• We do not sell your personal information to third parties.
• We do not run behavioral advertising.
• We do not share your email address with other users.

Data retention

Active accounts and their posts are retained while your account is active. Expired posts are archived (not deleted) for fraud-prevention purposes. You may request account deletion by contacting us.

Cookies

We use a single session cookie to keep you logged in. We do not use third-party tracking cookies.

Third-party services

We use the following third-party services that may process some data:

• Nominatim / OpenStreetMap — reverse geocoding when you use the "Use my location" button. Your coordinates are sent to their servers.
• Zippopotam.us — ZIP code lookup. Your ZIP is sent to their servers.
• ipapi.co — IP-based location for the area picker on non-HTTPS connections.

Security

Passwords are hashed with bcrypt (cost 12). All form submissions use CSRF tokens. We use rate limiting to prevent brute-force attacks.

Changes

We may update this policy. Changes will be posted here with an updated date.