ReNew Market

1. Information We Collect

1.1 Account Information

Full name and email address (required at registration)
Date of birth (used for age verification)
Profile photo and bio (optional)
Account role (buyer, seller, or both)

1.2 Transaction Data

Purchase history and order details
Payment method details (processed and stored by Stripe — we do not store card numbers)
Shipping addresses
Seller earnings and fee records

1.3 Listing Data

Product descriptions, prices, and photos you upload
Measurements and condition details
Sustainability badge selections

1.4 Usage Data

Pages viewed and search queries
Products viewed, saved, and purchased
Device type, browser, and operating system
IP address and approximate location
Session duration and interaction data

1.5 Communications

Messages sent between buyers and sellers on the Platform
Dispute and return communications
Support requests sent to our team

2. How We Use Your Information

2.1 Core Platform Operations

Processing and fulfilling transactions
Enabling communication between buyers and sellers
Providing order tracking and shipping updates
Calculating and processing seller payouts

2.2 Personalisation

Generating personalised product recommendations based on your browsing and purchase history
Calculating your Eco Score and sustainability level
Surfacing relevant search results and trending items

2.3 Safety & Compliance

Detecting and preventing fraud, abuse, and prohibited listings
Verifying user age and seller identity (KYC)
Complying with legal obligations and responding to legal requests
Generating tax reports for sellers (1099-K compliance)

2.4 Platform Improvement

Analysing usage patterns to improve features and performance
Conducting internal research and analytics
Identifying and fixing bugs and technical issues

3. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

3.1 Service Providers

Stripe — payment processing and seller identity verification
Shippo / EasyPost — shipping label generation and tracking
Supabase — database and file storage infrastructure
Resend — transactional email delivery
Vercel — platform hosting and analytics

3.2 Legal Requirements

We may disclose your information to legal authorities when required by law, court order, or to protect the rights and safety of our users.

3.3 Transaction Parties

When a purchase is made, we share necessary order details (name, shipping address) with the seller to fulfil the order. Sellers do not receive your payment information.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of such changes.

4. Cookies & Tracking Technologies

4.1 Types of Cookies We Use

Essential cookies — required for the Platform to function (authentication sessions, shopping cart)
Analytics cookies — help us understand how users interact with the Platform (Vercel Analytics)
Preference cookies — remember your settings and preferences

4.2 Your Cookie Choices

You can manage your cookie preferences at any time using the cookie settings panel accessible from the footer. Declining non-essential cookies will not affect core Platform functionality.

Most browsers also allow you to refuse cookies through browser settings, though this may affect your experience.

5. Data Retention

Account data is retained for as long as your account is active
Transaction and order records are retained for 7 years for tax and legal compliance purposes
Usage and analytics data is retained for up to 24 months
Deleted account data is permanently removed within 30 days, except where legal retention obligations apply

6. Your Rights

You have the following rights over your personal data:

Access — request a copy of the personal data we hold about you
Correction — update or correct inaccurate information via your profile settings
Deletion — request that we delete your account and associated data
Portability — receive your data in a machine-readable format
Opt-out — opt out of personalised recommendations or marketing emails at any time
Restriction — request that we limit how we process your data in certain circumstances

To exercise any of these rights, contact us at privacy@renewmarket.com. We will respond within 30 days.

7. Data Security

All data is encrypted in transit using TLS/HTTPS
Database access is controlled by Row Level Security (RLS) policies
Payment processing is handled entirely by Stripe — we never store card details
API routes are protected by authentication and rate limiting
We conduct regular security reviews and promptly address identified vulnerabilities

No method of transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

ReNew Market is not directed at users under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has created an account, we will promptly delete the account and associated data.

If you believe a minor has created an account, please contact us at privacy@renewmarket.com.

9. California Privacy Rights (CCPA)

California residents have the following additional rights under the California Consumer Privacy Act (CCPA):

Right to Know — what personal information we collect, use, disclose, and sell
Right to Delete — request deletion of your personal information
Right to Opt-Out — we do not sell personal information; no opt-out required
Right to Non-Discrimination — we will not discriminate against you for exercising your rights

To submit a CCPA request, email privacy@renewmarket.com with "CCPA Request" in the subject line.

10. European Users (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

The lawful basis for processing your data is contractual necessity (to provide the Platform), legitimate interest (fraud prevention, analytics), and your consent (marketing communications)
You have the right to lodge a complaint with your local data protection authority
Data transfers outside the EEA are protected by appropriate safeguards (Standard Contractual Clauses)

Our EU representative can be contacted at eu-privacy@renewmarket.com.

11. Contact Us

For privacy-related enquiries, requests, or complaints:

Email: privacy@renewmarket.com
Response time: Within 30 days of receipt

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the Platform after updates constitutes acceptance.

This Privacy Policy is a template and does not constitute legal advice. Consult a qualified attorney to ensure compliance with all applicable data protection laws before launching your platform.