Privacy Policy

Effective: 1 January 2026 · Change log

1. Overview

Nearby Garage Sale ("we", "us") operates a global, country-locked marketplace for garage, yard and estate sales. This policy explains what we collect, why, and your rights — including rights granted by the EU GDPR, UK GDPR, California CCPA/CPRA, Brazil LGPD, India DPDP Act, Australia Privacy Act and equivalents in 40+ other countries.

Plain-English summary: We never sell your data. We only collect what we need to run the marketplace. You can see, export or delete everything we hold about you at any time.

2. Data we collect

  • Account data (legal basis: contract): mobile number, email, full name, password-less OTP codes, country code, preferred language.
  • Profile data (legitimate interest): avatar, bio, city/state/locality/postcode, date of birth (if provided).
  • Listing & transaction data: items, photos, chat messages, orders, reviews, ratings.
  • Technical data: IP, user-agent, device type, coarse geolocation (country) — used for country-lock and fraud prevention.
  • Optional data: precise geolocation (only with your browser's permission), NGO / logistics certificates.

3. How we use your data

  • To operate the marketplace and connect buyers with sellers in the same country.
  • To verify your identity (OTP) and prevent fraud and abuse.
  • To show you UI in your preferred language.
  • To improve the product via aggregated, anonymised analytics.
  • To comply with tax, accounting and law-enforcement requests.

4. Sharing & processors

We do not sell personal data (required CCPA/CPRA disclosure). We share limited data with:

  • Transaction counterparties — e.g. the seller sees your first name and handle after you confirm an order.
  • Sub-processors under contract: Cloudflare (hosting, CDN, bot protection); email/SMS providers for OTP.
  • Authorities, only with a valid legal order.

5. Retention

Account data: while your account is active, plus 90 days after deletion for fraud-prevention, then permanently anonymised. Transaction records: up to 7 years (tax law). Chat logs: 2 years. Reports and moderation evidence: 2 years.

6. Your rights (GDPR / CCPA / LGPD / DPDP / etc.)

  • Right of access — download everything we hold about you via Settings ▸ Export data.
  • Right to correct — edit your profile at any time.
  • Right to erasure ("be forgotten") — Settings ▸ Delete account. We will permanently anonymise your data within 30 days.
  • Right to restrict or object to certain processing (opt out of analytics).
  • Right to data portability — receive your data in JSON.
  • CCPA / CPRA (California): right to know, delete, correct, opt-out of sale/share (we do neither), and non-discrimination.
  • GDPR / LGPD: right to lodge a complaint with your supervisory authority.

7. HIPAA & health-information note

Nearby Garage Sale is not a covered entity under HIPAA. We prohibit the listing of prescription medications or any protected health information (PHI). If you are a HIPAA-covered entity and a user accidentally shares PHI via chat, notify us at dpo@nearbygaragesale.com — we will delete the data immediately and assist with breach notifications.

8. International transfers

Data is stored on Cloudflare's global edge network. For EU/UK/Swiss residents, transfers to non-adequacy jurisdictions rely on Standard Contractual Clauses (SCCs) + supplementary safeguards. For Russian residents (152-FZ), personal data is first stored in a Russia-resident database before any cross-border processing.

9. Cookies & tracking

See our full Cookie Policy. We use only strictly-necessary, preference and privacy-friendly analytics cookies. We never use advertising or cross-site tracking cookies.

10. Children

The service is not directed to children under 16 (EU) / 13 (US). We do not knowingly collect data from children. Parents can request deletion at privacy@nearbygaragesale.com.

11. Security

HTTPS everywhere, HttpOnly / Secure / SameSite session cookies, prepared SQL statements only, strict Content-Security-Policy, rate-limited OTP, 24-hour human moderation team.

12. Contact / Data Protection Officer

Email dpo@nearbygaragesale.com. EU representative: contact support for details. We respond to privacy requests within 30 days.

Change log

  • Jan 2026: Expanded to cover global operations, GDPR/CCPA/LGPD/HIPAA/DPDP, 25 languages and country-lock.