Privacy Policy

This Privacy Policy explains how FlashListing ("FlashListing," "we," "us," or "our") collects, uses, discloses, protects, and retains information when you use FlashListing.io, account dashboards, public sale pages, buyer inquiry forms, collaborator tools, image uploads, email features, and related services.

By using FlashListing, you agree that information will be handled as described in this Policy and our Terms of Service.

Account and authentication data. We collect email addresses, authentication identifiers, login metadata, OAuth provider data where applicable, and password credentials handled through Supabase authentication. Passwords are processed by the authentication provider and are not stored by FlashListing in plain text.

Sale catalog data. Sellers provide sale titles, descriptions, locations or pickup areas, pickup notes, contact email or phone information, item titles, categories, conditions, prices, statuses, item descriptions, photos, and related metadata.

Buyer inquiry data. Buyers may submit names, email addresses, phone numbers, messages, item references, inquiry status, timestamps, source information, and related metadata. This information is shared with the applicable seller and authorized collaborators.

Collaborator data. We process collaborator email addresses, roles, invite tokens, invitation status, accepted status, user identifiers, and timestamps to support team access.

Uploaded content. We store photos and image variants in object storage, including storage keys, public URLs, file metadata, and cleanup job data used to manage deletion.

Technical and usage data. We may collect IP address, browser type, device information, operating system, referring pages, pages viewed, actions taken, timestamps, logs, session cookies, security events, and approximate location derived from network data.

We collect information directly from users when they create accounts, create sale pages, upload photos, invite collaborators, submit buyer inquiries, contact support, or otherwise interact with the Service.

We also collect technical information automatically through cookies, logs, authentication sessions, analytics tools, database events, and infrastructure providers. In some cases, sellers or collaborators may provide information about other people, such as buyer contact details or collaborator email addresses.

We use information to:

• Create, authenticate, secure, and support user accounts.
• Operate sale dashboards, public sale pages, listings, image galleries, and collaborator permissions.
• Deliver buyer inquiries to sellers and authorized collaborators.
• Send transactional emails, invitations, account notices, support replies, and security notices.
• Detect, prevent, and investigate spam, fraud, abuse, prohibited listings, policy violations, unauthorized access, and security incidents.
• Maintain, troubleshoot, debug, analyze, and improve the Service.
• Enforce our Terms, policies, and legal rights.
• Comply with legal obligations and respond to valid legal requests.

We do not sell personal information for third-party advertising. We do not operate FlashListing as an advertising data broker.

When a seller publishes a sale page, catalog content becomes publicly accessible to anyone with the URL and may be indexed, cached, shared, copied, or archived by third parties. Public catalog content may include item photos, titles, prices, descriptions, sale location text, pickup notes, and seller-provided contact information.

Buyer inquiries are not public sale page content, but they are provided to the applicable seller and may be accessible to authorized collaborators with inquiry access. Buyers should not include sensitive information in inquiry messages.

We use cookies and similar technologies for authentication sessions, account security, product functionality, fraud prevention, and usage analytics. Disabling cookies may prevent login, dashboard access, collaborator acceptance, or other core functionality.

We may use privacy-conscious analytics or event logging to understand page performance, feature usage, conversion, and reliability. We do not use third-party advertising cookies to sell behavioral advertising profiles.

We send transactional and service emails such as account confirmation, password reset, collaborator invitations, buyer inquiry notices, support responses, policy notices, security alerts, and operational updates. These messages are necessary to provide the Service and may not include marketing opt-out controls.

If we later send optional marketing emails, we will provide legally required unsubscribe or preference controls.

We use service providers to host, secure, operate, and support the Service. These providers may process information on our behalf, including:

• Supabase for authentication, database, storage metadata, and row-level security support.
• Stripe for payment processing, subscription billing, and billing portal management. When you subscribe to a paid plan, payment information (such as card details) is collected directly by Stripe and processed according to Stripe's Privacy Policy. FlashListing does not store full payment card numbers, CVV codes, or raw card data on its own servers.
• Cloudflare R2 for object storage and delivery of uploaded image files and variants.
• Cloudflare Turnstile for bot and spam protection on public forms.
• Resend for transactional email delivery.
• Vercel Analytics for privacy-conscious product analytics and page/event measurement.
• Sentry for error monitoring, reliability diagnostics, and security-relevant debugging.
• Hosting, logging, infrastructure, security, and support vendors used to operate the production stack.

These providers may process data in the United States or other jurisdictions where they or their sub-processors operate.

We may share information:

• With sellers and authorized collaborators when buyers submit inquiries.
• With service providers that process data for hosting, authentication, storage, email, analytics, support, security, and operations.
• With law enforcement, regulators, courts, or other parties when required by law or when we believe disclosure is necessary to protect rights, safety, security, users, or the Service.
• In connection with a merger, acquisition, financing, corporate transaction, reorganization, or sale of assets, subject to appropriate continuity of privacy obligations.
• With your direction or consent.

We retain account data, sale data, inquiry data, collaborator data, content, logs, and related records for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, and support business operations.

When items, images, sale pages, or accounts are deleted, associated records may be removed from active systems or queued for deletion. Copies may remain for a limited period in backups, logs, caches, security records, fraud prevention systems, or legal holds.

We use administrative, technical, and organizational safeguards designed to protect information, including HTTPS/TLS, authentication controls, Supabase row-level security, server-side ownership checks, signed upload URLs, access-limited storage operations, operational logging, and vendor security controls.

No online service can guarantee absolute security. You are responsible for using a strong password, protecting your account, choosing collaborators carefully, and avoiding unnecessary sensitive information in public listings or inquiry messages.

Depending on your location, you may have rights to access, correct, delete, export, object to, or restrict certain processing of personal information. You may also have the right to appeal certain privacy decisions or lodge a complaint with a regulator.

To make a request, contact privacy@flashlisting.io. We may need to verify your identity before fulfilling a request. Some information may be retained where permitted or required for security, fraud prevention, legal compliance, dispute resolution, or legitimate business purposes.

FlashListing is not intended for children under 13 and is not directed to minors. Sellers and account holders must be at least 18. If you believe a child has provided personal information to us, contact privacy@flashlisting.io.

Certain U.S. state privacy laws may provide additional rights. We do not sell personal information for money and do not knowingly sell or share personal information of minors. We use service providers to process data for operational purposes and may disclose information for security, legal, and business operations as described above.

If you submit a privacy request, we will evaluate and respond consistent with applicable law.

We may update this Policy from time to time. The "Last updated" date identifies the latest version. Your continued use of the Service after updates means you acknowledge the updated Policy.

Privacy questions and requests may be sent to privacy@flashlisting.io. General support is available at hello@flashlisting.io.