Cart

Privacy Policy

Last updated: March 2026

This Privacy Policy explains what personal data PreOwnedBooks collects, how we use it, and your rights. We keep it brief and plain — no legal fog.

1. What we collect

Account data: email address, display name, and password (hashed — we never see it in plain text) when you register.

Profile data: bio, avatar, and store information you choose to add.

Transaction data: shipping addresses, order history, and payment records (card numbers are handled entirely by Stripe — we never store them).

Usage data: pages visited, searches performed, and actions taken on the platform, collected via server logs.

Communications: messages you send to us via email.

2. How we use your data

We use your data to:

  • Operate the marketplace — process orders, facilitate payments, enable messaging
  • Send transactional emails (order confirmations, shipping updates, password resets)
  • Detect and prevent fraud and policy violations
  • Improve the platform based on aggregate usage patterns
  • Comply with legal obligations

We do not sell your personal data. We do not use it for targeted advertising.

3. Who we share data with

We share data only with the services we need to operate:

  • Stripe — payment processing and seller payouts. Stripe's privacy policy applies to data they collect during payment flows.
  • Resend — transactional email delivery.
  • Supabase — image storage for listing photos.
  • Railway / Vercel — infrastructure hosting.
  • PostHog — product analytics (page views, feature usage). Only activated with your consent. PostHog is configured to respect your cookie preferences and does not share data with advertisers.

All providers are bound by data processing agreements and operate in compliance with GDPR and applicable data protection laws.

4. Cookies and local storage

We use an httpOnly cookie to store your refresh token (required for keeping you logged in) and a short-lived cookie for your access token. These are essential for the service to work and do not require consent.

With your consent, we also use analytics cookies via PostHog to understand how the platform is used — which pages are visited, where people get stuck, and which features matter most. This helps us improve the product. You can accept or decline analytics cookies via the cookie banner, and change your choice at any time by clearing your browser cookies or contacting us.

We do not use advertising cookies. We do not share data with ad networks.

5. Data retention

Account data is retained while your account is active. After account deletion, personal data is purged within 30 days, except where we are required to retain it for legal or financial compliance (e.g. transaction records, which we keep for 7 years per accounting requirements).

6. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data (via Account Settings)
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing in certain circumstances

To exercise any of these rights, email us at preowned@books.com. We will respond within 30 days.

7. Security

Passwords are hashed using Argon2id. All connections use HTTPS. Access tokens expire after 15 minutes; refresh tokens are rotated on every use and hashed in the database. We conduct regular security reviews.

8. Children

PreOwnedBooks is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will remove it.

9. Changes to this policy

We'll notify you by email of any material changes. Continued use after the effective date constitutes acceptance.

10. Contact

Privacy questions: preowned@books.com