Privacy Policy

Account data from sign-in (name, email, avatar, GitHub login when you connect GitHub), listing content you submit, purchase records, encrypted seller GitHub tokens, and technical logs (IP, user agent) for security and debugging.

To operate the marketplace: authenticate you, process payments, grant GitHub access, send transactional email, prevent fraud, and improve the product. We do not sell your personal data.

We share data with service providers as needed: Clerk (authentication), Razorpay (payments), GitHub (access management via API), Resend (email), and hosting/storage providers for images. Their privacy policies apply to their processing.

Seller GitHub tokens are encrypted at rest (AES-256-GCM). Webhooks are signature-verified. Access to production systems is restricted. No method is 100% secure; report concerns to us promptly.

We retain account and transaction data while your account is active and as required for legal, tax, or dispute purposes. You may request deletion by contacting us; some records may be retained where required by law.

Depending on your location, you may have rights to access, correct, or delete personal data. Contact us to exercise these rights. EU/UK users may also lodge complaints with their supervisory authority.

We use essential cookies for authentication sessions. Theme preference may be stored locally. We do not use third-party advertising cookies on the core product.