Privacy policy

The data controller for personal data processed via SudoSell is SudoSell. Privacy contact runs through the privacy & data request form.

We collect only what we need to operate the marketplace:

• Account data: name, email, optional username, password hash (bcrypt, so we cannot read your password), avatar URL.
• OAuth identity, if you sign in with a third-party provider: we store a provider name (e.g. discord, google, github) and the stable provider account id, so we can recognise you on future sign-ins. We never receive your provider password. The provider’s own privacy terms govern what they share with us (typically your email address, display name, and avatar). See each provider’s policy: Discord, Google, GitHub.
• Profile metadata: notification preferences, country (where applicable), 2FA secret (server-side, never sent back to your browser), backup codes (hashed).
• Session data: JWT session id, user-agent string, IP address (typically truncated), last-used timestamp, expiry, revocation status.
• Purchase data: order ids, items purchased, amount, currency, status, payment-processor reference id, refund/chargeback history. We do not store your full card number; payment processing is performed by a PCI-DSS compliant third-party processor.
• Cart and wishlist:product slugs you’ve saved or added.
• Reviews: products you reviewed, your rating, the review text, timestamp.
• Support tickets: messages you sent or received, related metadata.
• Search and behavior:queries you ran on the catalog and result counts (used for “what aren’t we ranking?” analytics; no per-user behavior tracking beyond this).
• Logs: request logs containing path, status, and truncated IP for security and debugging. Retained for 90 days.

We do not use third-party advertising trackers, fingerprinting, ad pixels, or session-replay tools.

• Performance of contract: creating accounts, processing payments, delivering downloads, sending receipts, handling refunds.
• Legitimate interests: security (fraud detection, session management), product improvement (aggregated analytics, search analysis), preventing abuse.
• Consent: marketing newsletters, product-update emails (where you opted in). You can withdraw consent at any time in notification settings or via any unsubscribe link.
• Legal obligation: tax records, anti-money-laundering checks, sanctions screening, responding to lawful requests.

We only share personal data with:

• Razorpay Software Private Limited(operating as Razorpay International) is our payment processor. PCI-DSS compliant. It receives your name, email, billing address, and transaction details to charge cards, accept UPI / wallets, process refunds, and settle seller payouts. Card numbers never touch our servers. Razorpay’s own privacy policy governs that processing.
• Neon, Inc. Managed PostgreSQL hosting. Stores all structured data we collect, encrypted at rest. See Neon’s privacy policy.
• Cloudflare, Inc. R2 object storage for avatar uploads and product release artifacts; also handles edge caching for our public assets. See Cloudflare’s privacy policy.
• Resend, Inc. Transactional and (where you have opted in) marketing email delivery. Receives recipient email, subject, and message body. See Resend’s privacy policy. If Resend is unavailable, transactional mail may fall back to a configured SMTP relay.
• Sellers. When you purchase a product, the seller sees your name and email so they can deliver support. They do not see your payment details, billing address, or other purchases.
• Law enforcement and regulators. Only when legally compelled, and we attempt to challenge overbroad requests.

We do not sell, rent, or trade personal data. We do not engage in cross-context behavioral advertising.

Data may be processed in jurisdictions outside your country (notably India and the United States, depending on subprocessor location). For EU/UK transfers, we rely on Standard Contractual Clauses with subprocessors. For India residents, we comply with the DPDP cross-border requirements.

• Account data: retained while your account is active. Deleted within 30 days of account deletion, except as noted below.
• Purchase + tax records: retained for 7 years after the transaction to comply with tax and accounting law, even after account deletion.
• Sessions: deleted on logout or expiry.
• Support tickets: retained for 3 years for dispute resolution.
• Logs: 90 days.
• Backups: rotational; deleted data persists in backups for up to 35 days before being overwritten.

Depending on your jurisdiction, you may have the right to:

• Accessa copy of your data. Self-serve via the “Download my data” button on your profile.
• Rectify inaccurate data. Change name, email, avatar, and similar fields via settings.
• Erase your data. Delete your account from account settings. Tax-related records are retained as required by law.
• Restrict or object to processing for direct marketing. Disable in notification settings.
• Portability. The data export is JSON, suitable for re-importing or migrating.
• Withdraw consent at any time without affecting prior lawful processing.
• Lodge a complaint with your local data protection authority.

SudoSell is not directed at children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect data from children. If you become aware that a child has provided data, submit the privacy request form and we will delete it promptly.

We protect your data with: HTTPS everywhere; password hashing with bcrypt at cost 12; 2FA via TOTP with hashed backup codes; signed short-lived JWT sessions with revocation tracking; encrypted-at-rest databases; limited internal access on a least-privilege basis; HMAC signature verification on payment webhooks; rate limits on sensitive endpoints; structured error logging without sensitive payloads.

No system is perfectly secure. If you believe your account is compromised, change your password, sign out of all sessions in security settings, and submit the security disclosure form. We disclose breaches that affect personal data within statutory timelines.

Cookies and local storage usage is described in the Cookie Policy. We use only first-party cookies necessary for authentication, security, and (with consent) preferences.

Accounts with no activity (no logged-in session, no purchase, no published listing, no withdrawal request) for twenty-four (24) months may be flagged inactive. We email the address on file at least 30 days before any inactivity action; signing in within that window restores active status. Inactive accounts retain purchase records (for tax retention) and audit data for the period required by applicable law. Personal data covered by the right-to-erasure (Section 07) is removed unless statute requires retention.

Material changes will be announced by email at least 30 days before they take effect. The effective date at the top of this page reflects the most recent revision.

Privacy questions or data subject rights requests go through the privacy & data request form.