Privacy Statement
Last Updated: September 1, 2025
This document describes how we collect, use, and treat your information that we collect while you use our services. The information we collect and process depends on how you use our Service, but includes, and is not limited to, information collected through our website, by other interactions with us, including but not limited to emails and business transactions, and through other services.
In this Statement, your information and data is collectively referred to as "user information." We use the term "process" to mean any operation or set of operations performed on user information, whether by automated means or otherwise, including, without limitation, handling, collecting, storing, recording, organizing, structuring, adapting, altering, retrieving, consulting, using, disclosing, disseminating (or otherwise making available), combining, erasing, or destroying.
What User Information Do We Collect?
When visiting and using our services, we and/or our third-party service providers may collect a range of personal and business information in a number of classes, including, but not limited to, user identity data (including email addresses, names, profile images, authentication provider IDs, email verification statuses, user preferences, last login information, usernames, and passwords), organization data (including organization names, billing emails, descriptions, websites, incorporation details, tax ID numbers, state permits, and membership status), contact data (including contact person details, phone numbers, business references, and owner identification documents), business and financial data (including bank account details, with names, account numbers, routing numbers, and other identification numbers, tax ID numbers, and VAT numbers), and inventory and transaction data (including merchandise details, stock IDs, images, order information, transaction information, proofs of payment, shipping information, ratings, feedback, and chat communications.).
We and/or our third-party service providers also collect session and authentication data like cookies, authentication tokens, user agent details, device details, and IP addresses, as well as log and analytics data, like http request logs, error logs, debug logs, browser info, operating system information, access times, and performance metrics.
We may also collect information regarding sources of acquisition, email interactions, referral information, and geographical area information.
If you make any purchases or on through our service, we and/or our third-party service providers may collect billing information in order to process your transactions, including username, join date, joining IP address, first name, last name, email address, payment method details, billing and mailing addresses, subscription information, transaction history, and login timestamps.
If you communicate with us, we will collect such information in the communications, including the communications themselves, which may include, without limitation, support emails, chat logs, and call logs. We also collect all other communications made on or through the Service.
If you upload materials to the service, we will collect such materials, including any user information in such materials.
The above descriptions of information collected may not include every type or category of user information that we collect, but reflects our good faith belief as to the general categories and types of information that are collected.
All the foregoing information may be collected by us directly, or through any of our third-party service providers. Such third-party service providers may maintain their own privacy policies or statements that you should ensure you review, as they may collect and use such additional user information in their discretion, and use it subject to their separate policies.
Why Do We Collect User Information, How Do We Use It, and For How Long Do We Keep It?
We collect user information for a wide range of reasons, including, without limitation, as follows:
- To provide you the services available on and through our services.
- To collect information about the quality of traffic on our services for analysis, internal business, and security purposes.
- To check for and protect against fraud, bots, or any other type of inorganic traffic for the benefit of users, affiliates, advertisers, and other parties.
- To comply with legal obligations to which we may be subject (e.g., court orders, subpoenas, warrants, etc.).
- To train our "AI," "machine learning," or other systems, models, or technologies.
- For our legitimate interests or those of third parties in compliance with applicable law. A legitimate interest includes, without limitation, when we have a business or commercial reason to use your information. Examples of such purposes include, but are not limited to: (i) initiating legal claims and preparing for litigation and other dispute resolution proceedings and procedures, (ii) measures to manage business and for further developing products and services, (iii) to promote safety, security, and operation of our services, including by investigating suspicious or fraudulent activities or violations of rules, laws, or procedures, and (iv) providing you the services available on and through our services.
- To respond to your inquiries and requests and to provide you information and access to the services that you have requested.
- To provide a personalized experience to you, including by sending you marketing information, recommendations, and communications about us.
- To identify you across multiple devices.
- Other compatible purposes for which the user information was collected.
We may also otherwise use your information with your consent or at your direction.
Please note that certain user information may be used for multiple purposes and more than one reason for processing personal data may apply in each situation.
Without limiting the generality of the foregoing, we provide further detail below about how specific user information may be used, including the retention period for such data:
| Information Collected | How It's Used | Retention Period |
|---|---|---|
| User identity (e.g., email, name, login, preferences) | Authentication, account management, personalization | At least as long as the account is active |
| Organization/business details (e.g., name, EIN, tax IDs, incorporation, membership, references) | Business verification, regulatory compliance, invoices | Indefinite |
| Bank/tax/payment details | Transaction processing, compliance | Indefinite |
| Inventory & orders (e.g., serials, prices, metadata, images) | Marketplace listings, transactions, disputes | Indefinite |
| Chat messages, feedback, ratings | Communications, trust/safety, platform functionality | At least as long as the account is active |
| Session/auth data (e.g., cookies, tokens, user agents, IP) | Security, fraud prevention, login persistence | 7–30 days |
| Logs/analytics (e.g., HTTP requests, errors, performance, browser info, timestamps) | Debugging, system monitoring, analytics | Based on third-party provider's policies |
| Uploaded files (e.g., IDs, permits, documents, payment proofs, shipping labels) | Business verification, transactions, compliance | Indefinite, unless removed manually |
You are not subject to decisions based solely on automated processing, including profiling, that produces legal effects concerning you. Automated processes however may be used to review traffic through our system to detect and block spam, fraud, and other unlawful or undesirable activities.
Where Is User Information Stored?
Unless the information is collected by our third-party service providers (See below), user information is stored on servers managed and operated by us, but which may be owned by third-parties or on servers managed and operated by our third-party service providers as described above. We use a variety of security technologies and procedures to protect user information from unauthorized access, use, or disclosure. We may use United States based cloud servers for the hosting and storing of user information, or other reasonable alternatives in our discretion.
Who May Receive User Information, and Which Third-Party Providers Do We Use?
We may share information we collect globally, both internally and externally with our vendors and third-party service providers, who may be located in different jurisdictions. Data transfers may be necessary to operate and provide the services.
Without limiting the generality of the foregoing, we may share certain user information, or have it processed, as necessary or reasonable to provide you the services with the following third-parties for the reasons set forth herein or for other legitimate and reasonable reasons:
- Auth0, for authentication
- Mailgun, for email delivery.
- GetStream, for chat functionality.
- Google Cloud Storage, for file/image/document storage.
- Google Cloud Logging, for monitoring and logs.
- Fly.io, for hosting infrastructure.
- Sentry, for error and performance monitoring.
- Google Analytics, for website analytics.
- Inngest, for background tasks, including, but not limited to, activity triggers, email scheduling, and image processing.
You should ensure to carefully review the privacy policies and statements of each of these third-party service providers before using our service.
For an up-to-date list of all service providers being used that may be processing your specific user information, please contact us using the information further below.
Your user information may be further disclosed in connection with legal requirements (e.g., court orders and regulatory compliance) or as part of a business transfer (e.g., an acquisition or reorganization).
Your user information may be further shared with other users on the Website in accordance with the functionality of the website, including as part of listing and bidding on merchandise, communications between users, and as part of transactions on the website.
What Are Your Rights?
Depending on your jurisdiction, you may have the following rights in terms of your user information that can be used to personally identify you:
- The right to access. You may have the right to receive a copy of your personal data.
- The right to rectification. You may have the right to rectify any inaccurate personal data and to have any incomplete personal data about you completed.
- The right to erasure. In some circumstances, you may have the right to the erasure of your personal data without undue delay.
- The right to object to or restrict processing. Under some circumstances, you may have the right to object to the processing of your personal data or request restricting the processing of your personal data.
- The right to data portability. You may have the right to request to receive a copy of your personal data in a format that can be transmitted to other organizations.
- The right to complain to a supervisory authority. You may have the right to complain to your relevant supervisory authority.
- The right in relation to automated decision-making and profiling. You may have the right to be free from decisions we may make that are based solely on automated processing of your user information, including profiling, if they produce a significant legal effect on you, unless such decision-making or profiling is necessary for entering into or performing a contract between you and us, or is made with your explicit consent.
- The right to withdraw consent. You may have the right to withdraw consents that you have given to us regarding the processing of your personal data.
- The right to an agent. In some jurisdictions, you may have the right to designate an authorized agent to make a request on your behalf. In order to do so, you must provide the agent with written permission, signed by you, authorizing the agent to submit the request on your behalf. The agent must submit that written permission along with the request. We may contact you to verify your identity, and the authorized agent's permission, before a response to a request is further processed.
We reserve the right to respond to your request in a manner consistent with applicable law, including any exceptions or inapplicability of law that may result in a request being denied in whole or in part.
You may exercise any of your applicable rights without fear of unlawful discrimination.
We keep records of all requests wherein you attempt to exercise your rights. We may require additional information from you to confirm your identity in responding to requests.
Changes to This Statement
We may update this Statement from time to time in our discretion, and we recommend that you review this statement from time to time to stay informed as to our current practices and policies.
Questions or Comments
If you have any questions or comments about this document and the information in it, we invite you to contact us as follows:
ChronoLabs Inc.
650 S. Hill Street, Suite 318
Los Angeles, California 90014
[email protected]