Privacy Policy

Last updated November 16, 2025

This Privacy Notice for Nashflare LLC ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://www.nashflare.com, or any website of ours that links to this Privacy Notice
  • Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at contact@nashflare.com.

SUMMARY OF KEY POINTS

  • What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
  • Do we process any sensitive personal information? We do not process sensitive personal information, except for vendor verification documents which are handled with extra security measures.
  • Do we collect any information from third parties? We do not collect any information from third parties.
  • How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
  • How do we keep your information safe? We use Supabase for secure data storage with row-level security policies and encrypted authentication tokens.
  • What are your rights? Depending on where you are located geographically, you may have certain rights regarding your personal information.
  • How do you exercise your rights? The easiest way to exercise your rights is by emailing us at contact@nashflare.com.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  4. THIRD-PARTY SERVICES WE USE
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. HOW LONG DO WE KEEP YOUR INFORMATION?
  7. HOW DO WE KEEP YOUR INFORMATION SAFE?
  8. DO WE COLLECT INFORMATION FROM MINORS?
  9. WHAT ARE YOUR PRIVACY RIGHTS?
  10. CONTROLS FOR DO-NOT-TRACK FEATURES
  11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  12. DO WE MAKE UPDATES TO THIS NOTICE?
  13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • Names
  • Phone numbers
  • Email addresses
  • Mailing addresses
  • Usernames
  • Passwords (encrypted)
  • Billing addresses
  • Debit/credit card numbers (processed by Stripe, not stored by us)

Marketplace-Specific Data

As a marketplace platform, we also collect:

  • Listing Information: Product descriptions, images, prices, and categories you create
  • Transaction History: Orders placed, purchases made, payment amounts, and order status
  • Messages: Communications between buyers and sellers through our platform messaging system
  • Reviews and Ratings: Feedback you provide about transactions
  • Dispute Information: Details related to any disputes you file or respond to
  • Withdrawal Requests: Payment method preferences (Bitcoin addresses, Skrill accounts) for vendor payouts

Vendor Verification Data

If you apply to become a verified vendor, we collect additional information:

  • Government-issued ID (passport, driver's license, or national ID)
  • Selfie/photo for identity verification
  • Business information (if applicable)
  • Tax identification numbers (if required by law)

Important: Vendor verification documents are stored securely in Supabase Storage with restricted access policies. Only authorized administrators can view these documents for verification purposes.

Sensitive Information. We do not process sensitive personal information such as racial or ethnic origins, sexual orientation, or religious beliefs. However, government-issued IDs collected for vendor verification are handled with additional security measures.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/privacy. We do not store your full credit card numbers on our servers.

Information automatically collected

In Short: Some information is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

Like many businesses, we also collect information through cookies and similar technologies (primarily localStorage). The information we collect includes log and usage data, device data, and location data. For more details, see our Cookie Policy.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts through Supabase Auth.
  • To deliver and facilitate delivery of services to the user, including processing marketplace transactions.
  • To respond to user inquiries/offer support to users.
  • To send administrative information to you, including order confirmations and dispute updates.
  • To fulfill and manage your orders, including escrow management and fund releases.
  • To enable user-to-user communications through our real-time messaging system.
  • To request feedback and enable reviews after completed transactions.
  • To protect our Services through fraud prevention and dispute resolution.
  • To verify vendor identities to ensure marketplace trust and safety.
  • To process vendor withdrawals and manage platform commission fees.
  • To identify usage trends and improve our Services.
  • To save or protect an individual's vital interest.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

Buyer-Seller Information Sharing

As a marketplace platform, certain information is shared between transaction participants:

  • Visible to Buyers: Seller username, profile avatar, seller rating, total sales, verification status, member since date
  • Visible to Sellers: Buyer username, order details, delivery address (if applicable)
  • NOT Shared: Email addresses, phone numbers, real names (unless voluntarily shared in messages), payment details
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Other Users. When you share personal information through messages or otherwise interact with public areas of the Services, such information may be viewed by other users and may be publicly made available outside the Services.
  • Third-Party Service Providers. We share data with service providers who assist us in operating our platform (see Section 4).
  • Legal Requirements. We may disclose information where required to do so by law or in response to valid requests by public authorities.

4. THIRD-PARTY SERVICES WE USE

We use the following third-party services to operate our platform:

Supabase (Authentication, Database, Storage)

Supabase provides our core backend infrastructure including:

  • User authentication and session management
  • PostgreSQL database for all user and transaction data
  • File storage for avatars and verification documents
  • Real-time subscriptions for messaging

Data Location: Your data is stored on Supabase servers in the United States.

View Supabase Privacy Policy →

Stripe (Payment Processing)

Stripe processes all payment transactions on our platform:

  • Credit/debit card processing
  • Fraud prevention and detection
  • PCI DSS compliant payment handling

Important: We do not store your full credit card information. All payment data is handled directly by Stripe.

View Stripe Privacy Policy →

Vercel (Hosting)

Vercel hosts our web application and may collect:

  • Server logs (IP addresses, request times)
  • Performance metrics
View Vercel Privacy Policy →

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We primarily use localStorage rather than traditional cookies.

We use localStorage (similar to cookies) to gather information when you interact with our Services. This includes:

  • Authentication Tokens: Supabase stores encrypted session tokens to keep you logged in
  • Shopping Cart: Your cart contents are stored locally until checkout
  • User Preferences: Theme settings and notification preferences

For detailed information about our cookie and localStorage usage, please see our Cookie Policy.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

Data Retention Periods

  • Account Information: Retained for the lifetime of your account plus 3 years after account deletion (for legal compliance and dispute resolution)
  • Transaction History: 7 years (required for tax and financial record-keeping)
  • Messages: 2 years after the associated order is completed
  • Dispute Records: 5 years after resolution
  • Vendor Verification Documents: 3 years after vendor status ends or account deletion
  • Reviews: Permanently retained (anonymized if account is deleted)
  • Server Logs: 90 days (rolling deletion)

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process:

  • Row Level Security (RLS): Database policies ensure users can only access their own data
  • Encrypted Authentication: Passwords are hashed and authentication tokens are encrypted
  • Secure File Storage: Verification documents are stored with restricted access policies
  • HTTPS Encryption: All data in transit is encrypted using TLS
  • Payment Security: PCI DSS compliant payment processing through Stripe
  • Access Controls: Administrative access is limited and logged

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at contact@nashflare.com.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account
  • Contact us using the contact information provided

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements (see Section 6 for retention periods).

Cookies and similar technologies: You can set your browser to remove cookies and localStorage data. If you choose to remove this data, you may be logged out and your cart will be cleared.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have specific rights regarding your personal information.

Your Rights

You have rights under certain US state data protection laws. These rights include:

  • Right to know whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request the deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of targeted advertising or data sales (we do not sell your data)

How to Exercise Your Rights

To exercise these rights, you can contact us by emailing us at contact@nashflare.com, by mailing to 7901 4th St N STE 300, St. Petersburg, FL 33702, or by referring to the contact details at the bottom of this document. We will respond to your request within 45 days.

12. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at contact@nashflare.com or contact us by post at:

Nashflare LLC

7901 4th St N STE 300

St. Petersburg, FL 33702

United States

Phone: 1-813-434-7657

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: contact@nashflare.com. We will respond to your request within 45 days.