Privacy Policy

Last updated: February 23, 2026

1. What We Collect

When you create an account:

  • Email address
  • Display name
  • Password (stored as a secure hash, never in plain text)
  • Phone number (optional)

When you browse:

  • IP address hash (SHA-256, one-way — we never store your actual IP)
  • Page views and interaction data
  • Browser cookies for session management

2. How We Use Your Data

  • To operate your account and seller profile
  • To display your products on the marketplace
  • To send account-related emails (verification, password reset, notifications)
  • To track anonymous product view statistics (using IP hashes, not raw IPs)
  • To improve platform performance and user experience

3. Third-Party Services

  • Resend — email delivery service (verification emails, notifications). Only receives the email address needed for delivery.
  • reCAPTCHA by Google — spam protection on forms. Subject to Google's Privacy Policy.
  • DigitalOcean — server infrastructure and CDN for product images.
  • Google Analytics 4 (GA4) — anonymous website usage analytics. Collects page views, navigation patterns, and interaction data. No personally identifiable information is sent to Google. Only activated if you consent via our cookie banner. Subject to Google's Privacy Policy.

4. Cookies

  • Session cookie — authentication, identifies your logged-in session
  • Favorites cookie — stores product IDs you've saved, works without an account
  • Language preference — remembers your EN/ES-CR choice

We use Google Analytics 4 for anonymous usage analytics, but only if you accept analytics cookies via the banner shown on your first visit. If you decline, no analytics data is collected. You can change your preference at any time by clearing your browser's local storage.

We do not use advertising cookies, tracking pixels, or services that track you across other websites.

5. In-App Messaging Privacy

When you use our in-app messaging system:

  • Phone numbers and email addresses are automatically redacted from message text before being displayed to the other party
  • Buyers are identified to sellers only as "Buyer #N" — your real name is never shared unless you choose to share it
  • The original unredacted message content is stored securely and accessible only to platform administrators for moderation purposes
  • Message content is encrypted in transit via HTTPS
  • We do not sell, share, or use message content for advertising or profiling

6. Data Storage & Security

Your data is stored on servers hosted by DigitalOcean in their US data centers. We implement multiple layers of protection:

  • Encryption in transit — all connections use HTTPS/TLS. Your data is never transmitted in plain text
  • Password hashing — passwords are hashed with bcrypt before storage. We cannot read or recover your password
  • IP anonymization — IP addresses are hashed with SHA-256 (one-way). Your real IP address is never stored in our database
  • No payment data — we never collect, store, or process credit cards, bank accounts, or any financial information
  • Essential cookies + opt-in analytics — no advertising cookies, no tracking pixels, no cross-site tracking. Analytics only with your consent
  • PII auto-redaction — phone numbers and emails are automatically stripped from messages to prevent accidental exposure

We retain account data while your account is active. You may request complete deletion of your account and all associated data at any time.

7. Your Rights

You can:

  • Access your account data through your profile settings
  • Update or correct your information at any time
  • Request deletion of your account and associated data
  • Contact us with privacy-related questions

8. Data We Do NOT Collect

We do not collect:

  • Payment information (transactions happen directly between buyers and sellers)
  • Physical addresses
  • Tracking data from other websites
  • Biometric data

9. Children's Privacy

CraftWorks is not directed at children under 13. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy as the platform evolves. Significant changes will be communicated via email to registered users.

11. Contact

Privacy questions? Contact us.