Privacy Information

Effective from 10 May 2024

I don't give your personal data (cosmo ID, email address, wallet address, trade history, etc) to any external organisation behind your back. If the possibility ever comes up you'll be individually contacted to explicitly ask for consent beforehand, but 1) I doubt it'll ever happen for this dinky site and 2) I have no intention of ever doing that.

There’s no fine-grained analytics collected about site usage/clicks. If this gets implemented it'll be an opt-in switch in your account settings to give consent and will list what would get logged.

Cloud providers are Supabase, Cloudflare, and Resend. Cloudflare Web Analytics is enabled where I only use it to see overall traffic volume, but it doesn't use any cookies and doesn't individually fingerprint (more info). For more information about any other connection/traffic metadata these providers might log by default I'd refer you to information on their websites.

Cookies

The only browser cookie/local storage in use is for your session to persist being signed in. There's no marketing/analytics/etc cookies.

Publicly Viewable Data

Your offering/wanted Objekts are public on your inventory page, but the link to your public inventory page uses a generated hash ID, so sharing your inventory doesn't necessarily reveal your cosmo ID, email, wallet address, etc (unless you have it in the inventory title or freetext). This also means a random stranger is highly unlikely to infer what the URL is to your inventory, ie the only way to get to your public inventory is if they actually have the link.

Anything else (eg your username) can only be seen by other signed in users as a reference to facilitate matching and trades.

Only the bid amount/currency of the highest bids for each item type are publicly viewable/searchable, but the bidder username and bid note (if any) can only be seen by signed in users.

Your email address and wallet address are always private and can only be seen by you, and wallet address is only used to import/sync items from your wallet. You can delete your wallet address any time, which will disable one-click imports until you link your wallet address again.

Data privacy is enforced down to the database level.

Chat Messages

User to user messages within trades are only accessible by the sender or receiver within that specific trade, but they aren't end-to-end encrypted or anything so shouldn't be considered/used as a private chat like Signal/Whatsapp/etc. Chat messages aren't actively monitored, but might be reviewed if someone reports abusive language or reports they've been scammed or something, otherwise all messages for a trade are automatically deleted one week after the trade is closed.

Account Deletion

If you delete your account it's actually deleted from the database, not just flagged as "deleted" then archived. This automatically cascades to deleting your inventory, items, and sent messages.

Deletion of trade history data is slightly more nuanced in that a trade is only completely deleted if all parties delete their account. If you delete your account at least the link between your own account and the trade is severed, so once your account no longer exists it's impossible to link any of your previous trades together as coming from a single person. If you re-create your account, even with the same email/cosmo ID/wallet address, it's not possible to be retroactively linked to those historical trades (if they still even exist if the counterparties didn't also delete their account). Things like Objekt serial-number/token-ID aren't stored with the trade either, so it also can't be retroactively linked through sidechannel by looking at the blockchain transactions.

As much as I think it'd be incredibly useful to retain all trade history anonymised (eg if I show statistics of trade ratios/sales so people would know what their stuff is worth then those statistics would be more accurate), my personal values regarding data privacy trump that and I can't be bothered trying to defend a position where some of your data is yours and some of it isn't because "reasons".